From afa1a57d36ebcd339fe12420236d6117705a12fd Mon Sep 17 00:00:00 2001
From: Danny Abukalam <danny@softiron.com>
Date: Wed, 15 Dec 2021 07:56:00 -0500
Subject: [PATCH] Make charts with SoftIron overlay

Signed-off-by: Danny Abukalam <danny@softiron.com>
---
 assets/softiron/ceph-csi-rbd-1.3.1.tgz        | Bin 0 -> 14346 bytes
 .../softiron/ceph-csi-rbd/1.3.1/.helmignore   |  21 +
 charts/softiron/ceph-csi-rbd/1.3.1/Chart.yaml |  20 +
 charts/softiron/ceph-csi-rbd/1.3.1/README.md  | 186 ++++++++
 .../softiron/ceph-csi-rbd/1.3.1/app-readme.md |   5 +
 .../ceph-csi-rbd/1.3.1/templates/NOTES.txt    |   2 +
 .../ceph-csi-rbd/1.3.1/templates/_helpers.tpl |  90 ++++
 .../1.3.1/templates/ceph-conf.yaml            |  15 +
 .../1.3.1/templates/csidriver-crd.yaml        |  11 +
 .../1.3.1/templates/csiplugin-configmap.yaml  |  18 +
 .../templates/encryptionkms-configmap.yaml    |  14 +
 .../templates/nodeplugin-clusterrole.yaml     |  34 ++
 .../nodeplugin-clusterrolebinding.yaml        |  22 +
 .../1.3.1/templates/nodeplugin-daemonset.yaml | 224 +++++++++
 .../templates/nodeplugin-http-service.yaml    |  41 ++
 .../1.3.1/templates/nodeplugin-psp.yaml       |  48 ++
 .../1.3.1/templates/nodeplugin-role.yaml      |  18 +
 .../templates/nodeplugin-rolebinding.yaml     |  21 +
 .../templates/nodeplugin-serviceaccount.yaml  |  13 +
 .../templates/provisioner-clusterrole.yaml    |  71 +++
 .../provisioner-clusterrolebinding.yaml       |  20 +
 .../templates/provisioner-deployment.yaml     | 278 +++++++++++
 .../templates/provisioner-http-service.yaml   |  41 ++
 .../1.3.1/templates/provisioner-psp.yaml      |  34 ++
 .../1.3.1/templates/provisioner-role.yaml     |  26 ++
 .../templates/provisioner-rolebinding.yaml    |  21 +
 .../templates/provisioner-serviceaccount.yaml |  13 +
 .../ceph-csi-rbd/1.3.1/templates/secret.yaml  |  17 +
 .../1.3.1/templates/storageclass.yaml         |  76 +++
 .../softiron/ceph-csi-rbd/1.3.1/values.yaml   | 432 ++++++++++++++++++
 index.yaml                                    |  25 +
 31 files changed, 1857 insertions(+)
 create mode 100644 assets/softiron/ceph-csi-rbd-1.3.1.tgz
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/.helmignore
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/Chart.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/README.md
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/app-readme.md
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/NOTES.txt
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/_helpers.tpl
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/ceph-conf.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/csidriver-crd.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/csiplugin-configmap.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/encryptionkms-configmap.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrole.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrolebinding.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-daemonset.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-http-service.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-psp.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-role.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-rolebinding.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-serviceaccount.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrole.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrolebinding.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-deployment.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-http-service.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-psp.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-role.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-rolebinding.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-serviceaccount.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/secret.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/templates/storageclass.yaml
 create mode 100644 charts/softiron/ceph-csi-rbd/1.3.1/values.yaml

diff --git a/assets/softiron/ceph-csi-rbd-1.3.1.tgz b/assets/softiron/ceph-csi-rbd-1.3.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..019559f983493191528c87200dcd365d88ed920b
GIT binary patch
literal 14346
zcmV+lIQ7RLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBhbKADI=>E)Kfg|s8()OB?Wjju<W~Vc$ot*8PCh?8ap4rps
z#1IKd*ros$0Bx&v?r*=d@Zd`%MLjGhjrbw4NMHdASXeIrYXu~p_<^Lp7>2#m2^Ok5
z!_(+*n|uxq4h~L^kM;it2M6W<`v*ryf9oIjpPn3@9G;v!{o6tR==k{fZ|Gp7y{LH-
zsj&Fl!P;$=k^4d(%otZ#QO@MRLny!sM||83uu>7}Qr-)QP;^8|I6yHLiV;y+ETl4y
z@XTj;N(ShXkJP!~44smAg5LjlR#``oh+s)<ojfIaIHtc4At`4Abkp~69H&16%&?ew
zA(4TgvC{8OFVCSBbSCHx5op9k)`fr0Vj}bhZ^EIWiBho~^m=2eCdsfH@M%x-k)ndL
zp6i511Ayy_1|jRZGP=TqMAIIYk|^1OqTQH{y=yYN<sy^=&)3*^J_20)6gAIB4vOca
z33M#f9lK73Bt@{_?SGGa)bAc1dKE(>c_IR$8)<_{PYFVL0<&O3gr9wer7n8~$TwLJ
zj=FvCu}O3HY~d;J{~H`7L~dLFH1q$Xqo)VY%KZOX|LKnZZ{zWO-xEU|0Q28NmoW)|
z*-LagA!<SddjI2#QzVFGI!I1<5`}0;P#_3aBm~B;{~91A65@H1h#MM^7eT-irnFFD
zJS1_Hj46X()$L$(S*TdqQmHKi>%)W~V3UZCkeZM(9K}&0N!J!WA0fsSl0+fQLJJO2
zsR8aIY#>pI#)J_8&7wq7Hr9|wNfg0%4NG%o520A_8wzZbh`$_m-X1#TY(&S2&?<r!
ztWXx@t>P%)jFCY10^SBuA{7zd9(qqkm2wuiO(vO!5g+zKazmmXxx>>qBC_}X<%_d7
zFT2yw+e0tS%YnCt0!d9z;0Hp!YwP@MfI9!MKYSYg(9z!!nsP=J7jj^KL!Hh)-n@JJ
z3-GvpTCVv1@Q03<HHCitZGH$sqA-ml%tzXX{R_^c^D{l@uViq3hNd`<DI1%fzcD{_
zS8_eizlO<o?-6H6QbqcM`FDq=@cSRnOp`?zK8j68G6=;NwmN8KuP${@%K*$Li$w;e
z>h+<Q!>w|x9Jvq{h?!Q^(CasstI$Wt1K9&E!e=0<=IA49;q{x#Jf+;=BvO9D=<f;f
zY3TRea2INPn8jpZ%G%HR?-yYxh?H4Z_1mr`R_Jk|bfP8~SWO0~chm3TL`{02*9k@x
zk-dnIDa#js&m&OnB=xgW`R^B4%6KBMB=0#_2B;)~Aga2QX*wOee4*19zYsx3vjOUi
za3o2`s~Ru#=O>uLOQKN3$7A3N5e&Yb#z0b7?g~>zgzQ4OB#yZN9%9r6G!lG@4uBav
z?V<x+%kY^9c+@C~0Ib~i_Rv#983G5yHgQA5kV~p&T`%I}pWxj9J@vez=rG!F_D;(z
z;C6{5!f{d*3(5smvmnA!z6Flw5HPh+%tP5lAsNBgASw-*nN(!z18_eORM7xO=ypPb
z2{6nF9Zyogn(LcCPhA^>N&p%%9ibUd5EjI8TQLlMHVjb^QNj$nRud}CIKue7V`n5H
z3RrOxhggwI1>AZ(8=&_*iYOcZtY3Q`(xmx@C_w}1<d6M{IE!Wo-(VWyVPr>v#1o(n
z`#*aA1K1hegIdW2;L+3q%%m2%i@CH?i!cBm&WSCc4kxx!(gE~LW&PelHqy_Px!^(#
z(Dw)5A9(tMRVfU5bpqBFnwP987s|I))$2mPjbKgdTIjZ%{gvydd9O4ZIkimt!b`!v
z$gJ!dkU4JVUX)C8^HM7uQ$RYAU_;A5U}&@hXmo0e#k#8<=&LJ~2d|etDu|(r0qS&8
z4EE4ZRO;D0zd+cqMIsSac8O?&6jsuQ$rXx-bV8`iXfOj;kN_D2)UE{J^{}G-aY94V
zvw&o8kK8FD7>;}z%M_HGPy6lsLK<OYUPl~<KjH|pAjN6^!==`4-(xl=Y2{e(5skEH
zG(&0#CVQ_Hpa}`C^^8u*l#3aP2)>rZRiQa9Kon$5r4rcciFAs`>1+!U1N-A*HbB?k
z%kDT3dUom9mx>EKCOwc8nz?9~f$&psj`;9+fNl=EM_osbaS}xrJfgvDfX+v6xw;TU
z5~e)UqH`qJ$<J%(wSD_N!879(D)5nf7p#9~l`a5!mn0&A;=;XCJR-u8shJu)8c{~o
z%oWj!uTgQW%KKk>@m}x{U6LRHMvY7_vNm<S1_BH?3rMVFFV+=%F%Nxdf%*0wj2aJJ
z6Bf_P*)LfMMv&!RYVwF98sJmV>j&t_Lr6NVZz-_A`_r$wA_n7(N1>K&=$5JpV&oQa
zMkE>w940u5X8RTneCCNllm&?pK*}M%Wr|L%Az|29QPSx7%D>52(iGqQ%rY?p<_2(E
zd`G9r6tQGFBmy{x?wXol1tfxo8RtuKwZlX>gT#nF7^Q$n*|o)stqsuAga33=b|j(a
z&;e})Ss@W3%8*?|S|!*AUU3Y?tP0>E_tz_{2|@u4)u^1OoGC!wiZ8<mxIiJ5`cLSs
zDLDm!4yHj?Lo-MX%voJ#fZn}%ae+dtFm#<N(`mary1Glnrc+6^hd$6Lfe8f0bBn2h
z5!2Egs2{X!=o@Gd`tK3K=!Qp$Htm$DIzT4}W(oWgix5S0N)5RAX=6lcB~L>@L8NI)
zPa|kF3SSeL%n=u+Zy1dttQ2902SFmBkqH*z8+>;PRnJHaYU=mK-M~lcf!mgRq)Kg@
znSC?Ym}EGX6Rsq}QN(Xa2!@UrhK3uatHw3~)}5xtOIPh3JJ)Oz9X~xVO;EO66JSRR
zIvx{IYK5}-Rt{||@|woBepU%+>Ka&Dgrw2aok<GaNLw@{U_|%?OH0Tk_T4y+2v&(5
zU1;bP7Xf)?KITN*a$0!C_8L`jXVuSZ;}MZEZ2;(j)oI`LdU_f9PM6;4(mP%HOVOq0
zysoQg(?$I&)1i;L2P^8(SScJ#T%U}V=ib$<?^QZp0GaiARn1=zN&hHz+P>OgpYsr1
zm-{Ps*$Gm$&iv<q6uNbsa`Bx3<CdJ_F^{;hMXH2``;LZKYUyv67A$V3ff#Y30c2ti
z4QJ@|^4yziQmfy5iYfaE4@so8b;^ikk}%RJG9Rpb!P1sDLj#=T^zuCCF4QG)cteDu
zMrKk`sPgvRhnEA*e~l|{LWGemz@8<-3|ZH&_VhDCLJe|gI&18e&{|*l{(-`3dvBWq
z?oXK_f=F$C<nT1(@1qf>Q6h+MzV*P|=dAkMADj`-v!tz6o!V*AvL&;H8aMRZJlI1B
zW|P>LfrkB!AipP6knme{skF@|NNm;y{J`euhn0XZN-0UW4rqsQ*K{=Ph4IuQ90)G8
zmRx`%!IpEnM4ra>HJCulVE{AMC<vn)9-W}!49qUdP(;{RP4@K!THFPJK}2*qO_Wpa
zG&mTnh>i%@OzHkxZjfzf0EOIkRJt2=e)fY|+~08RX~)sGu+C>ZLAN;FyF)}^nFvtp
zLRdJQM}~sl|9G~q3j>`Y#SMmrJ*Zo*OUf>o_$3g48oad*1w}$L$p6Y<S>t%7QOe4h
z)-}~rroUamn=2G!fu}?fv5#n~rYEwf5Mpi2+Ho@Gg=rWR!3r#=iPUqYw=0e9aRneQ
zicO*+iTJI7<USA3KS<!iFCRet081$SWK^vJg=!kojZ&s~PS1M(<C(Rc<OGPVunzVR
z8Jiunfg2?Fp_yj+ogri6$q%kCQd-w0T|(R@fS&lYQOiB_*6U20gk~Bz%O)Fue4{3m
z6?rOk#+tUAzJ=i_wp_5zazl|}Y;8Naui2zQTjq>i^QS-JVu}?y)PUSUs~{1AFcr-l
zbC>8U!ZQMl;A$UT{hKGCK-ypA4%P&{A%4Vz>np>aZR=fF6Z!IhniU26hDNNmSO$X>
z=Y}kFM_*Zh1LQigpF!O(*7Z<bow*g8uz*jsTSsq_bFka3#tN&~?d4#JraWOrmDtl;
zr0M<`$O5xuY>|Ph2DZI>m6C1Nc3@ba-X)6o7-{;Tob7AE%wX)HA7`l%J>gRMF;)}Q
zyTPIt@v*j0wL1lb5|wC3S?HUFL%kvlxfuqZZIXdWQiP%FAOPM)A0||4GSue)^scXw
zg9?i=QM!?=yx|s<NgC!YSZ7CDET!9dv|@pPzzk&1qS~DrhLhRhL1DkyjGW~<0QM(7
zKBHn#!~)oL?pup-cdpjbQ19!HBN`FSquAKe1=c4eX^=!%IN#MRHQYtJ<t%sM3?*!e
z<9#$tlx7bBW+<3&ZP9b|Zy^4FPeH7Lu#t-35a!YN_J9j014tlpLx4jNt*scz<@yG!
