From e0114eca1ef66d1c7a347e2bd1f07297518381e5 Mon Sep 17 00:00:00 2001
From: Nefi Munoz <nmunoz@suse.com>
Date: Mon, 6 Nov 2023 11:21:05 -0700
Subject: [PATCH] Removing dkube, tetrate, and upbound per Issues #923, #925,
 #929

---
 assets/dkube/dkube-deployer-1.0.601.tgz       |  Bin 9790 -> 0 bytes
 assets/dkube/dkube-deployer-1.0.602.tgz       |  Bin 10170 -> 0 bytes
 assets/tetrate-istio/istiod-tid-1.12.600.tgz  |  Bin 82063 -> 0 bytes
 .../universal-crossplane-1.2.200100.tgz       |  Bin 11597 -> 0 bytes
 .../universal-crossplane-1.2.300200.tgz       |  Bin 11573 -> 0 bytes
 .../universal-crossplane-1.3.100101.tgz       |  Bin 11431 -> 0 bytes
 .../universal-crossplane-1.3.300101.tgz       |  Bin 11623 -> 0 bytes
 .../universal-crossplane-1.4.300101.tgz       |  Bin 11617 -> 0 bytes
 .../universal-crossplane-1.4.400101.tgz       |  Bin 11618 -> 0 bytes
 .../universal-crossplane-1.5.100101.tgz       |  Bin 11619 -> 0 bytes
 .../universal-crossplane-1.5.200101.tgz       |  Bin 11619 -> 0 bytes
 .../universal-crossplane-1.6.100101.tgz       |  Bin 11962 -> 0 bytes
 charts/dkube/dkube-deployer/Chart.yaml        |   19 -
 charts/dkube/dkube-deployer/app-readme.md     |   30 -
 charts/dkube/dkube-deployer/questions.yaml    |  326 -
 .../dkube/dkube-deployer/templates/NOTES.txt  |    7 -
 .../dkube-deployer/templates/_helpers.tpl     |   53 -
 .../dkube-deployer/templates/config-map.yaml  |  167 -
 .../templates/hooks/uninstall.yaml            |   47 -
 .../templates/hooks/upgrade.yaml              |   67 -
 .../dkube-deployer/templates/install.yaml     |   41 -
 .../dkube-deployer/templates/secrets.yaml     |   10 -
 .../templates/serviceaccount.yaml             |  136 -
 .../dkube/dkube-deployer/values.schema.json   |  205 -
 charts/dkube/dkube-deployer/values.yaml       |  182 -
 charts/tetrate-istio/istiod-tid/Chart.yaml    |   27 -
 charts/tetrate-istio/istiod-tid/app-readme.md |    9 -
 .../istiod-tid/charts/tid-base/Chart.yaml     |    8 -
 .../charts/tid-base/crds/crd-all.gen.yaml     | 5941 ----------------
 .../charts/tid-base/crds/crd-operator.yaml    |   48 -
 .../tid-base/files/gen-istio-cluster.yaml     | 6301 -----------------
 .../charts/tid-base/kustomization.yaml        |    5 -
 .../charts/tid-base/templates/NOTES.txt       |    5 -
 .../tid-base/templates/clusterrole.yaml       |  178 -
 .../templates/clusterrolebinding.yaml         |   37 -
 .../charts/tid-base/templates/crds.yaml       |    4 -
 .../charts/tid-base/templates/default.yaml    |   43 -
 .../charts/tid-base/templates/endpoints.yaml  |   30 -
 .../templates/reader-serviceaccount.yaml      |   16 -
 .../charts/tid-base/templates/role.yaml       |   25 -
 .../tid-base/templates/rolebinding.yaml       |   21 -
 .../tid-base/templates/serviceaccount.yaml    |   19 -
 .../charts/tid-base/templates/services.yaml   |   37 -
 .../istiod-tid/charts/tid-base/values.yaml    |   29 -
 .../files/gateway-injection-template.yaml     |  215 -
 .../istiod-tid/files/gen-istio.yaml           | 2544 -------
 .../istiod-tid/files/grpc-agent.yaml          |  233 -
 .../istiod-tid/files/grpc-simple.yaml         |   64 -
 .../istiod-tid/files/injection-template.yaml  |  491 --
 .../istiod-tid/kustomization.yaml             |    5 -
 .../tetrate-istio/istiod-tid/questions.yaml   |   12 -
 .../istiod-tid/templates/NOTES.txt            |   21 -
 .../istiod-tid/templates/autoscale.yaml       |   26 -
 .../istiod-tid/templates/clusterrole.yaml     |  134 -
 .../templates/clusterrolebinding.yaml         |   33 -
 .../istiod-tid/templates/configmap-jwks.yaml  |   14 -
 .../istiod-tid/templates/configmap.yaml       |  100 -
 .../istiod-tid/templates/deployment.yaml      |  219 -
 .../templates/istiod-injector-configmap.yaml  |   67 -
 .../istiod-tid/templates/mutatingwebhook.yaml |  144 -
 .../templates/poddisruptionbudget.yaml        |   25 -
 .../templates/reader-clusterrole.yaml         |   54 -
 .../templates/reader-clusterrolebinding.yaml  |   15 -
 .../istiod-tid/templates/revision-tags.yaml   |  130 -
 .../istiod-tid/templates/role.yaml            |   20 -
 .../istiod-tid/templates/rolebinding.yaml     |   16 -
 .../istiod-tid/templates/service.yaml         |   41 -
 .../istiod-tid/templates/serviceaccount.yaml  |   15 -
 .../templates/telemetryv2_1.10.yaml           |  601 --
 .../templates/telemetryv2_1.11.yaml           |  601 --
 .../templates/telemetryv2_1.12.yaml           |  601 --
 .../validatingwebhookconfiguration.yaml       |   56 -
 charts/tetrate-istio/istiod-tid/values.yaml   |  536 --
 .../universal-crossplane/Chart.yaml           |   40 -
 .../universal-crossplane/app-readme.md        |   36 -
 .../universal-crossplane/questions.yaml       |  184 -
 .../universal-crossplane/templates/NOTES.txt  |   15 -
 .../templates/_helpers.tpl                    |   21 -
 .../templates/bootstrapper/_helpers.tpl       |   21 -
 .../templates/bootstrapper/clusterrole.yaml   |   26 -
 .../bootstrapper/clusterrolebinding.yaml      |   14 -
 .../templates/bootstrapper/deployment.yaml    |   64 -
 .../templates/bootstrapper/role.yaml          |   28 -
 .../templates/bootstrapper/rolebinding.yaml   |   14 -
 .../bootstrapper/secret-entitlement.yaml      |    9 -
 .../bootstrapper/serviceaccount.yaml          |   10 -
 .../bootstrapper/uxp-ca-tls-secret.yaml       |    7 -
 .../bootstrapper/versions-configmap.yaml      |   11 -
 .../templates/crossplane/NOTES.txt            |    8 -
 .../templates/crossplane/_helpers.tpl         |   32 -
 .../templates/crossplane/clusterrole.yaml     |   89 -
 .../crossplane/clusterrolebinding.yaml        |   15 -
 .../templates/crossplane/deployment.yaml      |  122 -
 ...-manager-allowed-provider-permissions.yaml |   14 -
 .../crossplane/rbac-manager-clusterrole.yaml  |   92 -
 .../rbac-manager-clusterrolebinding.yaml      |   17 -
 .../crossplane/rbac-manager-deployment.yaml   |   87 -
 .../rbac-manager-managed-clusterroles.yaml    |  260 -
 .../rbac-manager-serviceaccount.yaml          |   15 -
 .../templates/crossplane/serviceaccount.yaml  |   16 -
 .../upbound-agent/_deployment-spec.tpl        |   87 -
 .../templates/upbound-agent/_helpers.tpl      |   22 -
 .../templates/upbound-agent/clusterrole.yaml  |   40 -
 .../clusterrolebindings-managed.yaml          |   34 -
 .../upbound-agent/clusterrolebindings.yaml    |   31 -
 .../upbound-agent/clusterroles-managed.yaml   |   66 -
 .../control-plane-token-secret.yaml           |   11 -
 .../templates/upbound-agent/role.yaml         |   66 -
 .../templates/upbound-agent/service.yaml      |   16 -
 .../upbound-agent/serviceaccount.yaml         |    8 -
 .../templates/upbound-agent/tls-secret.yaml   |    9 -
 .../templates/xgql/_helpers.tpl               |   22 -
 .../templates/xgql/deployment.yaml            |   63 -
 .../templates/xgql/service.yaml               |   14 -
 .../templates/xgql/serviceaccount.yaml        |    6 -
 .../templates/xgql/tls-secret.yaml            |    7 -
 .../universal-crossplane/values.yaml          |  196 -
 .../universal-crossplane/values.yaml.tmpl     |  196 -
 index.yaml                                    |  481 --
 .../generated-changes/overlay/app-readme.md   |   30 -
 .../generated-changes/overlay/questions.yaml  |  326 -
 .../generated-changes/patch/Chart.yaml.patch  |   40 -
 .../patch/values.schema.json.patch            |   12 -
 .../generated-changes/patch/values.yaml.patch |   45 -
 packages/dkube/package.yaml                   |    5 -
 .../generated-changes/exclude/README.md       |   59 -
 .../generated-changes/overlay/app-readme.md   |    9 -
 .../overlay/charts/tid-base/Chart.yaml        |    8 -
 .../charts/tid-base/crds/crd-all.gen.yaml     | 5941 ----------------
 .../charts/tid-base/crds/crd-operator.yaml    |   48 -
 .../tid-base/files/gen-istio-cluster.yaml     | 6301 -----------------
 .../charts/tid-base/kustomization.yaml        |    5 -
 .../charts/tid-base/templates/NOTES.txt       |    5 -
 .../tid-base/templates/clusterrole.yaml       |  178 -
 .../templates/clusterrolebinding.yaml         |   37 -
 .../charts/tid-base/templates/crds.yaml       |    4 -
 .../charts/tid-base/templates/default.yaml    |   43 -
 .../charts/tid-base/templates/endpoints.yaml  |   30 -
 .../templates/reader-serviceaccount.yaml      |   16 -
 .../charts/tid-base/templates/role.yaml       |   25 -
 .../tid-base/templates/rolebinding.yaml       |   21 -
 .../tid-base/templates/serviceaccount.yaml    |   19 -
 .../charts/tid-base/templates/services.yaml   |   37 -
 .../overlay/charts/tid-base/values.yaml       |   29 -
 .../generated-changes/overlay/questions.yaml  |   12 -
 .../generated-changes/patch/Chart.yaml.patch  |   38 -
 .../generated-changes/patch/values.yaml.patch |   14 -
 packages/tetrate-istio/package.yaml           |    2 -
 .../generated-changes/overlay/app-readme.md   |   36 -
 .../generated-changes/overlay/questions.yaml  |  184 -
 .../generated-changes/patch/Chart.yaml.patch  |   24 -
 packages/universal-crossplane/package.yaml    |    2 -
 152 files changed, 37333 deletions(-)
 delete mode 100644 assets/dkube/dkube-deployer-1.0.601.tgz
 delete mode 100644 assets/dkube/dkube-deployer-1.0.602.tgz
 delete mode 100644 assets/tetrate-istio/istiod-tid-1.12.600.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.2.200100.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.2.300200.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.3.100101.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.3.300101.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.4.300101.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.4.400101.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.5.100101.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.5.200101.tgz
 delete mode 100644 assets/universal-crossplane/universal-crossplane-1.6.100101.tgz
 delete mode 100644 charts/dkube/dkube-deployer/Chart.yaml
 delete mode 100644 charts/dkube/dkube-deployer/app-readme.md
 delete mode 100644 charts/dkube/dkube-deployer/questions.yaml
 delete mode 100644 charts/dkube/dkube-deployer/templates/NOTES.txt
 delete mode 100644 charts/dkube/dkube-deployer/templates/_helpers.tpl
 delete mode 100644 charts/dkube/dkube-deployer/templates/config-map.yaml
 delete mode 100644 charts/dkube/dkube-deployer/templates/hooks/uninstall.yaml
 delete mode 100644 charts/dkube/dkube-deployer/templates/hooks/upgrade.yaml
 delete mode 100644 charts/dkube/dkube-deployer/templates/install.yaml
 delete mode 100644 charts/dkube/dkube-deployer/templates/secrets.yaml
 delete mode 100644 charts/dkube/dkube-deployer/templates/serviceaccount.yaml
 delete mode 100644 charts/dkube/dkube-deployer/values.schema.json
 delete mode 100644 charts/dkube/dkube-deployer/values.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/Chart.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/app-readme.md
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/Chart.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-all.gen.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-operator.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/files/gen-istio-cluster.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/kustomization.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/NOTES.txt