zoZM*_8!Tij4G%Y?^dcQfJ9y|ykSV_*R{-_OwQhbn_*eM>&h{ov#cX)9FBM~aA;^f{
z<$VJTPXVWlJ9eFF%%@Z-U<Y>KHPLl|UT=8hcT71m&~NdS7|;XM8FB6pvGBo8t@u3O
zsdFZkNCLCg?Lwf+xW>3UGGG)$=TI%IJw33_EgW{yFF2y<{x}xIx)xwC?M}R%1t2lY
z*2!H=0$7+JhxZZflCG_`uU*9Or>SN811fXsvdF)i$M0v*H>`1wuE`8dF~eh`*_-i;
z>6yr#*ND^e1riO-0<gM+(ekXmrjNX+U;-~+zqz#MK;GcEtEK<>8DOS;XijS|B*cXv
zky*ScADQA95vIhf>y?ga=+izHs~2II865$Ki365mbPHKz4ErE{%N7b0GhSn@<f|k$
zT46QNlI(Tz)J()HF3>0uTEnKytTRAKz<T}g?(E$^LLU5Jn4^V$ngIu`MGnxtXPiyH
z{@H=P0i|{Z`p<*TzWs(!$LTqpL5Bps`3x+;&hfs}wEUc=1#=4Za!|D4a7o56^|CYg
zHT{IppPigJ(iwD&<<Z&iXgY>=u~eN;`wdmVAjwsLpZ(6K-?BP$IQE-y?0*qB9ya56
z*o@=hwsE{AtIngX@|$*V)Dg7tbrkr|6vywZn4uD35N=cKO9IM1u)N4RMu7zsggLCR
zYcUK{DJ96rs#?wk0*XQxB#%BxrqzZi21Bej#jN)|=n%a<vnQhMSODi+aA_NC-6lXy
z>Fs4;GmI-4vX=j?hD4YAiwsI0>ugv)Xh(h^h>~c6Z-|u$peb4>fFL1ZisHy_aXT)I
za1anFErZqa`3WqTC*7i}_)<g9xiZXgI;&;CN|mwRNe7V-k&!}V8mrm9-D5CagKt>M
zWNIwwp|h1WnD^#Ni*}i4Sd~3UTe3d%Y`6I3U5r^++t2EPWpLUHsqmQ8!YP#~18|-r
z;~xMe(kcgff8AR6Mg!`mhmPHL`+jOn<Tv`X{tK4AQ<bm;gH9b^!3de1`*h!3kRZZz
z>in+hVK}{M`ipK?<8SO->z3BGMoLt_{${pdwE^-jN6@*gp}k@q%hY_(-vTT`&okrI
z=u6WjR`H@`r1zT4oQkORAsKV6hJbb@i7<z@K{KIBg3`9HJ)PQ}80Kj&$T`Zopy~<G
zyKL9=f-0?-;#$e+b~FW?`s%c|5SFgAUamO8lxe%-{Okw&;We2J&_DEA#fh3|4KqV2
zvzo>E8Nx$;LyS)JvP#`7=ziHL*8x&Qs*kyH-d<{oVkC`wHd7?E?{z|=IQ1Vp&t$=J
z#F<Lx?V;f;J>_ma$NIplg>6_J8|BPUth~L(^UUTfv*n9Y1U+ew5U0S-^tp1~e8__Y
z<hkiue$TJiP?7Tz){8I<PEX*FYyW?SpgmO0*{J8~{c6reM&<l<9PuHJe$$?1n6;0V
zgg&O!@?7J5mzA))hz%u-@jPF^?*IJ{7uQ(ugc*At5E}G)O5os{hzunvWkO`{@aXvX
zMAsZ8l6;gzeFP%<I2JsKC3>EDy4*7Gp`dm1C1AQlbO^5wVQN!H36|(qP({!%8I6cQ
zlK!E&+u>{aqXmXTO}0;T!$Ug$s4GC5z;&Kjv6zRdIN~=%2pSS|s#l+HvEU>ji;ulq
zto#4_@cRtuxwbuTZ`H@!L%(1_fuPJ5`V+ks!Ep3M8{@H&VR{Hb%mz3CEdK-Tt<k1u
z1Uv|n{C$?ZjF3FICMthc?oz*bMcqmH+@~&-t^;Z;cLz`ZDuHs<uahB27j(<TwLS?)
zh2FiJ?VCet_FxNqy7GO&x$;9Qu0RMdBo!9g4`ZQpJ^M$_=|qP;`_kJ(|K!rT!<;Lx
z>;ZGf-AL*R+ehRsbM|GPD}d#$8|1xPds>l64~s}@4~%-|KXV9148tyrf?I0kS}Ffb
zo%~W^MZCb-^>2$8Q_XwN2s7)`u@dAog++~~V9Iv?Ejjb{Pzn)*hqtF)6ndl0P-HYS
zBmy>2+AA;n`bIl2!n6@5Zx`Z|^Ko2HOa21ydMZzAFwN@u*Hh^bf9z{~D?f$%pNdRl
zEkk;5-+g#_*;RLH6KyQG|9^1UFW>)v+CSdi|J=%B)nSP^Llb^m@aBU)l~@1FrYZ2e
z+_gc&RkT$!A%YCNh4M{bNH1Oc6T|S!T|-~;Q?vd*g33&U?5cSEtKbXP|H;wGNooC`
z96a5v|E)ZK{@MEu-O%YkD>|S^fhGQY3d0gi$N+uU`}E0!Ql4=+=tZAbwsa(ku4l{n
z&dloMDXR+=I>^t8XkEE$0?uej-TlP`AApkYoC19hsxAxA$&vn(PA`+uh~A-&p8+E*
z)PI{!o|*#^IBmo1t^c0j$k??wj&=9D-v1B-U6)tT2B0F*kOUa?7s;mty-p8S8Kg&)
zM4@#Mfnsl*Kw8oN#+r?1Z!g_m7MRoDcD?fv5;@0^^J+;mcJ@}bO7{r0j)K9Qh0fdF
zHjl5nyqygT9i>C+KBmL!%G4HUHSUqjApKqAFnHd6YIFTehr>YWS|^&Roc6WwcIghr
zf-*Hio&S{nf67h?nrU|#VypZ6t0uziq+K&TR+OtH&8D)SA(b|gSp`n*39puzYw3Bd
z=5};mPv?0rL?fYB6|AN7#=>7JsppZ}2Cc8w-ZI3Vqax6TY|Jd6pv0bLPL(2a{&x{I
z>7t$5Va-pQ`P&8xL-+3HC+hsK4(fdDtgbGVbvk$71Q){0EI_0f`3HKOV?CAYqZBJB
z&#CM|SE!^nrvFR{`5VfDC<$8$pYFG9+R~VpX|L33$Nte-8sH*=dZ@9_ErnKtpI<sl
zkA5{vY#9Ezg}V0m*FvnAfXBAFKA)$?{!h1yHW3VNk^k?ce^9pn508&__Ww4XQlQOi
z%ECc*de3vm`m>+~DP_>HeP>S&{P|~5GV9k!ujD9qu?5GmE?dLJ4c|bP0chFSP~6JS
ztURB_oDpW~)G5HWu+<Xhd+rKMh@eW}wa%BY5!j%R8<}($cYyA_KmSB3j?%{6ZY%1d
zdqi1Cm_o;<g=;bsI(Am4^JpBYZv9JY!;AzXT$cwdTK~s~{nGk>)<5p=*8eshSXv__
z$@GSZQ$CILA>|*Q_q+Y?y9fS|DBSIX7K&p$q!Cq=$nNVbT5YO~e)?31*=zR=y4T<9
z3yC*<SQc8gFDeL4n$j$U!j>alo}1Xd6&xwI(z7j2s0s$*Aib6Q-kwEB4-CaTJZB^R
zj=eD<SIoxYV^7GIpZfK0IHsR&ovzLWmX7~@cyM&|Y`6Zm@mQmPag{Ej`pxz7;%%ic
z<d$dQ^Z>d?zb9N-X}eP-2IhRHI~p-S_rBI8`2UfdWkcwqljgMvV=uXTr#8^b0w^|c
zXBmvMl6FSY*YVWw|Ll}YcF1LA8L-g)JAPW?|NX<KJO00wXB~E4J|(r|=&Nw_icq{|
zru=~OU$g$RadCmN1dqsyD&Qjh?^(ZJUjP06&i>oVQ*sK6ArA81U&{{+3B2bKDd>N?
zG)~ln3;KsXIhix~Dp|)ezWcv6gAhqX<e==7cem-fHUfeH=OY}`|JJA72k6&M=eKh7
zp<g>X#(@2BL&Q+O923>~Ew9q)BkfUS&iU!vslRCN`UieZn8_JnLi*=!)0?>7YC_Nl
z!Z1@Z<LvFaW-m@vcdiwLRR359h}|!++bZioih=&6B21Y(P;FrqeH~Sh4LswoFgH3&
zkRvKpXCIYjb`2S^6#pMmeT!#VF|dgLAN3DQ{QvNH=l|Qzvw;7%U{7-*;zvUzJ4vx2
zNg<Qrze!+H>G;SDcQFl2E^uEh5({?cQ{>vH?Z6A(lM!@iUO`xE4jsR2pqRWo+wJMD
z`z+@FAtqDKBw0N%WHbLiJUA%t{~jJZ?Vs%U|27`8e$VtAUlLVd+BlBo2Kn>X?GSLA
zQPPD6)zx&+oP6BJC6QhdjfIGm(#_=30aODomNzgQ7qJ-ThzFjifb7!fE<evJ3{s2v
zZZ+pn$jv*-VqNEC@CF1n(h=X@5_QYPbs+>dyuUa<v+wE;Vb29g&p=niPp=-pN*D#p
z)7*e|K`*=GE_%=THR2+e5EEc6bXyoE5EDq9C+OAxJ$q{+P8tAUFGV*bL~0^<GM=F8
z@1+~qeG_4VNo3;N>f3BK0_lhfsVtO`Nf%qfYA&zf>;F(S`KKAnbaA<iR~f<jmIv0P
zVL>+bxrs=?NI;~-VrGJ0>5H^Fl!lF9a{2Nn%96W%bUPt}6hJV}{8-Q%8j&#xk)$CB
zu*h}Eg*&yu91=$FY#>>8^EnUBMQ|U^P!8(p<+;1TmjdqQ>bZcyr(DN+800>o9Gn8#
zp)?#b>Qoa;I%Zv6uA9YcMxQ<n+SO5bj6Qwpl-s<>#cOT{D2wo%U)u;_F_uMqebn*&
zo98*OE>~HpC$^{#)otRtKko&S_Hs4Lm(r^t*qh@ik?Cv4F;<g&C$c-|=+md34Or2u
zI~B1+CkVSK4}c;4*FXRG^5ffgXD>g#eevdHp$IaeOkN2-9h5#GbDrNC4wc``eRg1(
zddA+mbd(md_Kv(s^NP-Q%+S3bQc-F_2YRu$<+FT6#ma?2ZU&Jrnk$z1a*Ut<Uw9fd
zlVFxvHFf#-5A$^B7vsjHdGFlQywL1_?N?c$!pcjm0A<Pb1z>3S{O{jr`Z_=RwqjWr
z_^sAKMQy3@n6h!ZWmF8T4vRRx=~V#Lw<g6ftoWo|vqanw@jRbcB99LZ_5GITe!t=?
zVPVWEQ_uhY&FSU&$Cq!<F5aEL{ZKV9OE4$H6o9y%|NWb@_vgR7e6LsYx1DxA=`uJi
zc#LwF??hU;5X$`?{hL#UI{O{nxspX+r={3r5sm#Y-_o+r>$H`5Se<!w1vN3ji+5)q
z&o4I5{1jG+?8ZDS0e9`@=BldkhVyV$(CjMP8V}D}&eL)=A{|g^2EE>rvU63P1)(5!
z%CU?e4#NTZwR8Ee%a1S4-kiU+p85216!F^&2mGZBunB8A*UEzlvHaJN+?47X&^k7B
z`D3xFNLX*0Iu$Dc%zrL|kTY3dx%{zMm8hU6Nd!7^B?zJdzxul%IDE&VS;e##n~3PJ
zH|1dxk?LMXbm&)qZ)}292E-`>C}UbG-D?2Z7F-jI+UPYcds$hzx<ThVY@*>svbVCP
z;4vQCmDTx?ns7}zm}XhVnU3gMT70hB86Iw?C)Z>qeKn02ENnH6HNS)6^>Z2VaWj}w
zz;pMs)lgGKwMIRy7t^^MYE^>TPgmIuVMIzl%dPd`X6F~E4QsX1jn#U(p-tHqbD?Uq
zqWshq63A6+kPaZ|(LMX4O1b4xr0A49KRKxSY!gyGKa#CX&j-^Q9!s%%5Pe{i%e<fw
z+XD~t-muC}PF#q(;`-G+?yT&=D9)PkPM^83eeZ<1Ry)_h2J615n~Qq+(ZZcIb!x6N
zmEv)oZY<S$txR042W0`-c1EfNS<61m$3ZMxIBmO8p%XXtp`cs)O=@u?lzBDVuh)_r
zA?1tujcRfum@3WNZ&ZmJ!BuJ5%^GcbIiv`$zRF^qyAfoYdnqL~Cm*Y_Om0+>>73E%
zgVtBw6o4q4mo7eL81tbrE4&j+tM_dOr1@lbvGE$cR!2_PaZvv(v^6CmO{N3Xd84y@
z=9zhuTIo_IW<5xgC^n0@v|=jSzOM}SQQd4lp<~u`A<biR^92Aabs?8OGV4J;sbq5p
z^3@yKf9!JzyXSG9#pi#(D)8+F>x10?IqDym&wuv&C%gC$TY1_U@^1Q_LGRaH1ht1B
zaz}=iYao|M+a3taC+==!bc?_hqc0Ss>8gjC%-YCup>O(x)7%lNFXWWda&w+$Nk{o>
ztUAH?Vn0O{kd_-tl?0w;J~zF|r$S$z{_@~z>2J9n7L%}BiYg~&Z$EBx;MN$tx-{_f
zoh&4YUw&9?8){hNI!UR^t!yo=;_B6EHy5=lrK%_Pf9oW3%9&1pdC?M7+0!<6MsT@P
zkQ-d@#)4jgm~?ueJPGYI%g_B;tpCMwjnE(ZS)l(N9+vgL{<EW}2Rr?58&AV|3m#tD
zZ5Xp*QLFu#!<K369-|3fl&kNq`LsJAzVIZ0E<nQ5xx)%RdXgSbc%rkanY%QmgGodN
z=zYRo$QNwpRc@nI9V9LuA_h3@h5T6(Q3F;IeWJDQYZAwi&NquAdoi-QU}2-dM^94E
z)f4x|IhfKHvEcvKnRC-O=H_Yo(>W}kWP|9O$7w?`Ruh*X_(?A$H&3ik&o=*ELbv(i
zsZ)2EN^&NbDW3Dw&R0vfL(8>t?%4LV7P;G(=yu)iK^=%)7@93Ti{<|sfgkL%=>Bj2
z*_`};+TY3ltvpu#V-{B40bW`!Fv9;)B1L@N_seWNiE_|^Cq_AYG9PT<Nz6lc&PEra
zL_R5o8+ejPQmUy(6Fx0JMNc*ouweIW^l8WcR}B1MpM~)s=Hq`I?DD^D=Xp5(|5#xl
zzHTw_1q6%OZj^|fsA+r_^Z#Ppq*X+~0{(w+a&lbe|4*Oo;{R;rSt%n+)7G!!GD~pt
zcHHLc=Ial|&T7_wE}6>u0U#Hw|KsCw{@=s?(cv!s%T}JxBK~7d_Mp#VMOUR2dQgjf
z*%*rZD2)nui&Ze$XcWUa;QOd!$OHZ|(O=-NkVM4%6|d8WAi{Lox+Avvl_D+L5<0JS
zOVnH9L~fb_H#UyqQe)??{?v7Tu7Tg0(i57PlSDKI9^F6y%LQ}UGzcrS-ZPhO%AIgc
z6b^`#TVptu6Rx^#n{^c$QLaL3)rJDjRMik?6Tf({?YiA)x7J%yYY#`woYymp$Bj7K
zuqFkO^p6EgvOQOA9+%w0t3Us>`RK$cMKln^LOKW}UEDxMayk5VUV`QH|JD4!i~PTb
z$L08shbK>ucl!S}o@Mp_hxF=xoo2v;d29;_V7D0Gw{aSGuG`P+X~F+P5=VRn`t*bB
z{~bO(IGpqU_K$b`e=CoT|C>(nx&eS27ylRG!hJwaZ%=p%5=S(^vbI@U;8f@THa7yA
zBl6}eyQ1zizEk4K?=6aV-t#D;Z2Ysa3R2wjZ{6MDDZcxe;TudNFa{R)rvRi|tUY&K
zV>@Az>*jj#)rc=8#&JD{n-6kq32m&i#H)pr{VnQO-R5=;$2@$&6n!!G0Xl9{xt=A0
zvhigwAz=cfbv|Z1ef{!|1c^R4ovR5dmY$u<0)6ElO=~ajVnL)d*AB}i(tG_ljw?PQ
z#A6~b07vJnvVe{zQwiBXUxrrZdX*BwgY~Tqahb<?3|>RWI>lg`6E2m;XFjySx`DFi
zRo@0T%gW)e7Xq2Xt0|r|pp%1`8_0^NR>h{XzZb-|YOc0igsWy)OUAj%hf4nYH!sf4
z-oL!OTr<L{i!4>sXZyLjZbWcMgs+(d<*Y7ns~}3ue99CNH#qV^l~m849vn=oB3*@K
zgp)}5BdMc$)pX02dUg51U8b7@MDCQpzOmAMCwpucSBc#^B3LDY_+wE0pMS7basb;0
zMYS_m;sT2zb7kn)hUeOTn5;VbZW|MCp(nT4ea+2GvGz;f!Chk67pttk<cn~&6GXj{
zGi-3Vue;JGn1vDX4bA$LC6f3=2ri!M+byjE-Tg&Zk|Ue;A?J!q#O?N|s%27Vfn;@-
zSt;|?%xYO-vCM<|i_6EajjZz%yo!LR-hQ7ae^;)(h)5wXLHVURs|$$|pwB=`Y*exP
z+NeC8&Q-bhE`!D5bP-@93LZs7d{Idw=E{m;IKd*E;=3T?jD#dE=G({<78HDg?@poM
z85FE;UJOIYN2(P_DA)qz6yK!>cR17YT?cWB?=D@@ckCRB*1)8!HB8DD!fX&5@|wo4
zxCqFr2rETcrFjR1Mo?&E3e}F-Jh1tW%$b6X{aZU{$0A@YI=D;Vu^Ji=nZV<*BwaZd
z#2R@r)<|-(%RsS(3>537TX>*62}MU=9C4lDz)1UrI#W(F_$#YVS~bd0-JZgdmDQWk
z#R``fFHVcKYUN6~*2Y=0bNP1DzCM_oS<HnWfZuF1Q_4zw>jCm7G;o5Aq)hp1@_`3U
zeNs0Ef5F@*EflWDQjGt~2~buFf?tNbu>=)sCY9J_fxx>g5RZ@rqTqpCDh)(s&Gtzc
z3ddVkN(500VYN=Ik_w`({w^29?rC@ad+h`e3-13M^-t#R{~sUh;(u)AX=#>hE&;@%
z7M9Hbu?)P`Q$W-oYyV<%Ks@w0_a*1OT^5LCpfqJNSV-qf=7CrSUfV<vi(oFB31Vq@
z>kQ!LazU)z(&m#vEb7WK*&y0FA08qd#EMIQJ|D!Q0of&l_}rfs`rq0KAQs*KK7M*M
z7ytQW7yoH1Pt)f8BPM|OO0R<33xdsw8+I8OHkM3baax4GdLn`r{D18P0E_tl$-zmP
z|35q2#ed$)(<=VQ;{^Wu%5RG=6CSWRTvbyLzgDrp0?tK9S$?9cdZAIM>p|MG>q-_f
zFzbTtRby1FdbOk?8rAmGAJmg{DgVLeVG_0E|7#@xSQ!85Svmew|M2OK|8M1K&Ho=Q
z@Y7c=2EK&wP`kKLU+mL@|F4|@U;+O>I5~M%j{kRX@NCEbxA829|DRv8TTK8^#ht!#
zN$?=-uV(!lzs;I?f8Dca{XZ+`f9gLydA3{sTY2Wzzn=HSOC5?;FYywnYz=&7%Xb5+
znG%$Z&+Gssl8E!Osv$663|RR4b?G!<u9!Vi=pmFH;=907#uJhDwOFgF+!EZPZvE%N
z<FCyH7Oel1{<As%Uw@bXb30FY{hN8$QLO5?KrtY9FJlV1x&_uy!5i|;<fLRf7Ez3^
zw_I?&r6cPt4wAQ!PvlgBhD$dw7I;dOjSc1wvYgeATUx}OY2Z<PVfbpw>B|_eOvoo$
zU!hRU?*C6{aDCyBsjpfr=S~gJpCKt!(r5YIEjat5zKLAv`ZFrU(MmH|+XF`F?}iaB
z)LE{fOB?pG(3*R>u*rPwmhHl7yGUo*{i<&%U%q7%W=jwV)@-4frpj-NM?@9@XgXw6
zsA~nC^Yf-Z8=A{kS+*U@+3Po#ZgG`f){kmM?UwDjP;IB2NhL64B!ua4Yp>=j@QV2}
zQ|$of4oLa!`#Ht&yEu0~GyC1JTnlwtHk7b(Q~5Xbjg{*aPJRWFmNJW!d>x=v`ON|=
zf165|UxdkAg_1yP->IB%T)v?{|3oB`>$F)ZkQa?_c9+*DcQIyRyHU=nz0|eZ4Rv*`
z#pB)B$pxd{qRmA^-?sUcCV=sf_!3l<b|bHEszC8}LtZMrc&w}YvtW>$T3Ix@3maT%
zSWO(y`W~C_+F@=|@KoHDEmSBJgL?Xi%r9DIYRYO>yQ)erWagkp<#=WOw-GHq5}1ui
zyXr1Ju=%^h=SzR?y!fBPQ?UQL6B13S4x+uuHWvB+p7zWBzoV1g{_l34J#>MUB7#Yz
zI5KmOZYPAHVM3#jvN4KraE-@AcD+6HVM3)oLdb=ZNKQx;p>f2ACTcom<9#rgv7$Fb
zAGOQ9$1L>r5F=x~r-#0YwFN*zbW7C){l~Xm^o~U{#F?%MT|zMtD58vXz3$oN$4kWp
z@%GRupH4YLznos8kP7K_$5i$7zoz?Mcld|s>3`je$+!pqxS#Td^)f(199$<c8qtVI
z@4K$NjlJ)>LwxOh*HzQl`|kgFd*~M|C{H9hKYJ;?u07}Ib!kX&&y*AV-(Mm-E3E(b
zFJGL!dD)$Yn{A_c{hu729F)(0A06~}_y4x??4djbc;1HzDZDWbGlauXBKT=6c*g>O
zXUupaoV%*)d3$^4oJobF2#o}vI{z6GB<7y?B6JXQK}dk{*eW1^OaW=CQ{{PAS62aN
zl1IeT-=Qk>DD9}eydwua9mfS2!6X@Kty)sw00S8FeT#U2BXkNSJnxnuMo0*~A=<Y@
znc_%I2yhvF|7He^Q4j?6Z6C29C>BH#R_teB(X<VJ_uX5r$l$y0T)hk=l@0)+3<=H^
z;v?N`ik)LO-d+xY!1Ve<Hg-@)<6?TQ=jC;paluWI=lSRr7iOdnyLX;;VqRTc4Y8cq
zeUE6G0`)Uhx#%hF*iYrR?pLosSGJ8p<43OXQ{!ib{%4Juq5dZnloOsrVFAx{?^SB?
zF^|M`G9-bDko95LA(3?q{&=4-4c)e+1=Z@~v)sVE7#W(&T1GMn0zyK$4|9nE%+Q!9
zgl!-dAQMZvu6Md;_G<}GOaFW5Odq>+HP1&H_AO?5Et@l$hIDj^eUwO;87g7Ory#@I
z(T|1X`*9-1^`l-z4s);)=0>}c0-NWx8p8suRUzp*;poWL%i1f<Vmi7eUPdA;=>Rt!