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrole.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrolebinding.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/crds.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/default.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/endpoints.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/reader-serviceaccount.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/role.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/rolebinding.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/serviceaccount.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/templates/services.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/charts/tid-base/values.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/files/gateway-injection-template.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/files/gen-istio.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/files/grpc-agent.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/files/grpc-simple.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/files/injection-template.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/kustomization.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/questions.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/NOTES.txt
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/autoscale.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/clusterrole.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/clusterrolebinding.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/configmap-jwks.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/configmap.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/deployment.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/istiod-injector-configmap.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/mutatingwebhook.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/poddisruptionbudget.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/reader-clusterrole.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/reader-clusterrolebinding.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/revision-tags.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/role.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/rolebinding.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/service.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/serviceaccount.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.10.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.11.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.12.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/templates/validatingwebhookconfiguration.yaml
 delete mode 100644 charts/tetrate-istio/istiod-tid/values.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/Chart.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/app-readme.md
 delete mode 100644 charts/universal-crossplane/universal-crossplane/questions.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/NOTES.txt
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/_helpers.tpl
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/_helpers.tpl
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrole.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrolebinding.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/deployment.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/role.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/rolebinding.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/secret-entitlement.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/serviceaccount.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/uxp-ca-tls-secret.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/bootstrapper/versions-configmap.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/NOTES.txt
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/_helpers.tpl
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrole.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrolebinding.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/deployment.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrole.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrolebinding.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-deployment.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-managed-clusterroles.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-serviceaccount.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/crossplane/serviceaccount.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_deployment-spec.tpl
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_helpers.tpl
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrole.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings-managed.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterroles-managed.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/control-plane-token-secret.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/role.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/service.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/serviceaccount.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/upbound-agent/tls-secret.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/xgql/_helpers.tpl
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/xgql/deployment.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/xgql/service.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/xgql/serviceaccount.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/templates/xgql/tls-secret.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/values.yaml
 delete mode 100644 charts/universal-crossplane/universal-crossplane/values.yaml.tmpl
 delete mode 100644 packages/dkube/generated-changes/overlay/app-readme.md
 delete mode 100644 packages/dkube/generated-changes/overlay/questions.yaml
 delete mode 100644 packages/dkube/generated-changes/patch/Chart.yaml.patch
 delete mode 100644 packages/dkube/generated-changes/patch/values.schema.json.patch
 delete mode 100644 packages/dkube/generated-changes/patch/values.yaml.patch
 delete mode 100644 packages/dkube/package.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/exclude/README.md
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/app-readme.md
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/Chart.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-all.gen.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-operator.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/files/gen-istio-cluster.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/kustomization.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/NOTES.txt
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrole.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrolebinding.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/crds.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/default.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/endpoints.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/reader-serviceaccount.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/role.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/rolebinding.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/serviceaccount.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/services.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/charts/tid-base/values.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/overlay/questions.yaml
 delete mode 100644 packages/tetrate-istio/generated-changes/patch/Chart.yaml.patch
 delete mode 100644 packages/tetrate-istio/generated-changes/patch/values.yaml.patch
 delete mode 100644 packages/tetrate-istio/package.yaml
 delete mode 100644 packages/universal-crossplane/generated-changes/overlay/app-readme.md
 delete mode 100644 packages/universal-crossplane/generated-changes/overlay/questions.yaml
 delete mode 100644 packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch
 delete mode 100644 packages/universal-crossplane/package.yaml

diff --git a/assets/dkube/dkube-deployer-1.0.601.tgz b/assets/dkube/dkube-deployer-1.0.601.tgz
deleted file mode 100644
index eb60aa6d6bde00422cd6e01b973088464db1f158..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9790
zcmV-ECc)VsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDHd)qd$=>8i16*zLYX?sk{uQ*+8v-c>rlIX;?d?h=%`(=Cl
zK_n!hA^{cv?Wn2m-+n*5NRXl)erDTi{$NWKFqjz(1_NMb5KXfo@*|YSbcR^-U;>#4
zW-y8Wa(~a(*4Ebk-k$ouwY63Kzx8r!=P%oPJG*;(FJ5l%?fzwJdvAMt=PzLE9&uRs
zWL!Y@m#sUuRVD5Z@<2kUfC5v(TOI%*6fmaaAcR81D8RHCA|~(%qo@T^$OJ*GwpfID
z8pD}SV1ioUP)b#8Ifh~cIWpyx^m#DF9}wf1k`}n!@nD+fUw4C@U@O@6BE&<6Q=wkA
z!TW587(oJYe+W5>!0}Np<sglr7*Uo0{gM(uQ$zq4kVKG0T-6)J^a?-{c>o+A$uHi7
zN?ayFq`cK^Dx3mLJsir$?CYzmtHA!$#L2iB(=oju=qgCb*qfr+6=e}`c|Mrt$a%g-
z%=7b>Js-5Yo-C5n*w_wswi=$pk$gOQVwR#7fN2`zQ1y~`X{&7qTfzR;ws*JwuZ;go
z7-xvzvjSK?{<rsbUhG%L|L*?w)A)akX9Ju~5IB_L2|DLTZGbs|mk`Hr7$X2h3rNAI
z1cj7bA~r@OL_tWCrYzj-5#%2fKlt)xkVYeK1H7IA7=|bnn2dp#U=Cs&BEk`XV}?+I
zhyXL10T@mRy^2vZMnFuUc`1tkL4lYcAP`Hq9I+szB*IEp1)fG66E0vJtDym|a2x|l
z;u%O84H1d}9w`VpVG1D>f#D29XoQKz%@k0w4<HAP8RCt=lP_DK(eS(t&`S}6g0klv
z9MKTQV1UO2bO|^_0^(TVbIuWygBXNLse&N_Tz-XI6Gle>I?4gavOI+$dagf97$@=_
zi18F@O|S_PO0b{|lkujitkoAofFUjz4h4z=FEdRmbW_N=R7Mte1qc|uQRt6`(XFb?
z!Guzd03}GGscJOGQ`Dr>sEMY$Nd)=a6p;LuDI_F=FL8vJXFs$+L)B8y-cSZ65NNF;
zdwLU0f8-#HGcFJVNyY`3z)J)YOu#PS;RHpQmN-Hq#Jve@ff0;3lF&Zl)NlhtP(To6
zk{e)x;za6qraRwALNg=gQ!q!?4DlwR-W5)f1Z4ShMr~z@4^CignU(Xx+W>7VJ6c7y
zEHqQ41sa4_!9mRYF-%igYki0ivoTByfQK}kA_f>5V=mYXj3_e$)|GzG{w}9+08}R=
za{Su&%})%a^k?;}k(Ee6mJ=EcBi8Ut%>zmV#KdjW3YaQUlD5TltQ@KmWuc^MCWo=c
zl?%$?80jw>+}SKuU1olAemSL_V<{<?YZ2ztO^{x00v>JxGUA&cMCrt-@`lDSy^=Dc
z$IY)9W+(z9jN*tZc7~KO#8atW$k;Xt<mBss0RZ^7d&)otXT5&=ZRg_bpQj!9z2EuY
z=iPqi@ZwFkb96X(fEFc-fb+;frW9%l#iU#`y#%Evm2%4kBH{y$v!ucg9+pcR&K<;%
z^KwZt;-!*g#0Q97BBt;lBYrxEitI(Viu``8wV{~~P&yf)kReg(Y$<}u$OJpVPOu$p
z@2Ju-6v}p8(ZU-XBR=B-C3zbsR#E4*wOQ7Xd^ICL!&GyFWU911<-}q|Npd_dCkwPd
zqj?Eg(<;pZ#tDs(nnvhoF^HOR&^|xwHGd+e_CK7W@)zKPW2m&R>U=d-4iN|^lp~_X
zfNckl!29#por}|c??d;n(|;8iW4@4`V&EH;4Z4M}fXlM9RK;i!1dBu{B?#miM;AJV
zQv`U%5Qt_3COFj7kkqS)$@!gSL`~_E9G7)9&|FEKL*~r@a4noT_2wkDuDI&+?+OHE
z>*^i)jJe?7yHHMb_m^Pwq}3wPMxTXLuCbQQAsSJovdZ%8R6L+b0s%)UWKhl}-BT|4
zsA?P2p%{to2)aKEWHDYIhQ-KSvzZa2$+AXHoB^RL<ipe{)d|LC1vM%YT@306z$drk
zz|{mXgCFL0c1BSZLq_S;FU?UUEmK9YOAKZQ<!LQ{Ki8l{gn)PLSAu0)(U;~N%z?B|
zF#+E-$cQ&KK|_LQeD9S6i;VC%GuD-oWyvP&Hd?~})X{1&9yTSF^{g(zSjp-`Ie96C
zIA3?(Jm?C*Cp3#Asofx8@Jd!oppb(@>g#G}@Mu^fLpE3RKulpYgfS!`Vs-XOWUb-P
zGo><ch&Dl5R?W)lkZLofOz5e|f$FMs&4Y}iQVFS%WizM7)Rz4>o}wVHDVH@$i`hm>
zY=16=;5qQ+a>^Q}$4J2V=ruU1N90%<=p#8r9KF8y&^^64?e&h-Vv1!2vl9s<9=1S3
znd<X>eb7DZ1G~MX)?d;NLs6hPzx}tJV0-^Zxe96S>^YS`z!*n*A%{m6=c5uwco~&T
zoSsq|7yXvd2*pPKIsJA<0U~Oh;TDi1L2vDV@6?EC>cvN)wRNQ^UzEsqhp*f1K}ja4
zT%f8!g9>#bR~kdvtx|f+Q|Sg6WU1^g6oF*Me~mW*|25V#&vyyuzsBFY(wd}VrYG(c
zhtn*TOIVo2LRJFN&>j9*Oe$?zG^)yFFe3tfMjU9>1&JItBdR+}iVROth(|LJagy(a
zjVVjirXLM?Go*x|P%iT?1icUwbYa^HCL)Oo3^*woKj<DD*7l1)Q$Yy`ap;n9qmEG!