zaj?rkky1L-QADMZmWXX(c%8Zb%j@5VKSt7XEQf{gnF?f6Mc9ljUC+Bm7Y+()_1vQ~
zA_GCS1=p_1HXi7fL2a2z-aYb{deE{Jw)3piEsg$F?)c_an_<3;NkB)GNMN^WLIisM
z<BQYmoU~)TLt+_exW=ruo=9}1MA8O<d?i4?e0nJt=&52*s?f(Mt5Z7Aw5_pt5cGj>
zU6tGUV40v}IQ6J24lJ^Z&PRxGg(Qd}7CPZdrM@e*52FX*s6=DJh|pt{NX`0y5!y4K
zi_q_MmLIb!^ykm6T@~7?n*Cgz$C>`k&3^eH+EuBY^6WRDzP;&Ref9%Mjqq(XboWI`
zjYeD;{rU17unjn4B+!U!No-W-r8~AfCg|7Smak;de}m(gvR3$)(GQ8jG}4+!da7Xm
zg7fJ7Z2y%E&d<=)0AC5K_L!`Ueqq~nAsy7seg*}-esj4VE-O6u=<3f;%dLEiz6*le
zuJS#)Bnm}*Jcb#Kbo5*p0<bl+40T;}X^ealS`E_}%?Ge5o_5iJu47hu1pHx?L;zIo
zqo-y>1?b5J{0$L9F!yKOM)aR9i@ia=S<qFWpK|`9*pq0ne0s2_fJfVLD5Gz#(z(+k
zl~Bs)n<~iF(Oe!ZCM<~M-r5iufsGVIlrSRzw7I0|0_fo#vv%b==ofO&wqxTZ^yjiL
z&O<T8pGYE7Iqqr&Y3@e18mu-H^H6qEbBjtOXHt==&h+62f+`x|2;EL-FoCZVI-U@z
zQn)SAuL9aU3iIffG9*-@Kd1Jj)p9zHyHmNP=N?_@Tl!0_|1$c5jHy%t&*wV2%G!C$
zLxSGBlIApA-WmDx`=1^J!)8p-)%EwXI}Svb@}8t)-)^&N7pA5Nb6C(%alBfHzQS`d
z@E(~IBMLvTBwy~iM^`t8-NWv|GSj~Z{Vd#cZuSlO@W}=(c^HJ2d+yQI`RFZI7se0V
zQizw=eszTJqRI0%v+zC-!Z+Qz`aQuj?XV~D#JNZVNt;x-CiE*P|Fb6k05dGArFC7U
zCiE*P|1VDb`PjNO5bpDPAy>r;%4{cDYwrw`DQBSLY~fj5=g*;^i|bnl>K^?>rQTY~
z4@05iV~oN^(65aMag}T5d}O^8)@$)!+Ufu61rL#{jO@v))cyI}H*RCGn7KUUf$RmG
z1teCoXQN-mTp!xgkbL{@+Xiz7t)=!fdw1sBDVaRh@00iWJi=4NqvasXp)W`r(Ey+F
zq>g=*(a+b|EJjN`_vq?qHG{V{VR$Qx&lxhW%mKy6dhXE`xl_k0xH_BCC{>v}=gQhM
z5^;e-D$U<!ETH-ntXe)o*)d#e%{fP=Dg5ruiwk|T0?`qo+7e`3rTh0wqral3w=r|#
z9K3t<Pb@;Db46;yc8c%lG?^lnOov1O+Kfo;<uPYFbZ$jJ7%S}rQ23fKG$bP~2*Su_
z5kx!)5+RpFx`6)o>l6Q6md6V8FZoD)j_5B*`Bmswq@<kN<#{uQZ<?Ia#o$An>BBw7
zCb*?)!V~2%eGsoNp#O9!bFUKp`RtkV=u@^F`k?;^Ivx}8a3gS!t`65nznrkM(%W-Q
zV~bc08#+SQpwC3<K`!Ut=c8;Wq-BB=?06-KeMkQzb2V^P^f#dP*z8G-e*XV{e{qUj
zCUaQ*x0ouxQ+xP86QrDJp+F*H{vILhSiu85_vq^6pjK0_t5imRv9EJES7%NYH2%)B
z%-`vJlXi0`=blWRo)M8U^LVNWW_2FT`v!2!pufo1`ImEbme5cCuJ-wqwZ1@7KR?Nj
z<N#`Rb=H^zEzmFfeDdhi&&TiMT%CtYdwZJEFZ+D*=zm5YpVhrRm3inJ{QUF8?`l1w
z>$92oT?flL%mVZ){rsOT@gH>$yZyC@zl46JpZ{wh{#v(Bowuj32qX<jfVb)Pxkpzu
z6y8*+7X78RIOou&@)6|z2JC%7B>kg_^Hs7wTkA15eVSRH?cf|AYev6npXW1Xef^cT
zIP1}`+UNO8vp$D@y~DeS^|?i`ea;8y*HCy<r8@L$IbS8~E2F)A&bJ}f=lnKmDU&Bx
z>+>{uavf|mdFIjof=r&{ZhuX!Zyx=x%H&zR!(DZ(F-;w&-8^~gKezAku+Qo{yfv9?
zYxnny=;w3YJ{t0yLf<7Xt_M^`KTUW1h`4VI{ly#nmA<}mt?i4x)qQ;~Xjg-<FSIj{
zzJq{<SZdF&9Z&82v|j(56Z9_TP;5BUcOW+NYyka`Pcdab>41;5VD8abt{4i*h%#bb
z)0z#MfRXkd3&Ii^u!b`LzWFoY`W(y+5sK<tq57t!Ext7R>l6Pa53Y%NMWgyrG<SJM
zG$M8Pd87uiWKY(8%&io^xLq4uw>Z*lW}*e=ww+4!%`wME!Q6K1N(YTvh;pG4pnshV
zNkr5cZDlRoBU>Kba&Zl-I}0xGh|fK`>fK<WQ>@tzF2=@OWlE!Ny4-M074H$0GQnmd
z9%L7K0F1k^5DOj<DT#EqUiJ~W8z3<ZeKvd$VUVKF$NDsD`|Au@RM>X2|29YTu-;7l
z^)XoM(RY!<E-U~YlOy2MwzKcj47M7968bI;mgW8SGE*A+BD-<_!1vuP6`R}pZEq!-
zi)=PgbToT|86K1H)ZtVGVeT%E)MJ4e%HSA55Rx!AJP-V=F88me^0Ykx)XjbZnhfxO
z+=agDsod7|=Vw3bfqy-f4a8vX@Xm+dZam&lq4iBjArSW?+~8k*_UFQaH-eZu)j14{
zs6WnSKCAYCY>~lI_xP%#d)J@nzSQ{#kRbK|BK*MU)W|)<@D$JVKo_{(T;qJG=N?`C
z!=39mKl@<`cSmJ(>IS8^IQv9knF!zl!0L3k^T&AZ(N(9jlFmODu6+UV>v`6A>Tpj+
z;=xF~|MASa|KtQm(N=?ZXh*j`T)hy3T%|emixK2oI=XeGJh^ZGgwNWnFPM+Lzew(9
z(>-$0`XB4LM^_P^5z#UVfvq$*`!=|LJ7*W5@3H|r^0T3}pV>dPuFkw|6Y+6s`0U$L
z>DmE`#h55Gq%73qV@xEi8c`-`NV2>Bn?T;6U$A-Fj72T_^>^6k(U-RDKEgMcMmnAr
zw^50&1ex+1a)r16<6;W3Qkq{{Y>JyD_obT9H*GCJ1M}#YQzTSuaNFDo)|&--F2hq0
z{wXVX1QxI%;!jgHG^jmuoZkhd%rSfmrK^v?QWMEVBm~i7I5;C2@^->!fxb&0(R{e2
z6tV;?9J;+t-BPzUf_`19ikzSSg}$O_UE4ucPOCyC6K@};yX*(o#jqeq5|zaJCZ1j;
zz`VztN+ihd2^E!U#67zD^|$rW&+=BZ*yPfo3VlgpY$7d1_I@WAz>fKC>Dkcio5UR|
zt{s3j=xZR`9e_>g{N>~w^QSsLOn_|Rn?w_QLu{-nkmBZ?KW1T%3u7DLa7r1d{vp_g
zIFbu4qpteo4c^LruZVt{jN!_)Q)GRG4Gxp3A`8#Cy=PNeUu6=Jt9(19!!6leMUyfl
zKM0#fvH_FL%>IHLDp$*)zdah*(CnA8n=F?5=5&YBR{mp5d)lpy%zj;Rm)i6E)#z_~
z>2GTGO{SO@p5B>>q(~!TZcrh8f!q4OANJB(b+=Z%!CjyCrp-2ot>6xLS^NvW-)%hi
z=*mPrTl!$z!n{4T=lV(}4@ndKWX6xX)%wuS8lg(-atO7$&S1P5PQwH9S8jXe(Rw<6
zKFM;6Ezas)9?SP0BSJG;&()bFhHm2^s@UauOo^9vYh}TgPYS)%?Ask)fzHny&&!R*
zR-b!x^^Z8hlqqtjP|JOuGWxH{!kAZO^smXxL}m!M5JbkDh0;YVvT3%r@c{b9#!A#g
zcPi_Tj(5yqj_{D*kZfe~=vQU!Ua-wk^7h18wr@)d+oJ>E{6wmcaZ}&tD!B{^I>Q3`
zi8A7O|FVfK0Fp&QDaytst%pqqV{1f|<<lf|J*N{9989tgxscPoFNuQbd2RxgVlhti
z$ydb-Sv<PlD=yH>J3NgeGAQNK$TEEZu)^__=cPj)woI#|tIt7p>ckO`n*XPe{|U#j
zF9;5&WTQEt7Uh3CIzBGte>y%m+2w!V%Co1#<D3i5jMM1!@?38toas|!o~IMO*{nh`
z-Cn*hhbuw%%EHO*TMsKAmGYN>kg_?9_H`W)8)Jd>frYgBf6ihebhEk%z5eIZ7s;;Y
z{elJ6ZhLL>Y5p-JXv7m1B5E@DOfhB1rZf8z)3WWJ-Lrdk&x1ezKL7y#|MjDs9sr^N
E0Nz`Ca{vGU

literal 0
HcmV?d00001

diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/.helmignore b/charts/softiron/ceph-csi-rbd/1.3.1/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/Chart.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/Chart.yaml
new file mode 100644
index 000000000..e82b1189b
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: SoftIron Ceph RBD
+  catalog.cattle.io/release-name: ceph-csi-rbd
+apiVersion: v1
+appVersion: canary
+description: CSI RBD Driver for SoftIron HyperDrive
+home: https://github.com/softiron/ceph-csi
+icon: https://cdn.softiron.com/helm/assets/icon.png
+keywords:
+- ceph
+- rbd
+- ceph-csi
+- softiron
+- hyperdrive
+kubeVersion: 1.18 - 1.22
+name: ceph-csi-rbd
+sources:
+- https://github.com/softiron/ceph-csi/tree/rancher-softiron/charts/ceph-csi-rbd
+version: 1.3.1
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/README.md b/charts/softiron/ceph-csi-rbd/1.3.1/README.md
new file mode 100644
index 000000000..46223c54d
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/README.md
@@ -0,0 +1,186 @@
+# ceph-csi-rbd
+
+The ceph-csi-rbd chart adds rbd volume support to your cluster.
+
+## Install from release repo
+
+Add chart repository to install helm charts from it
+
+```console
+helm repo add ceph-csi https://ceph.github.io/csi-charts
+```
+
+## Install from local Chart
+
+we need to enter into the directory where all charts are present
+
+```console
+cd charts
+```
+
+**Note:** charts directory is present in root of the ceph-csi project
+
+### Install chart
+
+To install the Chart into your Kubernetes cluster
+
+- For helm 2.x
+
+    ```bash
+    helm install --namespace "ceph-csi-rbd" --name "ceph-csi-rbd" ceph-csi/ceph-csi-rbd
+    ```
+
+- For helm 3.x
+
+    Create the namespace where Helm should install the components with
+
+    ```bash
+    kubectl create namespace "ceph-csi-rbd"
+    ```
+
+    Run the installation
+
+    ```bash
+    helm install --namespace "ceph-csi-rbd" "ceph-csi-rbd" ceph-csi/ceph-csi-rbd
+    ```
+
+After installation succeeds, you can get a status of Chart
+
+```bash
+helm status "ceph-csi-rbd"
+```
+
+### Delete Chart
+
+If you want to delete your Chart, use this command
+
+- For helm 2.x
+
+    ```bash
+    helm delete --purge "ceph-csi-rbd"
+    ```
+
+- For helm 3.x
+
+    ```bash
+    helm uninstall "ceph-csi-rbd" --namespace "ceph-csi-rbd"
+    ```
+
+If you want to delete the namespace, use this command
+
+```bash
+kubectl delete namespace ceph-csi-rbd
+```
+
+### Configuration
+
+The following table lists the configurable parameters of the ceph-csi-cephfs
+charts and their default values.
+
+| Parameter                                      | Description                                                                                                                                          | Default                                            |
+| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| `rbac.create`                                  | Specifies whether RBAC resources should be created                                                                                                   | `true`                                             |
+| `serviceAccounts.nodeplugin.create`            | Specifies whether a nodeplugin ServiceAccount should be created                                                                                      | `true`                                             |
+| `serviceAccounts.nodeplugin.name`              | The name of the nodeplugin ServiceAccount to use. If not set and create is true, a name is generated using the fullname                              | ""                                                 |
+| `serviceAccounts.provisioner.create`           | Specifies whether a provisioner ServiceAccount should be created                                                                                     | `true`                                             |
+| `serviceAccounts.provisioner.name`             | The name of the provisioner ServiceAccount to use. If not set and create is true, a name is generated using the fullname                             | ""                                                 |
+| `csiConfig`                                    | Configuration for the CSI to connect to the cluster                                                                                                  | []                                                 |
+| `csiMapping`                                   | Configuration details of clusterID,PoolID,FscID mapping                                                                                              | []                                                 |
+| `encryptionKMSConfig`                          | Configuration for the encryption KMS                                                                                                                 | `{}`                                               |
+| `logLevel`                                     | Set logging level for csi containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity.                          | `5`                                                |
+| `nodeplugin.name`                              | Specifies the nodeplugins name                                                                                                                       | `nodeplugin`                                       |
+| `nodeplugin.updateStrategy`                    | Specifies the update Strategy. If you are using ceph-fuse client set this value to OnDelete                                                          | `RollingUpdate`                                    |
+| `nodeplugin.priorityClassName`                 | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority                                    | `system-node-critical`                             |
+| `nodeplugin.profiling.enabled`                 | Specifies whether profiling should be enabled                                                                                                        | `false`                                            |
+| `nodeplugin.registrar.image.repository`        | Node Registrar image repository URL                                                                                                                  | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
+| `nodeplugin.registrar.image.tag`               | Image tag                                                                                                                                            | `v2.2.0`                                           |
+| `nodeplugin.registrar.image.pullPolicy`        | Image pull policy                                                                                                                                    | `IfNotPresent`                                     |
+| `nodeplugin.plugin.image.repository`           | Nodeplugin image repository URL                                                                                                                      | `quay.io/cephcsi/cephcsi`                          |
+| `nodeplugin.plugin.image.tag`                  | Image tag                                                                                                                                            | `canary`                                           |
+| `nodeplugin.plugin.image.pullPolicy`           | Image pull policy                                                                                                                                    | `IfNotPresent`                                     |
+| `nodeplugin.nodeSelector`                      | Kubernetes `nodeSelector` to add to the Daemonset                                                                                                    | `{}`                                               |
+| `nodeplugin.tolerations`                       | List of Kubernetes `tolerations` to add to the Daemonset                                                                                             | `{}`                                               |
+| `nodeplugin.podSecurityPolicy.enabled`         | If true, create & use [Pod Security Policy resources](https://kubernetes.io/docs/concepts/policy/pod-security-policy/).                              | `false`                                            |
+| `provisioner.name`                             | Specifies the name of provisioner                                                                                                                    | `provisioner`                                      |
+| `provisioner.replicaCount`                     | Specifies the replicaCount                                                                                                                           | `3`                                                |
+| `provisioner.defaultFSType`                    | Specifies the default Fstype                                                                                                                         | `ext4`                                             |
+| `provisioner.deployController`                 | It enables or disables the deployment of controller which generates the OMAP data if it is not present                                               | `true`                                             |
+| `provisioner.hardMaxCloneDepth`                | Hard limit for maximum number of nested volume clones that are taken before a flatten occurs                                                         | `8`                                                |
+| `provisioner.softMaxCloneDepth`                | Soft limit for maximum number of nested volume clones that are taken before a flatten occurs                                                         | `4`                                                |
+| `provisioner.maxSnapshotsOnImage`              | Maximum number of snapshots allowed on rbd image without flattening                                                                                  | `450`                                              |
+| `provisioner.minSnapshotsOnImage`              | Minimum number of snapshots allowed on rbd image to trigger flattening                                                                               | `250`                                              |
+| `provisioner.skipForceFlatten`                 | Skip image flattening if kernel support mapping of rbd images which has the deep-flatten feature                                                     | `false`                                            |
+| `provisioner.timeout`                          | GRPC timeout for waiting for creation or deletion of a volume                                                                                        | `60s`                                              |
+| `provisioner.priorityClassName`                | Set user created priorityclassName for csi provisioner pods. Default is `system-cluster-critical` which is less priority than `system-node-critical` | `system-cluster-critical`                          |
+| `provisioner.profiling.enabled`                | Specifies whether profiling should be enabled                                                                                                        | `false`                                            |
+| `provisioner.provisioner.image.repository`     | Specifies the csi-provisioner image repository URL                                                                                                   | `k8s.gcr.io/sig-storage/csi-provisioner`           |
+| `provisioner.provisioner.image.tag`            | Specifies image tag                                                                                                                                  | `v2.2.2`                                           |
+| `provisioner.provisioner.image.pullPolicy`     | Specifies pull policy                                                                                                                                | `IfNotPresent`                                     |
+| `provisioner.attacher.image.repository`        | Specifies the csi-attacher image repository URL                                                                                                      | `k8s.gcr.io/sig-storage/csi-attacher`              |
+| `provisioner.attacher.image.tag`               | Specifies image tag                                                                                                                                  | `v3.2.1`                                           |
+| `provisioner.attacher.image.pullPolicy`        | Specifies pull policy                                                                                                                                | `IfNotPresent`                                     |
+| `provisioner.attacher.name`                    | Specifies the name of csi-attacher sidecar                                                                                                           | `attacher`                                         |
+| `provisioner.attacher.enabled`                 | Specifies whether attacher sidecar is enabled                                                                                                        | `true`                                             |
+| `provisioner.resizer.image.repository`         | Specifies the csi-resizer image repository URL                                                                                                       | `k8s.gcr.io/sig-storage/csi-resizer`               |
+| `provisioner.resizer.image.tag`                | Specifies image tag                                                                                                                                  | `v1.2.0`                                           |
+| `provisioner.resizer.image.pullPolicy`         | Specifies pull policy                                                                                                                                | `IfNotPresent`                                     |
+| `provisioner.resizer.name`                     | Specifies the name of csi-resizer sidecar                                                                                                            | `resizer`                                          |
+| `provisioner.resizer.enabled`                  | Specifies whether resizer sidecar is enabled                                                                                                         | `true`                                             |
+| `provisioner.snapshotter.image.repository`     | Specifies the csi-snapshotter image repository URL                                                                                                   | `k8s.gcr.io/sig-storage/csi-snapshotter`           |
+| `provisioner.snapshotter.image.tag`            | Specifies image tag                                                                                                                                  | `v4.1.1`                                           |
+| `provisioner.snapshotter.image.pullPolicy`     | Specifies pull policy                                                                                                                                | `IfNotPresent`                                     |
+| `provisioner.nodeSelector`                     | Specifies the node selector for provisioner deployment                                                                                               | `{}`                                               |
+| `provisioner.tolerations`                      | Specifies the tolerations for provisioner deployment                                                                                                 | `{}`                                               |
+| `provisioner.affinity`                         | Specifies the affinity for provisioner deployment                                                                                                    | `{}`                                               |
+| `provisioner.podSecurityPolicy.enabled`        | Specifies whether podSecurityPolicy is enabled                                                                                                       | `false`                                            |
+| `topology.enabled`                             | Specifies whether topology based provisioning support should be exposed by CSI                                                                       | `false`                                            |
+| `topology.domainLabels`                        | DomainLabels define which node labels to use as domains for CSI nodeplugins to advertise their domains                                               | `{}`                                               |
+| `provisionerSocketFile`                        | The filename of the provisioner socket                                                                                                               | `csi-provisioner.sock`                             |
+| `pluginSocketFile`                             | The filename of the plugin socket                                                                                                                    | `csi.sock`                                         |
+| `kubeletDir`                                   | kubelet working directory                                                                                                                            | `/var/lib/kubelet`                                 |
+| `cephLogDirHostPath`                           | Host path location for ceph client processes logging, ex: rbd-nbd                                                                                    | `/var/log/ceph`                                    |
+| `driverName`                                   | Name of the csi-driver                                                                                                                               | `rbd.csi.ceph.com`                                 |
+| `configMapName`                                | Name of the configmap which contains cluster configuration                                                                                           | `ceph-csi-config`                                  |
+| `externallyManagedConfigmap`                   | Specifies the use of an externally provided configmap                                                                                                | `false`                                            |
+| `kmsConfigMapName`                             | Name of the configmap used for encryption kms configuration                                                                                          | `ceph-csi-encryption-kms-config`                   |
+| `storageClass.create`                          | Specifies whether the StorageClass should be created                                                                                                 | `false`                                            |
+| `storageClass.name`                            | Specifies the rbd StorageClass name                                                                                                                  | `csi-rbd-sc`                                       |
+| `storageClass.clusterID`                       | String representing a Ceph cluster to provision storage from                                                                                         | `<cluster-ID>`                                     |
+| `storageClass.dataPool`                        | Specifies the erasure coded pool                                                                                                                     | `""`                                               |
+| `storageClass.pool`                            | Ceph pool into which the RBD image shall be created                                                                                                  | `replicapool`                                      |
+| `storageClass.thickProvision`                  | Specifies whether thick provision should be enabled                                                                                                  | `false`                                            |
+| `storageclass.imageFeatures`                   | Specifies RBD image features                                                                                                                         | `layering`                                         |
+| `storageClass.mounter`                         | Specifies RBD mounter                                                                                                                                | `""`                                               |
+| `storageClass.cephLogDir`                      | ceph client log location, it is the target bindmount path used inside container                                                                      | `"/var/log/ceph"`                                  |
+| `storageClass.cephLogStrategy`                 | ceph client log strategy, available options `remove` or `compress` or `preserve`                                                                     | `"remove"`                                         |
+| `storageClass.volumeNamePrefix`                | Prefix to use for naming RBD images                                                                                                                  | `""`                                               |
+| `storageClass.encrypted`                       | Specifies whether volume should be encrypted. Set it to true if you want to enable encryption                                                        | `""`                                               |
+| `storageClass.encryptionKMSID`                 | Specifies the encryption kms id                                                                                                                      | `""`                                               |
+| `storageClass.topologyConstrainedPools`        | Add topology constrained pools configuration, if topology based pools are setup, and topology constrained provisioning is required                   | `[]`                                               |
+| `storageClass.mapOptions`                      | Specifies comma-separated list of map options                                                                                                        | `""`                                               |
+| `storageClass.unmapOtpions`                    | Specifies comma-separated list of unmap options                                                                                                      | `""`                                               |
+| `storageClass.provisionerSecret`               | The secrets have to contain user and/or Ceph admin credentials.                                                                                      | `csi-rbd-secret`                                   |
+| `storageClass.provisionerSecretNamespace`      | Specifies the provisioner secret namespace                                                                                                           | `""`                                               |
+| `storageClass.controllerExpandSecret`          | Specifies the controller expand secret name                                                                                                          | `csi-rbd-secret`                                   |
+| `storageClass.controllerExpandSecretNamespace` | Specifies the controller expand secret namespace                                                                                                     | `""`                                               |
+| `storageClass.nodeStageSecret`                 | Specifies the node stage secret name                                                                                                                 | `csi-rbd-secret`                                   |
+| `storageClass.nodeStageSecretNamespace`        | Specifies the node stage secret namespace                                                                                                            | `""`                                               |
+| `storageClass.fstype`                          | Specify the filesystem type of the volume                                                                                                            | `ext4`                                             |
+| `storageClass.reclaimPolicy`                   | Specifies the reclaim policy of the StorageClass                                                                                                     | `Delete`                                           |
+| `storageClass.allowVolumeExpansion`            | Specifies whether volume expansion should be allowed                                                                                                 | `true`                                             |
+| `storageClass.mountOptions`                    | Specifies the mount options for storageClass                                                                                                         | `[]`                                               |
+| `secret.create`                                | Specifies whether the secret should be created                                                                                                       | `false`                                            |
+| `secret.name`                                  | Specifies the rbd secret name                                                                                                                        | `csi-rbd-secret`                                   |
+| `secret.userID`                                | Specifies the user ID of the rbd secret                                                                                                              | `<plaintext ID>`                                   |
+| `secret.userKey`                               | Specifies the key that corresponds to the userID                                                                                                     | `<Ceph auth key corresponding to ID above>`        |
+| `secret.encryptionPassphrase`                  | Specifies the encryption passphrase of the secret                                                                                                    | `test_passphrase`                                  |
+
+### Command Line
+
+You can pass the settings with helm command line parameters.
+Specify each parameter using the --set key=value argument to helm install.
+For Example:
+
+```bash
+helm install --set configMapName=ceph-csi-config --set provisioner.podSecurityPolicy.enabled=true
+```
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/app-readme.md b/charts/softiron/ceph-csi-rbd/1.3.1/app-readme.md
new file mode 100644
index 000000000..206ab3ae6
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/app-readme.md
@@ -0,0 +1,5 @@
+# SoftIron Ceph CSI RBD Driver
+
+This Chart is the RBD Plugin for Kubernetes, based off the ceph-csi-rbd project, for integrating SoftIron HyperDrive RBD with Kubernetes clusters.
+
+Variable names can be found in the main README.