ztBWSBnq{+KnBiCeoWL>Sxgo^irCdnc`nKLl{X(f)?A%=uRewA!Eq!tfrJ>sXH~^i4
zzO)uQ?+4)hj|00%-ULW$x`F`60leZDFbru%#08FmXvzW<vOpH0B!CJ0jS_gpgODZ#
zB^wn|ZUCepW#c1dQ)4@Ft6&ip6U6jFzOCwY4tDZ&VBa+RCX3^?Qc!>@Ri^fLm{fDp
zRD0iT9~aH&ecNvPSdJvYXuN568UQ5fJ)^OlXK^?I6Uf(Uw*cR5ANOgjxWGsYUhx)&
zNvri!nJ52f$wrz#VVL;x(?1G66aY+5N`|yYBTTTEwJJtD2RK4RZ=QqU48(AVVlMky
z<1cLoGk?&C>s=8kiF!8#ML_@ta0U`c;8^dMDfS28oJid)l?H-D&gEc;)yg#hALYbv
zeicgO2|^K<19^z__C}V-iECGPB_<%0%88D^ySAE}DAALZ`xBwWf7f<((Px;Xk`IS!
zsc_Oe><liB+OIoDEigs1?N@5%+b+hwBvbL^NHSs0f>yX_90iS$Hf4u1!yY3GAdMk0
z%;MDSsmVz~Owi1#uAF;z1*SKYR-k^??w*_tO1QU9=)l0*oTAx|e!b(ouA%M>Vj|{D
zYyCDi7ZtHuAC1!tTv0Za(|w%;)ZzX1^!(yuumAq2*FL-}=HoQ`Xqvw%>M5g97V3T1
z8&YuE?;V~WoOOFA_eMy8%_4g2KH4N30=+cRTR**n!@ijeOu4SsQ4uB21qc~}0&VIY
zY&%)NOi*9{VrMBc6`S)DFBglv(F2B*Hh?kDS4QUW#TN1PDk?`<&JI@RnO9}gsJu=`
zQ%k{_i!4V%O&$akXMJ*TkI<E~L(5CMhK>y#<0-ORiiP_7X^Lk5XaT7sfukcg02;TP
zVi+dnDW%EO4<+@xy|cUbV*lljf7{yL(W*C@$$uJTN#%a+(~>{mQ-A&^$8Q3IUpOWA
z(8h}Mzpee<-OBmji~XIa^Z!SAzIe|X-{|gcv>MXDZ#A2;-+dzkl#QDagCpT@y=<C-
zo8GgAn5C%EYS7^?C=~h)7O{MFHbH<<Du7ekIlrGT0YaLj40CA%Opr8uF+<?L2fY&z
z(J+(hDNs=C)_tS(N$G}0=lrNGe|grhXA=6GJ#En6%-M_i$*iLFw+Yn$?U|7NW=&@O
z%^p@Xyk|d4EK){O!~{mX(fU#XslGmIe1oG#tFh563N}lvK5HP7C5;yNWX{YsL1R2s
z|L8Q5|Ik$J$`C<5%m3=&t?{$>?Adjh*u@Q&_>uP(7YviJd6!^vgveM-8m;Xdbk4aY
zw7AS&7j)5GtuJQQu7hnl)D)<KHm`H;%@A+s1FdV@n~TvlU7aI5q%=m5G;-2&8CVRX
zBqsHwmyp|3hj>ND<$|@iiIVKq46|qMFaV$Ai)W3Zrz<1D?NRylXAPk$!WM-2vJ^4*
zozqS&H|9mbaAIDF*Kf2!;Efxui1_*qmj(X@4SVL#by=S*7J|IUO@zQ~hOX#mTPh!h
zi-w}b!F^{dZ@P7>*f~GB?E|;Lyjtb0JG#~B+9qhEm+~(U)o60ItA8%lymr1_mym#Q
z+#A^`!#;D(;!zDUb0p+gH$qCdXxKx*>+4F*5(=8$2_p4Pe8Z4zd;$Blql)r+Y3c*V
zN=x37cJGhO^zyNYOfSC@i9CEP5_$NQNR;E}k!X}neH|i|c6cNzRa?u+biNfTOV0^f
zOFQsfwX8KuSx=W0dYLUy&Ny>ithb@uS^_a?l>g6n%}@W+1V8`q{eL$9*Efx2U8N41
zZr+wNF@o(im3P(TFOyq`Rz16ml2Vhc&(w<F!q+Cciq1-6dAL5Yu1~~QCbWdgN+PAI
zS({4Zf$?ZV#k!4rWsX|17oxY4%SzR)&1TovWF_fKIaoN8+#OEg2y%B=xx>Z{L3wqb
z?I*QN@Sa_J*N?N=S=s*+C`n@|5O1FJ&N_oYd=__aV^#dm{{GAP{lERE{lCX}y4q;~
zld%rk0bjm=;Dg=;wm!?(*Pf>xj=QeA{RDC#nI}*bxV|gOM~fy2BoPNg6w@mpD7eJv
zO8r!F*-sfAGsJlSlskW34KnNQ;}oVOo&^9LQsus6no3l;EFCi#p}<q2HKB;X6~qGg
z{)n<ydDy@!hF~-UzAtcsXeM60NI*&>;K$$>I#e-9+S}2epg8fZLj^0K#&pbA7FW&2
zl5XD@5XZ0lZSd{4U@2xHP0|<%<RG`ZmB@CQbxqt`|1TW>7ZVgqb0ZMxT|<FZjQ^b%
z`_=fL{TJIWpT_@VJYT*vfABh=Q%IuRnK5^?RKcL$56$aq@5>iohs>b-*wV;Mp!VW`
zUldX&p@9x1RgRKYp~#ZGOT-wC5cnMkmXQ$b@2ZbD8Dygo{tOy^0~lC{L`wN6BoEYi
zt42zrDRH(s3Ua9sl+!?ty7stOO@Jy~P>?cA#0WJ0%Kg9cMwt-(*@W(a-vL8u3_}DO
z|JeYIi^k1~qDexDaSd6Cs4k{4mHHsylcqwxCDk@2VVp$^$qO_B3yX0Sqfk(GWExTB
zVVVX-$Wnl5GmjstnJ9h-zh+dR`ik0*CGv+ed-5G%+L&j_z~HeiQ>u9TwXJLKtR>`Y
zDPBOd(z_(o5Q4sTR@EX==~YcbH-TdW(kzaxXY?v6ln26T7RTDsJ%j=l5~*AaEVFZu
zu!^{T`BwvGV#5E`Xnpxt<FDqw-7NoCqorSN{wv=Aci*7|;#j?)VHA(C_^<hxKUGk+
zkypIFzHR`;IuO{FKw#m6?~0++QbVbx%<o{hzlTWpeg3J!(s}MG-%T4^Y#j$jF&wYt
zvZ{HYD;Dg<BWcT=GNeZ8PO#mmGl5)QYlqhyyO^VD3BfW{9rDG;udVfqXW{&>U0MAE
zrgx48UUB~aa(92LGXKBadigZ}Kgv^zz2Ekxm_#k(`+p2mFF^vTSV_+Y4QheW(qUej
zsD-L()G-liA6Bb!?M9?V+yW&W=X1~RfM60KBEX&mVR10?2Ei@xyMnfH*GEGEcYBsW
zQGSNtpm*}7`xd<E9(8U7<;J+&nJ)^=CmWpjv%zhhKw(w1?3?Bo3)U3^m>v2J?X+s6
zRc;n2ECIZ0yWl6V0K6({+Z0<XaC<&lTUTz!oNgMAdAW*K<thQ%{<2_h1LyfS&uw51
zw^0G=r}IIlf6_kgxJ2gjs3G;VJs5oK^$$yYwli$bjx!3bidbqlc4l!fvi$X9_q21^
zJ}a@=dP0<-uMDGJ-PUpUq<h>xa+|Wy>RMVBVZFMscDMhwed@NQW3RQXq2&Lhci8dU
zZ{BoIx@Z5igWyl=-F-99?wTSFEA4Sv;QGi16;JS@Qy<3%{NDY)>!93#3C6#=5be9U
zia&sxcs-nzB+hx3uS4Tae99lrpL{8}m4q+yL{~aRsg&NSgxx-}+N7$uK(UdiheO8A
zRG@{edonm{A02i27auzPLAQ7Es(#OQ0dx(s9Gt2FuLJI}o#-`YhrNUMo&LM?*B1x<
z&SB@|tlK^sTnst~{m$8|x-MDad+!M2(ZEn5Ipi1&2RiRn2n7P)f>VYs<)`;(wv0f%
z88o9A1EEu2rCKl$rf4RW?>Fyy$DL+S%v74t-f5@bKI`=_4m$m_?wjsG`>gZIwAe=}
z<<fkZ>6lqPX7sMTiDokjFva1t7$?gTf#_EIowwb=S^u9dD{bk(wKG=d2C<+n&Z{;{
z4zOyxtWF-1166j;VJ*~obLZbNeBz?tJL<fei=HqAOz?y*bf?&fd{Py1rc*MCNEl1g
zT@5w0Pp6U28>|~gCi<dKUY-AQCe6`YdEIj$bo=0-GZ@sO;+73`$aB%xHwtoIC&1Y#
z*$b)tU$>9iCkN$KOg&mAB-&Yl+%68fDyg;D<hVLCtVYp<N*6t9QUg>ww7fi6opmQ4
z0C&u_bLXr#Yv<UxpO&h*b!^Lr-NAch7nbrbsJEx>vv&o6YQ`N~^z=hfrkZERmKhur
zWvUr=Y?+fca;EHm==4jN$k$~=s@ZUC$%D@6yNl!AN%ySRACzFIU-T?o=)Xl-cUHIY
zrhC*G{Bv;DIi7Dt&L)G?_CZHWt=qq~GH>K6kaATF$JP0H<~nLAbOoxkgjt%oXU(iV
z_n5I~P8yezqZ%s6S(??S5Yy!xs(7r;gI|!O=l;_D6oX|crmoAGgXLT<p!spNoTquB