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/NOTES.txt b/charts/softiron/ceph-csi-rbd/1.3.1/templates/NOTES.txt
new file mode 100644
index 000000000..47e90f707
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/NOTES.txt
@@ -0,0 +1,2 @@
+Examples on how to configure a storage class and start using the driver are here:
+https://github.com/ceph/ceph-csi/tree/devel/examples/rbd
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/_helpers.tpl b/charts/softiron/ceph-csi-rbd/1.3.1/templates/_helpers.tpl
new file mode 100644
index 000000000..0a2613d63
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/_helpers.tpl
@@ -0,0 +1,90 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ceph-csi-rbd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ceph-csi-rbd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ceph-csi-rbd.nodeplugin.fullname" -}}
+{{- if .Values.nodeplugin.fullnameOverride -}}
+{{- .Values.nodeplugin.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ceph-csi-rbd.provisioner.fullname" -}}
+{{- if .Values.provisioner.fullnameOverride -}}
+{{- .Values.provisioner.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ceph-csi-rbd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ceph-csi-rbd.serviceAccountName.nodeplugin" -}}
+{{- if .Values.serviceAccounts.nodeplugin.create -}}
+    {{ default (include "ceph-csi-rbd.nodeplugin.fullname" .) .Values.serviceAccounts.nodeplugin.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccounts.nodeplugin.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ceph-csi-rbd.serviceAccountName.provisioner" -}}
+{{- if .Values.serviceAccounts.provisioner.create -}}
+    {{ default (include "ceph-csi-rbd.provisioner.fullname" .) .Values.serviceAccounts.provisioner.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccounts.provisioner.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/ceph-conf.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/ceph-conf.yaml
new file mode 100644
index 000000000..a9a6f0026
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/ceph-conf.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ceph-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  ceph.conf: |
+{{ tpl .Values.cephconf . | indent 4 }}
+  keyring: ""
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/csidriver-crd.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/csidriver-crd.yaml
new file mode 100644
index 000000000..92c3d916a
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/csidriver-crd.yaml
@@ -0,0 +1,11 @@
+{{ if semverCompare ">=1.18.0-beta.1" .Capabilities.KubeVersion.Version }}
+apiVersion: storage.k8s.io/v1
+{{ else }}
+apiVersion: storage.k8s.io/v1beta1
+{{ end }}
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driverName }}
+spec:
+  attachRequired: true
+  podInfoOnMount: false
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/csiplugin-configmap.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/csiplugin-configmap.yaml
new file mode 100644
index 000000000..3cec53e6e
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/csiplugin-configmap.yaml
@@ -0,0 +1,18 @@
+{{- if not .Values.externallyManagedConfigmap }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.configMapName | quote }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  config.json: |-
+{{ toJson .Values.csiConfig | indent 4 -}}
+  cluster-mapping.json: |-
+{{ toJson .Values.csiMapping | indent 4 -}}
+{{- end }}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/encryptionkms-configmap.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/encryptionkms-configmap.yaml
new file mode 100644
index 000000000..47b7d093d
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/encryptionkms-configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.kmsConfigMapName | quote }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  config.json: |-
+{{ toJson .Values.encryptionKMSConfig | indent 4 -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrole.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrole.yaml
new file mode 100644
index 000000000..93ec30ed6
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrole.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+{{- if .Values.topology.enabled }}
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get"]
+{{- end }}
+  # allow to read Vault Token and connection options from the Tenants namespace
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["list", "get"]
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrolebinding.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrolebinding.yaml
new file mode 100644
index 000000000..fdc79be4a
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-clusterrolebinding.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-daemonset.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-daemonset.yaml
new file mode 100644
index 000000000..1ccc49d08
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-daemonset.yaml
@@ -0,0 +1,224 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "ceph-csi-rbd.name" . }}
+      component: {{ .Values.nodeplugin.name }}
+      release: {{ .Release.Name }}
+  updateStrategy:
+    type: {{ .Values.nodeplugin.updateStrategy }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "ceph-csi-rbd.name" . }}
+        chart: {{ include "ceph-csi-rbd.chart" . }}
+        component: {{ .Values.nodeplugin.name }}
+        release: {{ .Release.Name }}
+        heritage: {{ .Release.Service }}
+    spec:
+      serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+      hostNetwork: true
+      hostPID: true
+{{- if .Values.nodeplugin.priorityClassName }}
+      priorityClassName: {{ .Values.nodeplugin.priorityClassName }}
+{{- end }}
+      # to use e.g. Rook orchestrated cluster, and mons' FQDN is
+      # resolved through k8s service, set dns policy to cluster first
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+        - name: driver-registrar
+          # This is necessary only for systems with SELinux, where
+          # non-privileged sidecar containers cannot access unix domain socket
+          # created by privileged CSI driver container.
+          securityContext:
+            privileged: true
+          image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
+          args:
+            - "--v={{ .Values.logLevel }}"
+            - "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
+            - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
+          env:
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources:
+{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
+        - name: csi-rbdplugin
+          image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+          args:
+            - "--nodeid=$(NODE_ID)"
+            - "--pluginpath={{ .Values.kubeletDir }}/plugins"
+            - "--stagingpath={{ .Values.kubeletDir }}/plugins/kubernetes.io/csi/pv/"
+            - "--type=rbd"
+            - "--nodeserver=true"
+            - "--pidlimit=-1"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--v={{ .Values.logLevel }}"
+            - "--drivername=$(DRIVER_NAME)"
+{{- if .Values.topology.enabled }}
+            - "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
+{{- end }}
+{{- if .Values.nodeplugin.profiling.enabled }}
+            - "--enableprofiling={{ .Values.nodeplugin.profiling.enabled }}"
+{{- end }}
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: DRIVER_NAME
+              value: {{ .Values.driverName }}
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: "unix:///csi/{{ .Values.pluginSocketFile }}"
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["SYS_ADMIN"]
+            allowPrivilegeEscalation: true
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - mountPath: /dev
+              name: host-dev
+            - mountPath: /run/mount
+              name: host-mount
+            - mountPath: /sys
+              name: host-sys
+            - mountPath: /etc/selinux
+              name: etc-selinux
+              readOnly: true
+            - mountPath: /lib/modules
+              name: lib-modules
+              readOnly: true
+            - name: ceph-csi-config
+              mountPath: /etc/ceph-csi-config/
+            - name: ceph-config
+              mountPath: /etc/ceph/
+            - name: ceph-csi-encryption-kms-config
+              mountPath: /etc/ceph-csi-encryption-kms-config/
+            - name: plugin-dir
+              mountPath: {{ .Values.kubeletDir }}/plugins
+              mountPropagation: "Bidirectional"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.kubeletDir }}/pods
+              mountPropagation: "Bidirectional"
+            - name: keys-tmp-dir
+              mountPath: /tmp/csi/keys
+            - name: ceph-logdir
+              mountPath: /var/log/ceph
+          resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- if .Values.nodeplugin.httpMetrics.enabled }}
+        - name: liveness-prometheus
+          securityContext:
+            privileged: true
+          image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+          args:
+            - "--type=liveness"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metricsport={{ .Values.nodeplugin.httpMetrics.containerPort }}"
+            - "--metricspath=/metrics"
+            - "--polltime=60s"
+            - "--timeout=3s"
+          env:
+            - name: CSI_ENDPOINT
+              value: "unix:///csi/{{ .Values.pluginSocketFile }}"
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- end }}
+      volumes:
+        - name: socket-dir
+          hostPath:
+            path: "{{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}"
+            type: DirectoryOrCreate
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.kubeletDir }}/plugins_registry
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.kubeletDir }}/plugins
+            type: Directory
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.kubeletDir }}/pods
+            type: DirectoryOrCreate
+        - name: ceph-logdir
+          hostPath:
+            path: {{ .Values.cephLogDirHostPath }}
+            type: DirectoryOrCreate
+        - name: host-dev
+          hostPath:
+            path: /dev
+        - name: host-mount
+          hostPath:
+            path: /run/mount
+        - name: host-sys
+          hostPath:
+            path: /sys
+        - name: etc-selinux
+          hostPath:
+            path: /etc/selinux
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
+        - name: ceph-config
+          configMap:
+            name: ceph-config
+        - name: ceph-csi-config
+          configMap:
+            name: {{ .Values.configMapName | quote }}
+{{- if .Values.configMapKey }}
+            items:
+              - key: {{ .Values.configMapKey | quote }}
+                path: config.json
+{{- end }}
+        - name: ceph-csi-encryption-kms-config
+          configMap:
+            name: {{ .Values.kmsConfigMapName | quote }}
+        - name: keys-tmp-dir
+          emptyDir: {
+            medium: "Memory"
+          }
+{{- if .Values.nodeplugin.affinity }}
+      affinity:
+{{ toYaml .Values.nodeplugin.affinity | indent 8 -}}
+{{- end -}}
+{{- if .Values.nodeplugin.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeplugin.nodeSelector | indent 8 -}}
+{{- end -}}
+{{- if .Values.nodeplugin.tolerations }}
+      tolerations:
+{{ toYaml .Values.nodeplugin.tolerations | indent 8 -}}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-http-service.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-http-service.yaml
new file mode 100644
index 000000000..68a3942e8
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-http-service.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.nodeplugin.httpMetrics.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.nodeplugin.httpMetrics.service.annotations }}
+  annotations:
+{{ toYaml .Values.nodeplugin.httpMetrics.service.annotations | indent 4 }}
+{{- end }}
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}-http-metrics
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.fullname" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.nodeplugin.httpMetrics.service.clusterIP }}
+  clusterIP: "{{ .Values.nodeplugin.httpMetrics.service.clusterIP }}"
+{{- end }}
+{{- if .Values.nodeplugin.httpMetrics.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.nodeplugin.httpMetrics.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.nodeplugin.httpMetrics.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.nodeplugin.httpMetrics.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.nodeplugin.httpMetrics.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.nodeplugin.httpMetrics.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: http-metrics
+      port: {{ .Values.nodeplugin.httpMetrics.service.servicePort }}
+      targetPort: {{ .Values.nodeplugin.httpMetrics.containerPort }}
+  selector:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+  type: "{{ .Values.nodeplugin.httpMetrics.service.type }}"
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-psp.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-psp.yaml
new file mode 100644
index 000000000..e4c01cd80
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-psp.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.nodeplugin.podSecurityPolicy.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+    - 'SYS_ADMIN'
+  fsGroup:
+    rule: RunAsAny
+  privileged: true
+  hostNetwork: true
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'hostPath'
+  allowedHostPaths:
+    - pathPrefix: '/dev'
+      readOnly: false
+    - pathPrefix: '/run/mount'
+      readOnly: false
+    - pathPrefix: '/sys'
+      readOnly: false
+    - pathPrefix: '/etc/selinux'
+      readOnly: true
+    - pathPrefix: '/lib/modules'
+      readOnly: true
+    - pathPrefix: '{{ .Values.cephLogDirHostPath }}'
+      readOnly: false
+    - pathPrefix: '{{ .Values.kubeletDir }}'
+      readOnly: false
+{{- end }}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-role.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-role.yaml
new file mode 100644
index 000000000..d9d5a0e7b
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-role.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.rbac.create .Values.nodeplugin.podSecurityPolicy.enabled -}}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs: ['use']
+    resourceNames: ['{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}']
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-rolebinding.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-rolebinding.yaml
new file mode 100644
index 000000000..f4cce98af
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.rbac.create .Values.nodeplugin.podSecurityPolicy.enabled -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-serviceaccount.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-serviceaccount.yaml
new file mode 100644
index 000000000..36e1ee745
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/nodeplugin-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccounts.nodeplugin.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrole.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrole.yaml
new file mode 100644
index 000000000..032705753
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrole.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "create", "update"]
+{{- if .Values.provisioner.attacher.enabled }}
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["patch"]
+{{- end }}
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get"]
+{{- if .Values.provisioner.resizer.enabled }}
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+{{- end }}
+{{- if .Values.topology.enabled }}
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list","watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+{{- end }}
+
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrolebinding.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrolebinding.yaml
new file mode 100644
index 000000000..5a086103a
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-deployment.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-deployment.yaml
new file mode 100644
index 000000000..5c20f545b
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-deployment.yaml
@@ -0,0 +1,278 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.provisioner.replicaCount }}
+  strategy:
+    type: {{ .Values.provisioner.strategy.type }}
+{{- if eq .Values.provisioner.strategy.type "RollingUpdate" }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.provisioner.strategy.rollingUpdate.maxUnavailable }}
+{{- end }}
+  selector:
+    matchLabels:
+      app: {{ include "ceph-csi-rbd.name" . }}
+      component: {{ .Values.provisioner.name }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "ceph-csi-rbd.name" . }}
+        chart: {{ include "ceph-csi-rbd.chart" . }}
+        component: {{ .Values.provisioner.name }}
+        release: {{ .Release.Name }}
+        heritage: {{ .Release.Service }}
+    spec:
+{{- if gt (int .Values.provisioner.replicaCount) 1 }}
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                      - {{ include "ceph-csi-rbd.name" . }}
+                  - key: component
+                    operator: In
+                    values:
+                      - {{ .Values.provisioner.name }}
+              topologyKey: "kubernetes.io/hostname"
+{{- end }}
+      serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+{{- if .Values.provisioner.priorityClassName }}
+      priorityClassName: {{ .Values.provisioner.priorityClassName }}
+{{- end }}
+      containers:
+        - name: csi-provisioner
+          image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}"
+          imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }}
+          args:
+            - "--csi-address=$(ADDRESS)"
+            - "--v={{ .Values.logLevel }}"
+            - "--timeout={{ .Values.provisioner.timeout }}"
+            - "--leader-election=true"
+            - "--retry-interval-start=500ms"
+            - "--default-fstype={{ .Values.provisioner.defaultFSType }}"
+            - "--extra-create-metadata=true"
+{{- if .Values.topology.enabled }}
+            - "--feature-gates=Topology=true"
+{{- end }}
+          env:
+            - name: ADDRESS
+              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+{{ toYaml .Values.provisioner.provisioner.resources | indent 12 }}
+{{- if .Values.provisioner.resizer.enabled }}
+        - name: csi-resizer
+          image: "{{ .Values.provisioner.resizer.image.repository }}:{{ .Values.provisioner.resizer.image.tag }}"
+          imagePullPolicy: {{ .Values.provisioner.resizer.image.pullPolicy }}
+          args:
+            - "--v={{ .Values.logLevel }}"
+            - "--csi-address=$(ADDRESS)"
+            - "--timeout={{ .Values.provisioner.timeout }}"
+            - "--leader-election"
+            - "--retry-interval-start=500ms"
+            - "--handle-volume-inuse-error=false"
+          env:
+            - name: ADDRESS
+              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+{{ toYaml .Values.provisioner.resizer.resources | indent 12 }}
+{{- end }}
+        - name: csi-snapshotter
+          image: {{ .Values.provisioner.snapshotter.image.repository }}:{{ .Values.provisioner.snapshotter.image.tag }}
+          imagePullPolicy: {{ .Values.provisioner.snapshotter.image.pullPolicy }}
+          args:
+            - "--csi-address=$(ADDRESS)"
+            - "--v={{ .Values.logLevel }}"
+            - "--timeout={{ .Values.provisioner.timeout }}"
+            - "--leader-election=true"
+          env:
+            - name: ADDRESS
+              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+{{ toYaml .Values.provisioner.snapshotter.resources | indent 12 }}
+{{- if .Values.provisioner.attacher.enabled }}
+        - name: csi-attacher
+          image: "{{ .Values.provisioner.attacher.image.repository }}:{{ .Values.provisioner.attacher.image.tag }}"
+          imagePullPolicy: {{ .Values.provisioner.attacher.image.pullPolicy }}
+          args:
+            - "--v={{ .Values.logLevel }}"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election=true"
+            - "--retry-interval-start=500ms"
+          env:
+            - name: ADDRESS
+              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+{{ toYaml .Values.provisioner.attacher.resources | indent 12 }}
+{{- end }}
+        - name: csi-rbdplugin
+          image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+          args:
+            - "--nodeid=$(NODE_ID)"
+            - "--type=rbd"
+            - "--controllerserver=true"
+            - "--pidlimit=-1"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--v={{ .Values.logLevel }}"
+            - "--drivername=$(DRIVER_NAME)"
+            - "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}"
+            - "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}"
+            - "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}"
+            - "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}"
+            {{- if .Values.provisioner.skipForceFlatten }}
+            - "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}"
+            {{- end }}
+            {{- if .Values.provisioner.profiling.enabled }}
+            - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}"
+            {{- end }}
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: DRIVER_NAME
+              value: {{ .Values.driverName }}
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - mountPath: /dev
+              name: host-dev
+            - mountPath: /sys
+              name: host-sys
+            - mountPath: /lib/modules
+              name: lib-modules
+              readOnly: true
+            - name: ceph-csi-config
+              mountPath: /etc/ceph-csi-config/
+            - name: ceph-config
+              mountPath: /etc/ceph/
+            - name: ceph-csi-encryption-kms-config
+              mountPath: /etc/ceph-csi-encryption-kms-config/
+            - name: keys-tmp-dir
+              mountPath: /tmp/csi/keys
+          resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- if .Values.provisioner.deployController }}
+        - name: csi-rbdplugin-controller
+          image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+          args:
+            - "--type=controller"
+            - "--v={{ .Values.logLevel }}"
+            - "--drivername=$(DRIVER_NAME)"
+            - "--drivernamespace=$(DRIVER_NAMESPACE)"
+          env:
+            - name: DRIVER_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: DRIVER_NAME
+              value: {{ .Values.driverName }}
+          volumeMounts:
+            - name: ceph-csi-config
+              mountPath: /etc/ceph-csi-config/
+            - name: keys-tmp-dir
+              mountPath: /tmp/csi/keys
+            - name: ceph-config
+              mountPath: /etc/ceph/
+          resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.enabled }}
+        - name: liveness-prometheus
+          image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+          args:
+            - "--type=liveness"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metricsport={{ .Values.provisioner.httpMetrics.containerPort }}"
+            - "--metricspath=/metrics"
+            - "--polltime=60s"
+            - "--timeout=3s"
+          env:
+            - name: CSI_ENDPOINT
+              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- end }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {
+            medium: "Memory"
+          }
+        - name: host-dev
+          hostPath:
+            path: /dev
+        - name: host-sys
+          hostPath:
+            path: /sys
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
+        - name: ceph-config
+          configMap:
+            name: ceph-config
+        - name: ceph-csi-config
+          configMap:
+            name: {{ .Values.configMapName | quote }}
+{{- if .Values.configMapKey }}
+            items:
+              - key: {{ .Values.configMapKey | quote }}
+                path: config.json
+{{- end }}
+        - name: ceph-csi-encryption-kms-config
+          configMap:
+            name: {{ .Values.kmsConfigMapName | quote }}
+        - name: keys-tmp-dir
+          emptyDir: {
+            medium: "Memory"
+          }
+{{- if .Values.provisioner.affinity }}
+      affinity:
+{{ toYaml .Values.provisioner.affinity | indent 8 -}}
+{{- end -}}
+{{- if .Values.provisioner.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.provisioner.nodeSelector | indent 8 -}}
+{{- end -}}
+{{- if .Values.provisioner.tolerations }}
+      tolerations:
+{{ toYaml .Values.provisioner.tolerations | indent 8 -}}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-http-service.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-http-service.yaml
new file mode 100644
index 000000000..0d4c925ec
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-http-service.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.provisioner.httpMetrics.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.provisioner.httpMetrics.service.annotations }}
+  annotations:
+{{ toYaml .Values.provisioner.httpMetrics.service.annotations | indent 4 }}
+{{- end }}
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}-http-metrics
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.fullname" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.provisioner.httpMetrics.service.clusterIP }}
+  clusterIP: "{{ .Values.provisioner.httpMetrics.service.clusterIP }}"
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.provisioner.httpMetrics.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.provisioner.httpMetrics.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.provisioner.httpMetrics.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: http-metrics
+      port: {{ .Values.provisioner.httpMetrics.service.servicePort }}
+      targetPort: {{ .Values.provisioner.httpMetrics.containerPort }}
+  selector:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+  type: "{{ .Values.provisioner.httpMetrics.service.type }}"
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-psp.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-psp.yaml
new file mode 100644
index 000000000..111226e14
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-psp.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.provisioner.podSecurityPolicy.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  fsGroup:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'hostPath'
+  allowedHostPaths:
+    - pathPrefix: '/dev'
+      readOnly: false
+    - pathPrefix: '/sys'
+      readOnly: false
+    - pathPrefix: '/lib/modules'
+      readOnly: true
+{{- end }}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-role.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-role.yaml
new file mode 100644
index 000000000..ae16fde62
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-role.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.rbac.create -}}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create","update", "delete"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+{{- if .Values.provisioner.podSecurityPolicy.enabled }}
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs: ['use']
+    resourceNames: ['{{ include "ceph-csi-rbd.provisioner.fullname" . }}']
+{{- end -}}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-rolebinding.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-rolebinding.yaml
new file mode 100644
index 000000000..23fa39fed
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-serviceaccount.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-serviceaccount.yaml
new file mode 100644
index 000000000..893b43a9c
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/provisioner-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccounts.provisioner.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/secret.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/secret.yaml
new file mode 100644
index 000000000..1553ceec7
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.secret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secret.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+stringData:
+  userID: {{ .Values.secret.userID }}
+  userKey: {{ .Values.secret.userKey }}
+
+  encryptionPassphrase: {{ .Values.secret.encryptionPassphrase }}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/templates/storageclass.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/templates/storageclass.yaml
new file mode 100644
index 000000000..88d12c1a4
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/templates/storageclass.yaml
@@ -0,0 +1,76 @@
+{{- if .Values.storageClass.create -}}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+   name: {{ .Values.storageClass.name }}
+   namespace: {{ .Release.Namespace }}
+   labels:
+     app: {{ include "ceph-csi-rbd.name" . }}
+     chart: {{ include "ceph-csi-rbd.chart" . }}
+     release: {{ .Release.Name }}
+     heritage: {{ .Release.Service }}
+provisioner: {{ .Values.driverName }}
+parameters:
+  clusterID: {{ .Values.storageClass.clusterID }}
+  pool: {{ .Values.storageClass.pool }}
+  imageFeatures: {{ .Values.storageClass.imageFeatures }}
+  thickProvision: {{ .Values.storageClass.thickProvision | quote}}
+{{- if .Values.storageClass.mounter }}
+  mounter: {{ .Values.storageClass.mounter }}
+{{- end }}
+{{- if .Values.storageClass.cephLogDir }}
+  cephLogDir: {{ .Values.storageClass.cephLogDir }}
+{{- end }}
+{{- if .Values.storageClass.cephLogStrategy }}
+  cephLogStrategy: {{ .Values.storageClass.cephLogStrategy }}
+{{- end }}
+{{- if .Values.storageClass.dataPool }}
+  dataPool: {{ .Values.storageClass.dataPool }}
+{{- end }}
+{{- if .Values.storageClass.volumeNamePrefix }}
+  volumeNamePrefix: "{{ .Values.storageClass.volumeNamePrefix }}"
+{{- end }}
+{{- if .Values.storageClass.encrypted }}
+  encrypted: "{{ .Values.storageClass.encrypted }}"
+{{- end }}
+{{- if .Values.storageClass.encryptionKMSID }}
+  encryptionKMSID: {{ .Values.storageClass.encryptionKMSID }}
+{{- end }}
+{{- if .Values.storageClass.topologyConstrainedPools }}
+  topologyConstrainedPools:
+  {{ toYaml .Values.storageClass.topologyConstrainedPools | indent 4 -}}
+{{- end }}
+{{- if .Values.storageClass.mapOptions }}
+  mapOptions: {{ .Values.storageClass.mapOptions }}
+{{- end }}
+{{- if .Values.storageClass.unmapOptions }}
+  unmapOptions: {{ .Values.storageClass.unmapOptions }}
+{{- end }}
+  csi.storage.k8s.io/provisioner-secret-name: {{ .Values.storageClass.provisionerSecret }}
+{{- if .Values.storageClass.provisionerSecretNamespace }}
+  csi.storage.k8s.io/provisioner-secret-namespace: {{ .Values.storageClass.provisionerSecretNamespace }}
+{{ else }}
+  csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }}
+{{- end }}
+  csi.storage.k8s.io/controller-expand-secret-name: {{ .Values.storageClass.controllerExpandSecret }}
+{{- if .Values.storageClass.controllerExpandSecretNamespace }}
+  csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Values.storageClass.controllerExpandSecretNamespace }}
+{{ else }}
+  csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Release.Namespace }}
+{{- end }}
+  csi.storage.k8s.io/node-stage-secret-name: {{ .Values.storageClass.nodeStageSecret }}
+{{- if .Values.storageClass.nodeStageSecretNamespace }}
+  csi.storage.k8s.io/node-stage-secret-namespace: {{ .Values.storageClass.nodeStageSecretNamespace }}
+{{ else }}
+  csi.storage.k8s.io/node-stage-secret-namespace: {{ .Release.Namespace }}
+{{- end }}
+  csi.storage.k8s.io/fstype: {{ .Values.storageClass.fstype }}
+reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
+allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
+{{- if .Values.storageClass.mountOptions }}
+mountOptions:
+  {{- range .Values.storageClass.mountOptions }}
+  - {{ . }}
+  {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/softiron/ceph-csi-rbd/1.3.1/values.yaml b/charts/softiron/ceph-csi-rbd/1.3.1/values.yaml
new file mode 100644
index 000000000..655fce1aa
--- /dev/null
+++ b/charts/softiron/ceph-csi-rbd/1.3.1/values.yaml
@@ -0,0 +1,432 @@
+---
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: true
+
+serviceAccounts:
+  nodeplugin:
+    # Specifies whether a ServiceAccount should be created
+    create: true
+    # The name of the ServiceAccount to use.
+    # If not set and create is true, a name is generated using the fullname
+    name:
+  provisioner:
+    # Specifies whether a ServiceAccount should be created
+    create: true
+    # The name of the ServiceAccount to use.
+    # If not set and create is true, a name is generated using the fullname
+    name:
+
+# Configuration for the CSI to connect to the cluster
+# Ref: https://github.com/ceph/ceph-csi/blob/devel/examples/README.md
+# Example:
+# csiConfig:
+#   - clusterID: "<cluster-id>"
+#     monitors:
+#       - "<MONValue1>"
+#       - "<MONValue2>"
+csiConfig: []
+
+# Configuration details of clusterID,PoolID and FscID mapping
+# csiMapping:
+#  - clusterIDMapping:
+#     clusterID on site1: clusterID on site2
+#    RBDPoolIDMapping:
+#    - poolID on site1: poolID on site2
+#    CephFSFscIDMapping:
+#    - CephFS FscID on site1: CephFS FscID on site2
+csiMapping: []
+
+# Configuration for the encryption KMS
+# Ref: https://github.com/ceph/ceph-csi/blob/devel/docs/deploy-rbd.md
+# Example:
+# encryptionKMSConfig:
+#   vault-unique-id-1:
+#     encryptionKMSType: vault
+#     vaultAddress: https://vault.example.com
+#     vaultAuthPath: /v1/auth/kubernetes/login
+#     vaultRole: csi-kubernetes
+#     vaultPassphraseRoot: /v1/secret
+#     vaultPassphrasePath: ceph-csi/
+#     vaultCAVerify: "false"
+encryptionKMSConfig: {}
+
+# Set logging level for csi containers.
+# Supported values from 0 to 5. 0 for general useful logs,
+# 5 for trace level verbosity.