zs}jt$5(ZVr>Z*oLOX9e8YM|PIzO=1UDz2izN+zHhHL((E)jnU9_@^f6&jOvYvS}yt
zS8em_<@u@2@l&tLR$^4yMF+qdl5-h>9wZx(2K<@|y_;3+ahlm&&hQ~k(k$kb%?ew7
zy}Usso~)E^n_<XViLRL!Xx*GZm3%-Y^rZS+iJn5pp!eyxci1^HW679Sw@E(JIcdK>
z>KxX#?LrAmB9y%SgYLoMT)Q_&uClCQ3A@_hEfcO7iI!%A2JkK$+SDgS(v_d=l2Ol(
zdN-hU)mp~UO?_e!Ef%OX`|9=8&npYo@^ZAY?OqS!)LEStBtLNamyIf;ZU8|8c=)t0
z518_0>B3g^j<dQg2CaY4K5HNK-qw%W-0fif@ng@_S9l`?g>2j?lhh}bh{|BQUP7sj
zTji268*=Tl_Urbbo~sI#AV<{dhQ~=VbvQU#h7?!3m|y$6{on0b=>IXHbjqD<%6D)A
zS>^w^zyG4_|FN^Rv;E@9|Kl+p*Z*S(ML22ZULgNXhc*5mMv3KuftWv0nI0d_7X*OH
zr4{*}E#}~A0)_GZ;`+RSAx<+Es^feJB(4GYh{c3v!sewX>TJTAi@(sJgcMT3afBF(
z)WsKe6<{(|YGv54UYLpnEs!!vK#T;M|JlDncsx-7ivEj6&F{LRpVAnIvqsCLURB)H
z=OmaCPijg@^ALtpIvO3}1dA5f@<2Y#XpXoY2f!MgCm*+KR&~$3yJ*o(KU&Riv6at+
za&g){Y`K{m8BzfRr;6kjI6;?r9?FVCWR8_z@<XcTPBMi;YZ@%5R%Jj=v1+w+%2z!H
z(eC&#N?MDL$x8TJ;@a^QoE4eKI0`d{#Y|c;=(8x84%AT*j?oxJtxB3pwS{sl?KkdL
z@SV>9B=UEijkU=r73P$wnfp$aO4oXI6%Wsb8q|Dk<2s3cop%aR$uC@Pn81z}_|$09
zROC#|KLmUtSDtx3l)Q)J7vGnVeU*9R=TiID_3|FtsQ@NX0oNR8w6*DcQgcy@&!Ok`
zk<&eH=Y-a=uC;z2)ckml`hV5@Z{lk1<N~^4{@>ev`J(Foxxf2#|I4F1x1RsCU_8zJ
z#oSN1uxwdA`)_~c*}u|t;Gt*!uQtm&g#JNh_?ypPn#RWFl6ai!>z{8lk@>#w-BvFY
zcGWL*=!Y?aBuk&PL}`U!`fPK3jj{7}HOBHz{nP4?#bo~hwaE~Zrq&&P=-9fDjmt}k
zJWN@Omy-1bLC$zgq`(m>{1MGa^vY>`Elu;aji0AyvHgD!`+oLWwg0#Kq8k6T|6=<o
z|HGp^x1Hz9%HR>__IsJo=COb9N$lTg`>T@O;*T+zl{UY?pL_SKwD+ZNE%i|r!&fG$
z>;rCyEo|E9adlnl_4WU!TV{W%XW{&>70SI_1-&Z&)81Y+|NH)nou~c3M|o=Fzs;qZ
zi-NyvW}Qcx{Pn$?<=h+^8$HZ_;gsaD;z9Knh1)`JjM@ww!M|0qh6i|-jDMxTjl0mD
z)WE9!|E;av>iPfH{?q*rkMg+VpABIcz)Vai!@sHRqhR`@PWqE)hS2V5eHx?JIx2aw
zmay}@317aC@y}?C`e-B}z!bk_G)tGD?Ex@{b&jNQwDVz<VB+yiWiRI~&j(fqx(3W5
z+LR5mj`FMSsXDs0)Xqw7uHE82u)B)%%>-mMEv64x(Jzlc6w6|y`q@g50_N+R`|MV*
zd6&|N=O3ErGYX4uDP>|r*%eelikFBDO(h)+sy>d@<miJKbN%5;F0s|8ERAfbG=FJ)
zN9J&YY)n%|f6+o+LGp^S=_saGyo|<8+jh`igoaI75l}Xs$3u*Mp~DIi&wqG+Q!q)2
z*MuWq&Q)h9jd2J$66=6~DMp_KB2vD2p*AWo!;A}>*q2Va?loGd6DxFSLPnj+s+-mm
z$~>gTESzfJhB3s6{>e<``U@gaO0jO<H>;}zrt2{)H866P&0|-NiS<DQQ9_C74j*s<
z1sY}Xn*CEpf37DqM4Q}U6{uy?L{)}pY=Fy8X8tk^D^%9p3#Z_1=qg)Ww(Ha?Yz>G*
zGmtAl%}|oVo09r*^|eiqr{^m^75hJ!pg7UzI``Mcs`dYi-Kzi3-tNxsll}h~&jvWv
zY3)_+9o_RfU~HJ-ScPb(Fr30M;(=!l(M^6T4)_GcF&M{m2okA&R9-8FVkq#X31=+c
zLlSu#fS|FC4Erus`4(-2!GC-o=wNwDR85JJoYU0Vd*B6!gNuQn40$@PkrMFXU;rY_
zxEGAEXsW*&eJ>dP#+vG{eK8p~<sbW%Uy^14Xb4pVgbFP5ehBzg>irN5;ne#f5Q+Ru
z86JB-{9kVae1HtojDzlBhkJpv$WSP}07nQmb#X?2@q$Yp(g-#G2%5Dr{$ZN>48bTt
zK@#0p8!N{D?#_$7>iB=L^OXPbQJxK*K*sYvsSNKwe`mvQY=++E_bOur0mnzZl-m?d
zK!<I~(Sx}1e0gt-dKF-LeDp@z_n<3eWts|{;NMWBBQ=vWRte8+Qg=UPC;>VWQib`(
zG>Zc8PnyX!j1E1G(PuowF%~lg9}_|^P5lv|DI&nQ@Gvw2kcAU0P$)8nxXQp%hn@EJ
z$#d;l$^y^(C>4@Uct4|=idRY*N+C0;ebgb3UU#Z!SOkR%)FNX{5YpNG1cR7>c2`G@
z@y(nGn?Pj5qy)-_G3Jw^lzKZvKnH75V@s>8I0VFmaubBc15i+u;uJ|G$v46KH+nlk
zB4CI_pHsxJ$}cAv45unH2Z>bNE@YTfqN4I(9NVzF2wY8YjC7I`SzPi!P+eX1h7N?2
zP!uQ3`Jau%XGn9>^w%bUS%ihAZA>o_BannB@Vt$U(tQH*#Rll>j3Ijca8`;s#`=0t
zo8~So1sdm>Msl{99+U)vJ|y7;F>9=QzPfF|CKfD1k~AO~POLlEl^X*ohXOY^854SY
zAB2>d)xiE9c>5akRdAyZcDJ_VSDTkWLhe&4fKG*AuqeR~ZJ6?q(QG^sAWQZ92+7PM
zRB)sxXFx6(9%gnq>VxxPMnnd7wt}ra_2K{#(Hnp!=)db6ftSJG)LR`!363zyK7*aP
z%NA57!}iC4=Yv5WOsx@SD5Ob(h!hn|nhv&8P&C^UB%nH<RQ;ZD#K7@Uu{be0C68@%
z(ky6lRmM*`0^4T=|KKIWD*0!iaCsv;>JrA82{q4HO1T^cCOPR`=b6C6JhU>>89q^k
ziU4$p_WM&A5=E6{{97q+g~=r1v?Ph!24}Ao=`a^qTX9cGMd0}+cb5@esg2&}CmU|w
zw(VeNt0->bsPo9+Nar%G<lCuqXMRBkM;a%HV-<L*)!%<vZJ+1TFi-=}lWb0;Rfvg>
zn%7#p1YTNwBb~2KR{o?hE!`IKHp5Zf^kTr+|GO8To2H)MjxMFDh*XH@_rV{*ochB(
z75nek3~@F5@8jIpKFjUD-L1Xd?dttM+gnfZpO5n79p3VMa0wZf`n3f*=SOW10O#87
z7EsrA>yfP-K%@${8W}(VuCA_v`AY-TmCnr`LH<GUgD+nOX*2=>cs&E!%|y;<#@#wZ
zgd+gQ4C&OkDtSOSCG;vr(HQBxukxkJLLe6`dYT~-Vq8$F?=lgHCEQp$=AIo6Bs@%s
zb7xVmx?V$$!%6}ZjzVi@&Rt$KmMSd(w^nHzL)oBTGCvv~0Q!_0ku0(29VT0?Z@R^*
z`P@TltWUxkZxKNZ#uA90%j|aJ4Dm*(gPo*}CiK6hHzmtmuDhESX)$A!N1NmE#K$Cu
z(z<01?X|LJgFJn<b;}+xSme*%1XxP2uT%GIf+<nk4?ee+@C33UW#;#P_g>dG#ufd3
zUi8yCz0N1}>H?2i`mXg?bKUNw)x1Nu7gvf~v>mtx@zdhXeIRbkp%UJ^!A`IhY|o?r
zVMWf{#q8FE7meKu&rQPn67JgHZVq$D0JPOwYvtT;3P^s-7HJP<lAjiM%#r123#Bh|
z^whWUwD?S?QT`cCdHz`<k$=gNxdpo>u*4{R)yf>BZhvRMyar&1;~2|%MoavIYk<5#
zKX0(;xgn)7f~4rYck8PBRh+dBsxE(LYT;VpZE;C}TERt`93)_Z;>6*QrM5^BQV~?0