+logLevel: 5
+
+nodeplugin:
+  name: nodeplugin
+  # set user created priorityclassName for csi plugin pods. default is
+  # system-node-critical which is high priority
+  priorityClassName: system-node-critical
+  # if you are using rbd-nbd client set this value to OnDelete
+  updateStrategy: RollingUpdate
+
+  httpMetrics:
+    # Metrics only available for cephcsi/cephcsi => 1.2.0
+    # Specifies whether http metrics should be exposed
+    enabled: true
+    # The port of the container to expose the metrics
+    containerPort: 8080
+
+    service:
+      # Specifies whether a service should be created for the metrics
+      enabled: true
+      # The port to use for the service
+      servicePort: 8080
+      type: ClusterIP
+
+      # Annotations for the service
+      # Example:
+      # annotations:
+      #   prometheus.io/scrape: "true"
+      #   prometheus.io/port: "8080"
+      annotations: {}
+
+      clusterIP: ""
+
+      ## List of IP addresses at which the stats-exporter service is available
+      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+      ##
+      externalIPs: []
+
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+
+  profiling:
+    # enable profiling to check for memory leaks
+    enabled: false
+
+  registrar:
+    image:
+      repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
+      tag: v2.3.0
+      pullPolicy: IfNotPresent
+    resources: {}
+
+  plugin:
+    image:
+      repository: quay.io/cephcsi/cephcsi
+      tag: canary
+      pullPolicy: IfNotPresent
+    resources: {}
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  # If true, create & use Pod Security Policy resources
+  # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+  podSecurityPolicy:
+    enabled: false
+
+provisioner:
+  name: provisioner
+  replicaCount: 3
+  strategy:
+    # RollingUpdate strategy replaces old pods with new ones gradually,
+    # without incurring downtime.
+    type: RollingUpdate
+    rollingUpdate:
+      # maxUnavailable is the maximum number of pods that can be
+      # unavailable during the update process.
+      maxUnavailable: 50%
+  # if fstype is not specified in storageclass, ext4 is default
+  defaultFSType: ext4
+  # deployController to enable or disable the deployment of controller which
+  # generates the OMAP data if its not Present.
+  deployController: true
+  # Timeout for waiting for creation or deletion of a volume
+  timeout: 60s
+  # Hard limit for maximum number of nested volume clones that are taken before
+  # a flatten occurs
+  hardMaxCloneDepth: 8
+  # Soft limit for maximum number of nested volume clones that are taken before
+  # a flatten occurs
+  softMaxCloneDepth: 4
+  # Maximum number of snapshots allowed on rbd image without flattening
+  maxSnapshotsOnImage: 450
+  # Minimum number of snapshots allowed on rbd image to trigger flattening
+  minSnapshotsOnImage: 250
+  # skip image flattening if kernel support mapping of rbd images
+  # which has the deep-flatten feature
+  # skipForceFlatten: false
+
+  # set user created priorityclassName for csi provisioner pods. default is
+  # system-cluster-critical which is less priority than system-node-critical
+  priorityClassName: system-cluster-critical
+
+  httpMetrics:
+    # Metrics only available for cephcsi/cephcsi => 1.2.0
+    # Specifies whether http metrics should be exposed
+    enabled: true
+    # The port of the container to expose the metrics
+    containerPort: 8080
+
+    service:
+      # Specifies whether a service should be created for the metrics
+      enabled: true
+      # The port to use for the service
+      servicePort: 8080
+      type: ClusterIP
+
+      # Annotations for the service
+      # Example:
+      # annotations:
+      #   prometheus.io/scrape: "true"
+      #   prometheus.io/port: "8080"
+      annotations: {}
+
+      clusterIP: ""
+
+      ## List of IP addresses at which the stats-exporter service is available
+      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+      ##
+      externalIPs: []
+
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+
+  profiling:
+    # enable profiling to check for memory leaks
+    enabled: false
+
+  provisioner:
+    image:
+      repository: k8s.gcr.io/sig-storage/csi-provisioner
+      tag: v3.0.0
+      pullPolicy: IfNotPresent
+    resources: {}
+
+  attacher:
+    name: attacher
+    enabled: true
+    image:
+      repository: k8s.gcr.io/sig-storage/csi-attacher
+      tag: v3.3.0
+      pullPolicy: IfNotPresent
+    resources: {}
+
+  resizer:
+    name: resizer
+    enabled: true
+    image:
+      repository: k8s.gcr.io/sig-storage/csi-resizer
+      tag: v1.3.0
+      pullPolicy: IfNotPresent
+    resources: {}
+
+  snapshotter:
+    image:
+      repository: k8s.gcr.io/sig-storage/csi-snapshotter
+      tag: v4.2.0
+      pullPolicy: IfNotPresent
+    resources: {}
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  # If true, create & use Pod Security Policy resources
+  # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+  podSecurityPolicy:
+    enabled: false
+
+topology:
+  # Specifies whether topology based provisioning support should
+  # be exposed by CSI
+  enabled: false
+  # domainLabels define which node labels to use as domains
+  # for CSI nodeplugins to advertise their domains
+  # NOTE: the value here serves as an example and needs to be
+  # updated with node labels that define domains of interest
+  domainLabels:
+    - failure-domain/region
+    - failure-domain/zone
+
+storageClass:
+  # Specifies whether the storageclass should be created
+  create: false
+  name: csi-rbd-sc
+  # (required) String representing a Ceph cluster to provision storage from.
+  # Should be unique across all Ceph clusters in use for provisioning,
+  # cannot be greater than 36 bytes in length, and should remain immutable for
+  # the lifetime of the StorageClass in use.
+  clusterID: <cluster-ID>
+
+  # (optional) If you want to use erasure coded pool with RBD, you need to
+  # create two pools. one erasure coded and one replicated.
+  # You need to specify the replicated pool here in the `pool` parameter, it is
+  # used for the metadata of the images.
+  # The erasure coded pool must be set as the `dataPool` parameter below.
+  # dataPool: <ec-data-pool>
+  dataPool: ""
+
+  # (required) Ceph pool into which the RBD image shall be created
+  # eg: pool: replicapool
+  pool: replicapool
+
+  # Set thickProvision to true if you want RBD images to be fully allocated on
+  # creation (thin provisioning is the default).
+  thickProvision: false
+
+  # (required) RBD image features, CSI creates image with image-format 2
+  # CSI RBD currently supports `layering`, `journaling`, `exclusive-lock`
+  # features. If `journaling` is enabled, must enable `exclusive-lock` too.
+  # imageFeatures: layering,journaling,exclusive-lock
+  imageFeatures: layering
+
+  # (optional) uncomment the following to use rbd-nbd as mounter
+  # on supported nodes
+  # mounter: rbd-nbd
+  mounter: ""
+
+  # (optional) ceph client log location, eg: rbd-nbd
+  # By default host-path /var/log/ceph of node is bind-mounted into
+  # csi-rbdplugin pod at /var/log/ceph mount path. This is to configure
+  # target bindmount path used inside container for ceph clients logging.
+  # See docs/rbd-nbd.md for available configuration options.
+  # cephLogDir: /var/log/ceph
+  cephLogDir: ""
+
+  # (optional) ceph client log strategy
+  # By default, log file belonging to a particular volume will be deleted
+  # on unmap, but you can choose to just compress instead of deleting it
+  # or even preserve the log file in text format as it is.
+  # Available options `remove` or `compress` or `preserve`
+  # cephLogStrategy: remove
+  cephLogStrategy: ""
+
+  # (optional) Prefix to use for naming RBD images.
+  # If omitted, defaults to "csi-vol-".
+  # volumeNamePrefix: "foo-bar-"
+  volumeNamePrefix: ""
+
+  # (optional) Instruct the plugin it has to encrypt the volume
+  # By default it is disabled. Valid values are "true" or "false".
+  # A string is expected here, i.e. "true", not true.
+  # encrypted: "true"
+  encrypted: ""
+
+  # (optional) Use external key management system for encryption passphrases by
+  # specifying a unique ID matching KMS ConfigMap. The ID is only used for
+  # correlation to configmap entry.
+  encryptionKMSID: ""
+
+  # Add topology constrained pools configuration, if topology based pools
+  # are setup, and topology constrained provisioning is required.
+  # For further information read TODO<doc>
+  # topologyConstrainedPools: |
+  #   [{"poolName":"pool0",
+  #     "dataPool":"ec-pool0" # optional, erasure-coded pool for data
+  #     "domainSegments":[
+  #       {"domainLabel":"region","value":"east"},
+  #       {"domainLabel":"zone","value":"zone1"}]},
+  #    {"poolName":"pool1",
+  #     "dataPool":"ec-pool1" # optional, erasure-coded pool for data
+  #     "domainSegments":[
+  #       {"domainLabel":"region","value":"east"},
+  #       {"domainLabel":"zone","value":"zone2"}]},
+  #    {"poolName":"pool2",
+  #     "dataPool":"ec-pool2" # optional, erasure-coded pool for data
+  #     "domainSegments":[
+  #       {"domainLabel":"region","value":"west"},
+  #       {"domainLabel":"zone","value":"zone1"}]}
+  #   ]
+  topologyConstrainedPools: []
+
+  # (optional) mapOptions is a comma-separated list of map options.
+  # For krbd options refer
+  # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
+  # For nbd options refer
+  # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
+  mapOptions: ""
+
+  # (optional) unmapOptions is a comma-separated list of unmap options.
+  # For krbd options refer
+  # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
+  # For nbd options refer
+  # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
+  unmapOptions: ""
+
+  # The secrets have to contain Ceph credentials with required access
+  # to the 'pool'.
+  provisionerSecret: csi-rbd-secret
+  # If Namespaces are left empty, the secrets are assumed to be in the
+  # Release namespace.
+  provisionerSecretNamespace: ""
+  controllerExpandSecret: csi-rbd-secret
+  controllerExpandSecretNamespace: ""
+  nodeStageSecret: csi-rbd-secret
+  nodeStageSecretNamespace: ""
+  # Specify the filesystem type of the volume. If not specified,
+  # csi-provisioner will set default as `ext4`.
+  fstype: ext4
+  reclaimPolicy: Delete
+  allowVolumeExpansion: true
+  mountOptions: []
+  # Mount Options
+  # Example:
+  # mountOptions:
+  #   - discard
+
+secret:
+  # Specifies whether the secret should be created
+  create: false
+  name: csi-rbd-secret
+  # Key values correspond to a user name and its key, as defined in the
+  # ceph cluster. User ID should have required access to the 'pool'
+  # specified in the storage class
+  userID: <plaintext ID>
+  userKey: <Ceph auth key corresponding to userID above>
+  # Encryption passphrase
+  encryptionPassphrase: test_passphrase
+
+# This is a sample configmap that helps define a Ceph configuration as required
+# by the CSI plugins.
+# Sample ceph.conf available at
+# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed
+# documentation is available at
+# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/
+cephconf: |
+  [global]
+    auth_cluster_required = cephx
+    auth_service_required = cephx
+    auth_client_required = cephx
+
+    # Workaround for http://tracker.ceph.com/issues/23446
+    fuse_set_user_groups = false
+
+    # ceph-fuse which uses libfuse2 by default has write buffer size of 2KiB
+    # adding 'fuse_big_writes = true' option by default to override this limit
+    # see https://github.com/ceph/ceph-csi/issues/1928
+    fuse_big_writes = true
+
+#########################################################
+# Variables for 'internal' use please use with caution! #
+#########################################################
+
+# The filename of the provisioner socket
+provisionerSocketFile: csi-provisioner.sock
+# The filename of the plugin socket
+pluginSocketFile: csi.sock
+# kubelet working directory,can be set using `--root-dir` when starting kubelet.
+kubeletDir: /var/lib/kubelet
+# Host path location for ceph client processes logging, ex: rbd-nbd
+cephLogDirHostPath: /var/log/ceph
+# Name of the csi-driver
+driverName: rbd.csi.ceph.com
+# Name of the configmap used for state
+configMapName: ceph-csi-config
+# Key to use in the Configmap if not config.json
+# configMapKey:
+# Use an externally provided configmap
+externallyManagedConfigmap: false
+# Name of the configmap used for encryption kms configuration
+kmsConfigMapName: ceph-csi-encryption-kms-config
diff --git a/index.yaml b/index.yaml
index 68008a848..60d3e07a9 100755
--- a/index.yaml
+++ b/index.yaml
@@ -290,6 +290,31 @@ entries:
     urls:
     - assets/aws-event-sources/aws-event-sources-0.1.901.tgz
     version: 0.1.901
+  ceph-csi-rbd:
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: SoftIron Ceph RBD
+      catalog.cattle.io/release-name: ceph-csi-rbd
+    apiVersion: v1
+    appVersion: canary
+    created: "2021-12-15T07:55:17.202211116-05:00"
+    description: CSI RBD Driver for SoftIron HyperDrive
+    digest: b2b196a93aa7cd4d88a7a21c2cb993f77ccfe515f21c1c09e1f22b4dc6e50df7
+    home: https://github.com/softiron/ceph-csi
+    icon: https://cdn.softiron.com/helm/assets/icon.png
+    keywords:
+    - ceph
+    - rbd
+    - ceph-csi
+    - softiron
+    - hyperdrive
+    kubeVersion: 1.18 - 1.22
+    name: ceph-csi-rbd
+    sources:
+    - https://github.com/softiron/ceph-csi/tree/rancher-softiron/charts/ceph-csi-rbd
+    urls:
+    - assets/softiron/ceph-csi-rbd-1.3.1.tgz
+    version: 1.3.1
   citrix-adc-istio-ingress-gateway:
   - annotations:
       catalog.cattle.io/certified: partner