zXn&DNszweqHY>$Zkzxgn-cqp4a^Iz1-2+fDa#mksa5F-W^JX81OnrsH`cy8tLg8kF
zwr#^}(Ftxv=tjQoEzw-^Q!ne;Jc$?$BQ~!`Zk$wmQ9A8httjXFP}DE2?TWv=c3(9g
zRhInA)Pc=~wT`6BW#nFA6)eg9eM1Ud^Yea5S<}E-l5u>QQBzM$x`wH<ikJ<Xa1fN}
zs?BFx7I4g`^Ym4+I0q&ZxSJeN5vhb*WtrCZ4CviAJFm7$1ky`D8Q@{HWRw?GGxYqd
zIw)<bad$?&-`UjA<C}&SuArvQtv5E`^qk#exT!VMs8GknJ^#MCLEe7kp{u<N&5Jr&
z1(Y}|ZV6#YU#C#$RGCF@H!mS;I>uSK*O#U@))gv)bOCo%QtQ0=f|Ocud}W!ol$bmT
za(P%*NjRYqDzbW(ZYm0_1*>AI+(gTXlP4MLqo~|`2ABhfVK<;Z$M|08uO>oXhZl<y
zFgy2xxQU>bQ)tJd$tzwEHGz5vfBS7cd0N_+66fYlz5!w7gw6Ft1^1B$dOgmBIr{4}
zN00yIl5aCWufrKP-Sn-xSwe7{TP3?j$E_mZbY2xLLVs0e>(%J5t$5Z!-c41#1_kRR
z&0bEy!CZdrRb<$?WhEVhBFJ+E6-6fQHIQ|{-W#fK%4xdSK)0x|2Fexi_l9=vY`!km
zd4)BQE(5<eoNLCWG81AvY_dE@M-A@z@ocz8&hFr58OB{3(_|P&zh+P!I+Bq}3S5{}
zOSxvXd9D>UO4?aAxj;GphvMPFA9M3=4&GX9KeUO%mrIFqYMakct`?gnQ%rtiMzBs&
z^I&y8^B_-UzRu`3{LSfk4E}DEZ{?|FcFl!9rInApNoeuv=kAvh{oO8W<l4ynLE4!T
z`l(}Pj;APCzWOlN7MaC|T{XC@ko7m_*ACx)>xkyE-|y5_YxjJvoT}@mxI&8A;VC*w
zwcxCRRBM%Mpzg4As=JM;JV=!_S2IorNT@aYsvD%{7rOFS@Y>47gD-a_iN3|gUGy#<
z=L>GaTFpUoS=1V8u6$pWA>ybsV7TJ%-*0gz)^h4ft$c7WuHR=lcCJmRS3GqWE39)S
zal;E9<|Rp?28^}(a1x}j^9_1S4jww1m=eQouv4q@uGe$8oF{(8UfsIc@B^?i`+Wdz
zm-&9Kr)=MJEINl4oqO*sOR;Y$UcA@pFx2*v;`BN@sPpOaS9HsRC-q-Kr$TNm5;xQp
zB=wZK_n6#le6M$r%DmX9>rftST!+{Xqb1{6wcg3;wfvK>m+V;9P1t60yE-K=m{R8M
zVlk;&YUboQM}*tlDr56G%}p4EHC6$e-xanR|8w`Y(_7JS?wpz249!y8t5H35?@+xJ
zs_vP{%}_11y%<$<1IzjtKJ2wQz?IS#cz%Pr&%uLUmIEH-o}9k}(*crJ_g>kb%9Q^@
z-!1zShKa8(tbM*(B5c>{dl7-XAiG`_FS{dt#XR(9yo^6s_a6SmmPv`}_dnN2ynSfE
zFFF0KV(-j5Cr+Q=$U<3qm;PGPqWehD80lT!;mnAK8CxKYAu+<jsqtWx%N8*~Gi&SQ
z(qm8CjLg(_-L0;pUyrXEG`M%p&RyZZ%1&Q+um3pBmR{&zu<Y&W`CaeuU(B>R;P=k8
zMfd;Tnt27lHF<d2?;V~WoOOFA568+SZQKV(S6tt}%6rvTG$$MS-s#@KVc(dGLH+Ih
z!oBw$W`gQ8+WAt@EEM&=VX$Iwnp+CroxcVL{mx<M<gD918i4$^<Xd=lRc~cq!3OvK
z`(V}8_ra}hy$=>#c<-1Mb9dc8x7Xa80(ZLS{`ulwD44VstH1r$dJMc$ZmnNCFyrZY
YdY+!A=YgO97XSeN|F`rdxd7Av0AGA9v;Y7A

diff --git a/assets/dkube/dkube-deployer-1.0.602.tgz b/assets/dkube/dkube-deployer-1.0.602.tgz
deleted file mode 100644
index 6f79fad10a50336064361c1d1504b71304fe6400..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10170
zcmV;rCq>vFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDHd)qd$=>8i06?5cn)ApE@UvawHruQhelIX;?d@Vb<`(=Cl
zK_n!hA_0~F?Wk$)-+n*5NRXl)erCHj{K1weU@$Wn3<ki=Ae?4H?1eaq*bJwwg9%E7
zKSOc!m-~CRwzjtR_x9BPt*x!<|E=d+JAc{U+u7gVd%nN7zyFu5?Y-@t-M_%rJ>szN
z$+$r2U$*YtR+YFv$%80m0tvz>Z#Mt}Bv8c0et?9CuuoVkz^Nc3g2Of>C>0c^wZ%fh
zlL*Z`ielV`Ln&3Y<x(7B#IY%-q_2Sz@(!n*FxrNzod!yh{Ohj2<8S%fjS%x7C5cck
zJMcCe;*?^6xi>@{hj4t<PdFqI5+jzzpkFcyEWs4GKr}>Y$W^^j#I6C+umNy<B)>E!
zOyV*TBH`^;OX1`b)*yjw%)Y+9zV_`;EfSAg5gW5him&~IjvG@vyJl&~+YJw<IdTn8
zBi8WpmKz>)dJS15r?I*1?`$<24oC9w*buV>w*e(dL;}@IjVoJi+u!o{w{{wL>;KC5
zzd})l`8_Lu<>P;QZ|B*5b^Px>-}yTJALH48^9hDSDW1^1IO+i5fUXdU&@jS)L>r{w
zGl~O7uW&lXG{Anq;+8Dj>Qn3;6hC<KrJsbO#s<8c0SW?~2tvmoCWJ#o0!%puG)^&&
zF%>Xl8K7WF*>!}&F$OU~=A|qGf`OP|5IBvw9I+5E8WN?e{DwxHP%cmusi6VaB#MC1
zXa-5j0*pf-BLyKROd*6r7|tNXBSJN9rht-tKpdJg%$t5gzHCFY*=TG)Kfx&yEPcx1
zhy^Hu0U1;1Q8>f`kx1cl!Eq`FF$7Af!Vm+OUlG@Yu@N9gIe;w76BOX5`m=;_BHuwo
zrdVr&O^6vKf~ACxH&tb=zETV+<{~A5z@gvBOw$V81aU5vk;PpB0;4wy{n0eKRh2oI
zFvc-3iY1z=Mr%C9EjA5Xc*<K;(2p&F=<k_ALNfS@gg9;34{d0wS_;}Lmcj&q)+(~6
zH(~lChak$hz$wHT7cfCr7-B+U7kDtiVWuUHvJmse1hrv=B90}r_arggfDj1;VJ5i&
z6CA}-zo)wMjU==(YCidMWX&*dQP#L736_8?f6ke$Eb$>RiY&8oUNknKV`WFH$hL)M
zs<fd=Srr^2sW(PRB5SP=5s`F^k^<l%3#K@Q6pslP=?q3JH3Qa_{)YWsPU8To6Jj}j
z?fce;6esK#^{bJUP(hXx8Vka-*)TN^7!`<6w@oWxszgcJ7T2+Is7jQDlBt;-MH*Kw
zSc=A2f6?I1XNl@E^ON(-DdU_-NwHiD37>94a<vIO*aSM_n-Jh+;#7IXqKI8fnbG6s
zw~VAXgb~3}$Q3&SmZq2|QoYczZ4~6>>wp0O?{-fa$l$zx)_L8%JpadOSAIY1{_l(4
zS@-brRj+$=ICy{-C5ym$<RDWDH9=xhE}C3H=}DyAa)GIM$D%B*@Ph~C(uQ*f5#qdD
zl8$((BpvYqPOosP@Sr1pI){qvMYoFleyp{jnGSF=8Q>trqSV<^1eK8qJN}Np?Qid>
z(h(BMc3siJD-vNo;{wNd8z)v#=e4z2)|7lTBS6DcbAx26v_0j-Vns=EJTE5;w4vF$
zLTSq?%>u>=3$dC;*l00`nsLy%IPbT9qNeuGPEq*_cyNrA_Env)rph6PV8S@2Y7E$R
z$OztEyzE|{p7r1L4!dVBLSxJqvQrFvgR()l5Ei&9OG{OZ7D2E`1X6+^*EqV+F`8oF
zS&AW?Q52IvPeW3#;#AJ>X-3tQF3E9OR|CzJ)H!5c4S;LmBuQgVV(W^lKL4&jP`0k#
z;g5t1{=Ez3RCj*~MqgSj5^elZNaY%7*&N~#Q!1-0&rZby7RLxUPEd;ET+%z`l8>sk
zF&&DL=#HTK!$20}<zZNi%r%=Cr7T|7$cZx`bcKAFI;Fb)*sP#NWul8g{Q&snb{t$!
zaBA=)+|JH8tYVllHuXw#R7uNJQS4EJ*+F?)%iqs6C=sFXrt?CinO5|rIfrnN_9>z8
zU6YP@a}$~pMDzPbNwDaMj5A|hDOr|mB5tE4{7)UN7Lj2~Qd!UH5{#9sK9rM}Qi$_)
z=gotj06t+^6iV%eAVt@*T8xAo98zCbJA;SA5*f0&q6Z>|!Xb(f4RBg#pM=&L{y0-A
zg9LaJlCo-6R)<uZ2}^~ZiX5n}O4mHdI4+ft8d)}TYD{g}f8#0k^O|y5qqLZ9q{Q~8
zQV5=cCzn&!Fg?ZsMMp2;s2-7HX`qkf6mj(O@?G!r^0ePSQj4iHE0`TiAknZ5O=YUj
z_w_;V@C@wsl3IUBI}C@u=KS{GcKq%AALS~fwX^3`eup9w>V+H`S)7kb9N}eDu1Ipq
zSXA^|%t9O){pa-CIRi}9I>Rj>M}pqkf$!9aY3apBp|y3TFkh6&cZV-Kok2+^m|UQ$
zL4yl*B3Bwi*{xD~%TwtF46;P_7Y-qw@!z6N;J-zB=J_t>{I}?PS6bsl%=E;akYJi6
zatVvFNXSYM4&C8T#H7-eMWd=*1~V$qN6bO1E=1+H88O{aQe=3712URH$Z5V8HfCw8
zHvL$@TLGgK2XdKzDcGf$;7i+<KM`?MV8Ch7_(AXBu(n?Wo(e`GAc0H9jXFj_tS*|g
zYL?ByFe8xw5~DHZxgo^Sm0U>M`nKLl{X(f)?803URewA!Eq!tfrJ>q+KY;GRnY0$W
zZwK)9$AMiWZvvK@t{?z$K-c^d1p&*bxFn$;PE#KTsV|E#>Z2I_&M3O(e!${_l8p)}
zHvm$Qvhkj!Q)4@Ft6(t^6P)UWd`H#m9_-}nz%$eAt1OB-N<jfrs!Z+gq*BdEQ|)c9
zb6hl|_icNfV>yyU%A!rX(*TI7_bH3yJWGNJOb}nI-2!~Cb9}}k#f6l%(KT-q6t~+y
zm3i`WTQ<`AiJ;h%pMEa*PyjGJDH+lkjR+-T)~*=w97u?%-aLol3?ekd5tn_f@t3xP
znLk*_^{$ANM7<k=L*Iu1nn8>x8teTs#eN?ysMO6;X<$U<Tn<B`R<1t0mlMDFRVb0C
z7>8UA<RRAE8(AzTu3g=gghC*d6C1&sj+&bo)svO`6J^wU({XjtM-(TL4~J^0aMC~Q
z4la*6FS|!=nBv*?3pMj?7h_+Nsd#cEnJ{NTD_k^=f<;)Hvcs8SkC6pPB18?dI5T@{
za*_}eJhQ4R=bl}G=?$e7sGoOwC+C9_?(GvcFt9eKc($Wo?>Mh(s5?i5iaFC-zs=1>
zMXc6G<0OM?mQLk#Unc=|c)vcqxP0F~dwbOH9Nrc4agx0^&EFLDBxPY1=zZ54QgC|K
zKfE|N@AXgajgSJHMfBKxv`IDuy)@BVKmCKlGcy^Oay_l1LPnno2vUp$-qbtTcCtX3
zV4nWP&QfM7Hs>deTrBcN4^phO0g8COGBSrRwuq-!Q8~hLcCb3nyegYU<#jrqS_;lx
zWH}aU@}N+h^~u3K!q?6YEidgFIyQ7frr2&N7V7V(DW3h@2B{;#(UBW~$8Dz=L2-FX
zX{G9ilKS1=+1-1#|NO_lZEf#p)f>;`KMk^^a=-Lx$-m!IfBq-OZ;bq3IivT`#)|X5
zt^M8I%K6_j`ReQW-y=Mq8c&+v=<aT|o6^8<w_38_JtG4w9k;?1jfA)Lyk!b*Hl8%a
zEWyoolMR2xfzWS=h~%sD35Jw00ZwV>{C>U!1T0Qc!lex`!P4+0DTe<Z^iLpUK_=Cc
zub|ki`)2!t(hbe-#ZgE8@}z0cB=k3X+MvIgvlsJ|Sw-t_6Quv!Ga>!Wn#}r}J*;Rp
zp8O)QNK%&IR1nOY?N23;>g$u{HzaJfn;Wg7V5`*XlP0EF+-$=Kb7r;)&GA(IW7AOn
z!&9{@Lk0aP|Eq(y<}ZyWPd=B4UEE-aA9-(akrFyK?_xraFdd6Yv%Q^z&N;V)7MHo}
zf-btN{mIPQb+Ao`ngUhO=5@}!8RkuWp!M1I=3=x>SLX;18H+HY&7AaH1{T98iAg=_
zCFC~MAzsmOxnM1Bq9l7Y!|aJW4B&%&@uXSwbY&#CJu1Kcq9Ig8*n%)$mLlf9bK0rp
z#=IyPPRtAO`i)iyym7-75nsRIvf$sK;fDG1xvWnX3qfAwCPH8~Ls#^(EtL<$MMKfz
z;J&k!H{H5b?3|z6_Q7p1uU2{Mj&60jwh7JTO8(`68coi2^)IEGpPg@?OGuz7>W}P{
zVV}8X$*2aIITCWLn*pO-H0>ea=g*azB@{Hh6HM!y_$I}&@dfPHjw;IQrKJxXD=jsa
zw0nPKCRdL|WODU|NaVp|k;sEDM4}u&k3^$v>dO$Rw8JA&soGjjrt_^(S$a;;TH1l<
zs%5QN%6hu2(93K=a>kkCV!aLJ))F|CM*07I*ZS~3E%@b!@Bg#)zrJZM>ne57bn~{H
zi4nHfRNhsSzf5i&TJ`KMN=i+(K2s}x3tyV(Dmp8P<-z*Ix;_zKn9vd`D~Xh<W^F2s
z2gaif73((gg*j@;UWndGE-O{HHk(~vla-_|<zV4Va(6g|Bgoxh<qjJ+1l6efY(J@G
zLgUHj#^=Y`?5ynn2^=R85}3D6`sdw&FFuO9x3MbzXMg|s{Qlqbuls+G@$|IQ0HI?Y
zv;&_$f&WhL0$ZQu&z~C&?Qq<4-R&ocgJhn-q3`;xC?72r$B2d;hB#u^AQ)T`e64;e
zx$Gw?8>g6aACx<PUJa$z-Nz}+Xf*Qy4w-UaGEK#*T$YSe6k@-jLTdsM!8IZRJa5F(
z7kSvgixi`92A(HKj9DgLJc}V=A$Sq|%7!W?Nqakb6CA~!b*M-Ss1Y0UmBm%Fk)+%6
z1R~K3ZyUb-7M5ZbusDgZzz%Y|Td{1XRoBG5_5Z^0e>uUCG&g*a+%*(v#rWTOwqK3^
z*?+dX^>zF|#`Eb@>xV}7V}fXyJ2U2vmMR#u@k8tL=f<Z`o(`G8`LU&u8DH(ifmak#
zC!xL$B~^}+R-wp}{VSZNB*gFsh%}=C?C+|NBpzg=5%~yBuL%YgrlC?k3dsX?-l~z(
zXiA)|jzU~21m!f4qpm$JRuiBK7ZfBZp<)EhzjE)dyjdnhe>S0e@CT$giBN!{`JYW_
zUN&z|6pLd<jcdqCM0GKZsniEPpR^S6ZK<{i4WcYuNS?0|SXhkX2nT|tN2U=~9wmui
zge>`lwet9(nu+2M_$^}s*H_ejETK1?*^_Udu;x5V1_qCHnNr2ut8HC-XDuOLOYs7t
zmENU+hTxxRXH_i{m0r~}^kOu|kYrJ0J)>7qp*#>yvnbM*?jaJWkVxfXV40nJgjK}#
z(?6Ri6BGW=X8Y4Wn}0R`?PmEun{EAa^Pl+!xcd&rh(ziI3&Lnj#DC4l{HcPnjlAOL
z&!3y1SO>ms349A5zAJ`OTMea}GJn8ue-G2(`}|XdrSsfXzMD3-*g6i5A~asfWmWS)
zS1i~|M$(o!O|crOJN|aF&IEFKtsP!->>`e<B}AIx>X0u!erc^=JPYT4?aJ!KD7kYq
z@QU;Q=ezq`mHGeq_V(BL|52V&?EQ9QN@&<NzW>K4X~b9{6)V}WL4#Ugv~-x4CTgLo
z8g)#B+K1JuT)Ppe5w}1INBP|I2T(#oOa<&o5EchBZ&1>PKNPf$yFMBU-0fKgMfn-R
zLI31c?=`&Y9d&O7<;J+&nJ)^=2OFIDi@|N3Kw(w1?3?Bo3)U3^%ntpAc3QR3DmM!h
zmH^&#T<{ZA0A3ZfZHlcGxIG`Ott)pT&Nhw5yj(@Aa+LsWZ&@(6f%Ej6r#3K$+o%Bb
z)5V~BcG5ZSx<uyls3G;VGZ?(@pB<L?Y-iY<9p?<Li&$zmc4l!fvi$XZ@3ec^IWMu<
zdP0<-uMDGJ-PUpMq<7poa+|Wy>RMVBVZFMsPVek>=hSUW$6jk&L&^V1|FG+IUcKs_
z^v?fb2f@FsclXUayK9O#thC2vzUw3JS3JRsPJJ97@O$_Fu7h#|CK&(fLbUJZD*ga&
z;`MM=k~rsCz7CBy@hN{efAXc^RuaC*6J6;PrBeE*5_advYLlwsf?^|44~LAKsXz-`
z?__Y^IXdc|UB2s{4SM~P7xjC#3!rP5<=|8ecpY$$?L@CJJM164?Vi24czJnn);;W=
zocB6MgUdnp;H-Q8qOMC;_})9hcr-ASNDes$!-39w6(E7(TR2V0mHhM;&z2FWH-ly@
zOCfOTt5gdH!W7S>^8Myb|G3-oi<wFj+CS}{b<X=|mj~Um^WLl8LFc^t!nAmX6UL?a
zFw-%!dd%oudlSuO6ktMvX)#WgB?8f{o^@aM2Ipu0a9L?f`>vg_IyZ;~b$L;>S#p3?
z<7IX7kQ}J8a}H~v&YL^`is2KNXZ@q@i@E3tQ@{jI=t6gjoyaFuA!j-zqnHMfG~Lxu
zQ~Pup>Ab<Zab%(|3gy-PKj+dM&6U?Z2SRra4!VOuEh=tVUxz#weSM=K=XC;{jgq~T
z+W%$esB>~qUd7a-WkRBz70B)4psSKvi%pKJL&ItmO{jFyqb4;#wL{CxgVkAg@&Rzi
zTswEpdb4(po%?C2np?-VeApYjRd!)1|AKmZ+Btty0H|i%u|-ec6=kY<c5Io!K~bif
zVaJv^c_nAcvv=LI5+?F>8Ifu>99#0Bd-~?`xPQ_+@1G4yFw`%47B2MPqO3cs+j!MG
z>JI)fIPV_Mw<2eg!D;89tEJZM-&&bBa^*|8Du(0g{5*3VwG_GnRa(L<&D^tQ)}DLJ
z*fS@MOUY3U733_<>Qjj6at>8I*5<)4NYZnE>3)jAvJ_L-<;=lyE*H@JxLVHBJkeDN
z=2{7Zs$+FkL#HKiTst*T?Lc4JRw)%%(O@MLP>q^c3AJjUuS)z=lk{hSPFdNslliN*
z`StSr)aLl9S7j?Ps_dczSVM9yBhZ6n1JZzBGNE^~iaky<o68wKU~!T~oTanEmR~P#
zP>ClirQ2p0a#o^i<^@_eCr~9HPzgP$K3Afr5Hjd}IPM>IkIYyyrqykd&vZ{ZFORy1
zwQajle3J+zZ~vfoa5&fQ4U(%YYgodrHh9Z~D@LNF*`NWu$%Z!dNs)BrC%a_S^P}Dk
zs9m*|adcCkSVW5jYR$fSef5jVg0;LHt!%s3gE)0orv=Fmoc?8_%BUMa&;TAj?aKqE
zd|A4%RlVb^Zi_+d9dyn+NB!6Jqc(RtSbzN3GxZhT2!0_OH_9aSK_#Lx*shmQYU5V9
zq|Am~=e+Z>GpOgPLdDM!wYuSPl1v>APL?6X)h_0jK5ze5dlveCOc<MTC!6veoIqCj
zf9~%;EBk-!Z0+pqfA#-(jK}r=7$Ol&TDcd<f3snY|A$dxxnSVbo2X2WkLC*kP`R`s
z-?Jqgt|v$s?=P;;8&b?!mImrLAA!WxhxbHGSSD;<daBMQthx9r8%jt4qnv~|#i6?R
z!ma{Lrb?|0o7M|cv7ik}DhY_N!1F(Q*O-haDnQYD)~xwmSM(AVkzm$ro7Ag{yZW4j
zFxrrsQqnv`!IX_gM<gbq4O<P!ry0!=x8nfT=sfwjU9+lt=G{e$Zu-$`ev7SqCX9>I
z-eKF#+?Zk&Kya!^Zo>(_%JWcG93pe9ypkVMHFuIJ6j;+>LA5Faa*9=}rBlA@If!=0
zM`7Gvd`wot-xAk}uF<T>M8<KDr9{l66@x#Dg6W`+ib#aVIBZwaT&gXUV`;x}w}R(<
z28iYFIvZ;%WlWe;rdIAdRVrQU)m1z^8){JVwT<f}{%zhVL?yp)xnTl3+VG*-Vu{F^
zn1As3M6NvZd?<Mj$uFKKA$uzG#xJGzt?T7Iv{M00!vd~3(CBE>`K0Ee7LTKb+ec3K
zxSbPN$GZ0VeNgk`J?j5e^S_C!xswa%iur$U`}wn~|L6YR*ZW@{<+=6zuLa}l++WQ7
zj0?+_<+K0x7oPnqT?Y?6^MA2f-XZi)GQ;0|{?aryH<!fYeE$5)jV3bB^BT9+3x!?v
zD;s)2gb~e>uUewCLNI-{xxU8O`LY^gd8hu{>W{@_{|U9pkkFRa9bVwrx+oo&mlAoH
zvKB8T>kERM$(TxkqfB@smeKHq)A(AN=1UttU!TSH|2^#c*=N=M-|n+&{MY`oov-;H
z9_6|1JYQA@k2tsA%Y-(M{ew?p|4Q3mmFyOOj>)XF`33*pyI-ZfFMVsNhqDO1FiB+}
za6@ci(@u}8>ry{|{{M8#?BD8HIR9&faxYgwugd?lw^z;ozW;3Z>;B)PJhk!P=2Fc?
z!QVBr&Ld6!`rgfQZVru&9_GJtM)O#4zxs>9ZJ{?tZ3YhiUn*I{13XK{zf$1FUFc3~
zVAcNr*4A$I{D15D*ZUtH<#ES<Iz)kwGBIH(`CV-v`O_bD(w{stgmzCmV-bF-qmmbE
z2|Lf5@a6j$|0#>`86HUpC?T&?mL*HjZUD?-og--+?K~95gf@7lvX}FA!vm`WT?1wj
zZOVpONBLFvR2^MgYG)-k*KYA1*j+{XW&*OB7Sji5(JzlcRGLLt^|O^A1<cbo_t~vr
z^Dbc_&p)*AM;sL25|)Y)ORtd%QoO?H&{WdFpz7mTO^zN!gzFF2a*3@zWl3mDCHYI^
zJ2HnGO2;fo*{@otD@b0mbUKRIH7}!a)3zP77olNOR`@I(&*LFRzp`NkiKjn2y(ySD
zA#1{sFXyVKIEhGrI2P-GKncMg1*THId7(BcFoTQ>7TcFjy6!bvs1qxEWkN=s%Bq{z
z6UscK#w?s_-v$vPvHr<S<@yVzVZw-R-ZQJK7$xg5D={!~md#^Vj*0akL^x*DbcY9A
zAc03&v}XU*(Vy!H4bdidSOsd?G*Oiy78&63lbOE^!wQu(_rfW78@kFCm+d;W3R?r>
z&<x}XP&1U|@Mg4rTzzR1<m>YVpNjqOPjD3LbDjHZW7Ycq*>2VUXK#0R@2ma)7|#Zr
z>a_MM_m1v)9WXY`NTfov6BJC*7<0d24$)11Dh_;tqX@<k8$vAAkIHM6;s^<HWx^SY
z_lSm#4WM|eBg4K+RK7(UVelW{`#M;jQB_l-B<D1B_U<?Q!@=c1uoO3RTqC3K?qC2R
zNqNH`6VXzCHTn&I_<Pz?f9;FOxF!GCul$O(3P3}oA|O;?VdDp%Unh+p{2`h)e(*&s
zKeLpK8$bNt#s<7YDPb9h-eH$Fd})#4Ks0<3V${;bQ}%1azv2N4aqG{ZSu5ioC5e|}
z6vo((!~1Gu)%t&Lce^_NpY4A2|9_NcLnn}FG(M;d@4tL!!*6Vc-q!ajV+Dodqkh6|
ziYCxuTXOVZt~_7f8lzqXm>wU!lJ-6HgsjXGL1OYd4t1nvoJ1<&nN8~MB`J<UM?$JF
z--u<Q5C349T*K(l(+GbgLlO}&Q}79;?8?+10ZT9i<HD2T5uh}f5P<`crI@P>EOppv
zZ=XEZo~6uhG~P>vq!ZrHSf=8Yk`yN>HK~2nA&*{ns%Th@gbLK6V?r_3+5JR{2!&2h
zM~(5#oC%vCGHOx+Wy6T@Nl{9@9b(YIn#|bJYAX(dm@saF(6|o;MF~l;RFZrX-oDb?
z2@(NAB>tG-l&Ji2B1OSeW#*uvirYmg;f$)NJQPJX>@I}s35l>yQX-2>9tftZtKQIo
za1x5*ggO7Sk@zXroHYHl2`CGR(6o)&6;3Il0rne>jg8WM0`kQMoau}qdi`)-iaI9x
zdQh9@E+_>W=b1)wwwWH31i~4j!33w)SZ{dhwgH=1unbAkfKf29?p)Vy45S<i+~8zP
z=<R(7SZY=S`+M;EC7h|?Mh|wkw&Yivmq0>3V@!Zfg<!BK!4GVh@-SuDcp@N6^!$kE
z%pz29q%UVcE>beg>~hqDi(y7Z20L5+)}DHCfT`#Ypao}dx<~Nb|C@TN!zkg1(Cj1Z
z%w4viG8uN>4;mf}@?dI>aEb#K$Cye{v83r>I|W6vJ;nm5^GVh38OJFc9~Fxeqf_$O
zMkmdJCRb(rWFy!<FZhS95K+lLeTB;_*-=+0%1o$vmL`nLVPKMz&UKy%Jj_EYL!IFh
zSE%rzN44Ld%8)3kB$MAuc`HmN5vL_d+%}xQRHUO^U~R=cB^7?dGr7Br=t^z$Hb2>L
z^R{jKJ6lC@6Gxp#28TMAX(iuIr91NrIylxiArh&;ORfI?%WC^Pmxh7r8zC)Zj^jYf
zhtbxh8#=}r3Cl?--6&71L@T3FOO2cPPNS?k`NL~0glt!~r3<M%4K)*$scir6UVdyD
z{o)xQ-oRW}G7)jKF*Yy71bf;HQYPT{y4`_kH%nC07H6}+d9&tCW!)?{&1Q*eIn}?}
zy-?HosbZC-`~DhFEZo|*4a-lY3=go#k~_2{2ZF~XknjE6_twVbsxC(=^XTi-3o8hI
zqanw1ESDgJ>J$yyL?{V{Tw;uLazx3T4_YcpSJS+fa(FZ3JK>d_m$Ynr@BbNW_xpG%
z_Wy4g=4yD~$GN|KmfQckTl4n+v+eD#_Wz?id55<f9$cZ6$oaJm-HW461Hieqy$$Nx
zc0JgX1CX4;?Tida!1eXDKYwY2y3)JVr`S6ve(>Z=KM6<R!^;_HHzTd>l)HU^DaU}u
zDb}fxRq}{nO4)UU!!g!*f8|S+g+eY^wV6RfoN~dKzRO17H0H+IHTNuWknjkj&Ye}c
zHhGCS2`UL}%yeh%iTT;ihg)lzjiGGNE193o27vZ*z%+~Pd6&sn?3r${(|qnBH`XVi
z&DWUX6h#t<R<(A!d4_qj)WJ^DPLukftv991U9P*E6=_i;l}DYE@x&uEhtj@f4)wLN
zr$e4T-MZzEQdHzm-vlBh*wd+-HepKD_LIl$N@#-8Axq8g|LVQ2ZwxH@{i5inb$Xpo
z*!3kDwe?;5FXp=4NvnE?ZZEEsw`e<X4dSQ8oBKfAn8PK!cl{lI%io?y|J{n5$BWsm
z2`?JE7oM974@$Uef6F<{odtlc)?Vw*g_c0{_iT~&P)oAY0*^Ve9BrZWMUI~OHl7xr
z*)+^Q<0;QSOC<6yIWo6k*94UqrLWqVW7O^MjF{H|Ddr?1a-Pu=|KJ)RZ_vvdEP8Ip
zScDNRI`7T8Dt{Gct%I`5-<jIDsPMM9Btos=!%VG2COC>64q0l86fqS+)fX)+5=qs_
zp~hyVI4V-Cps`yDmf7xcsaN+vRE(U}*I3+)(Br(>$01W+VX;1yORmtk8KE89@LF`j
ztq9%7_dQB9m*N!4dNxlY$AU1O*CRJhs=g?ldahPf@I@f%w^r<qPkHZV)qGUh@>!-1
zY%a8QBxNom`wFXIN$&R>QsA1O_e;u}2F{X<^UI8ydSa3_Or2H4Y}ka8P@=0gpK)2h
z37^i>SIOe-n@sR-a!f^}5^j}cT;DUHcVF$i+MyvNSHM!>LA7L<7gaO#{H!`CZK`s2
zM!nzJ)X?LZh8C`%rp~QLHsAQ1-D9|^HPfh2$0{YN{gPbeA9>(vFGKU9PF4X$&Wc+?
zSkl)C5;|3C(c7&nl(rn>tlaBM(_8Bbl|j0IJ1VJp-h4qytvJ50Oj}A!o&>u*EUP4_
zy~jMOYw4yc-&(LLmd;JI9Xolli9U+V&1WDS9ERP1{v6|bp}(34dmUaZO2F;h3*#mN
zUrwPNk0!5tLDU54A^h#P_2g-3UrL;tJNpKNl@oT?6XoAW9`N-z6XfWx&m2AemrK6Q
z0KN`q+;ro&>ShVSX>OJ58XdQafYW(Zv<UrGnax+DzqaC82YEMD`5F|glQexf1qXBa
z)mM>W=a!Xp42mG%6;u?N*w;YT0ef$#zAC3_UjyBu#u_MBz~39%d9cB{SmzbiK)MY4
z-f*rNo61ax$gq{>Ia+FP&yVMWHFCE5H_I^Z+L$K8JpL_1>d={vR8r`|q*}@~tIcz*
zuu;;^vdIO?`9Bm77yg)=cXRO8V*8;@9KT#jlvCq;hI+NwG?{|(8&mvslG^*L^V$1(
zD*JUtzu|9A&tvd+qkJn<EwgJbd@8Mc>`hXOS3h^Zl<MzxStHj*?hn$=l+aHdGjlw}
z{_@p_xwgtIKJ2Q&WreK2F~4^B_FG3Zm;HXHu3Ee2bLCWBKSdQ%%nnb{QK|)J6{K3L
zTmyE8rBmH)T;)Nktht(TI>17$*;m~lHowr7zrsr^7Z1MNl_Yu=8+XyWc$_b|32ik8
z&1GS0sJZfeWrm2O(tzQLzkk2QooLIcE4A{@!MJ{(<=DA4qh9gUU97RrnZyk*_?VX@
zg&G)Z_2DE)Vdok2mK;2EH8CZI-C(Cy<=wC6aQU8q6?=8--iF}A%G(coxZTYMb3JAI
zrfbnTwCLP>Z&`{xOY!2pR)?XsmlUVh*+HGZE@4HtJou#!OXyU{twrL7x`L*jQuiL4
zn~m@FF4CD78+9GdgN^HectN;iJge5bIlY#D^7WD(%eo2MY;ISl<ONg8++92-RZq>F
zJm-jTn_Go!KCih6qp-#*VDr1;R^xx+-gbK{8ZMkOlbfMgYI`-Rr|uoPw?frD6S*0x
zrM4HNYHr|JAH#>eHVIrQZNt+W)O`vMdRY=Y$URAa2h#zPR`*`vpURZ~tnU{7iJ;h1
z7ZyKVEfKbB^}U#2FG#Of#S5;-SK0Me%tI$SFhgDNJt8=S;mjn7kOHFlp*-64VvyBd
zDeuDo%^*e;jkU+2aTU3sBchCf7$eGoGB82jJ}3_q^Q%y5$@P1;PXBBKyC!sm>UaV+
zf;Szt&}0;wGmGLU%Bc6I;}@6P>l?aH`iI@Y<x%Hl_o#HG{bI|c#Ps{0Ym|F8GT@h-
z{#LPf=A9F#&u?U*ED#ob&;DA{qWeg&2<u(m;mnAK8C#G<h#Fzx%y=-$Ws8{LnYDFt
z>9MD6MrLZe?!41GIUkhzu6@D=2E^tR&vx|d9q09WeAS@g-Z?u?GO5z!f^aR?>O%Q#
znTpYRz8)u;ijR??>PBC|ve%~<m+$*$Z;$$&!+U319q@bSnh7H$jNTLT3V>_!@bs*I
zcyVyv>z_OvE0?r!9~@PK@zAE3J4mt8?kM8<QN>d4Ra?=VZ0LK(`v-?-#$5EFr{~yE
z-Hfj@-)w5<b8AVWOfa2BJzol%g`(a!^j8c{b4%r$i<fY4);;W=ocB6M1ITa7zJ+I3
z^;Z5BY>;M>wF~^ph4SV5qVbfQ7@gdX#zNUn)XAhTr>POXb~C(KZzyL!IwDitcFc;O
zrg-*q8>Hy~+H?Rsb_);`mo2GQs(vWhBilQ>d(ZZt|M<79?Hz54#54Kt>Ed1}n6wtF
ozx~#F47^ZotzSAY<LmSF`TBf)9{Blx0RRC1{~(o-TmaSp01gu@NdN!<

diff --git a/assets/tetrate-istio/istiod-tid-1.12.600.tgz b/assets/tetrate-istio/istiod-tid-1.12.600.tgz
deleted file mode 100644
index e3d8f1431fb8564c7becc3ea1f6a22acb1c791da..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 82063
zcmV)AK*YZviwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYcciXn|D7ydlr@&SEJ4t#i+Hzj4&aZnNMRro}?T4<VG`FXx
z*MUe#LQN4Y0Lsx$^WE>l03gAaBtH|UWY=me5|05em=^{!R7lE#wxq#Me}=jAmUtfi
z<946j-QC@n&!5A;ySux^e>;1xp8ccqeDB5c=X=k0_d5UB?L6Ci{_G!U_m<(Pd=eos
z|Htl)`zj9Zfjl^hn8cE@NOZRl^0CArn|eN$G9(^lJ3ir(PACbwD8^hygjW^|sE9+n
zY)5!bx@bfs$C98!g<WW$3dvbzHC0^1*e6{CnAjFeA<4Y5EGHqsf|xEc#H}ox#6og{
z=j{dIg0iTKI$mebd%1;U`ip(F=xpIQ{-sbNAj0P~mhi4>B>G2ys6c|w<B)74fhPo!
zND>}%DoA_EaX`?J@CEhB7DC5F%)G4`Q;^T3j74{62S(sY-9d=Q!lP`9`l{DeMRw>M
zPl?!>5~-(bf)}cm7e~{r3$naqJP_Tjww@vTZ(#pu2UPfMLHKg3jnwS5k!gRcjRG}3
zI!@Hsx7sKo@{;ij8ckL0Xu`3OJn?11$<{?OCh5#Q{^w6>_I~ts+q>w$QODbRrv7}q
zHODlPm_~#HNMw#_*tH%0FY~V&H$r+@Ei9!)F0AA3?$(#yI^V?O(EkMv6C&<_0j#F~
zFFLPYJulM#7oFz~{lAark@t&U_LzoDq6y<DB@hTl0h$vrLzgrl$Y;@nPPeumJyLYg
z6d4jJX*3mEP+zeSoJb~o9Fl_wk3+>bBu|L@;h3szoO^>mcF~J1ggA*q>f=63BB{%8
z7KSvM9^;S0gilEqb#{0EEBF3ggcq2Gs<STId+}deTL{gPaTm2(TL?)!g}=5CdW8Bo
zLSuq3nj~SU3Ta~6m3X>^kp3INNK{RZeKN%JSoNdm&aQ6cj0l!+p9q*OjKmy=p{|8!
zBqR<)7>OyR=0yGcGa*8nUkLee(nT+JcjxB!oXi<tcG2GM^B<0>>WD;(F8cIY{izB=
zIf?m{$lii*JSFcW4e5Wd=2Jfy;OGR!oJr=h5Q&IRCN!EVMn&{u0LUznW0ph#bfR7l
zOpT$b@P_eIQzl)#&6=js+LjL^w_!#2SwMy)B)()EMvPF*f}SIo=$Ars)8Yq!?N^o{
zA4ez=1pRS&A=Da$3&IaRN{-JMll>l&Ou@fUsEiS3Od=!O_=@4c2qQE&I93ChW9gyM
zj0$u~!w|_C0mP9!5t0OGyfo{5sXlP%OmRuo$iLqIdx+kh9SUy?)xnZsB=kXr0z6O<
z3L;f+NFxto6SM6S4ntP3K|NIl3&DJf6+k!$I1xgPK$jmv{cW{q5tB2sR3aw68ZZgc
zMglUyNhr~Af1pZWA(A->6zpz88vR5vR-)0E1nC~=qTha3BZ<RgN~83r8W=$n7KZH7
z^le8N(m9oA#x7CFqN&<HG$20auzq78GZFEn1(6}F=h{Pu5{+?)BenHdB2mb2fUwV*
z5bpMa?^sWx&xAy5VpiAZ1PcX@mNJn)OL(M)dO=8xL%L9eNC|C(_cauhMLk6mp6$-{
zuzEp2)mt2*5RXYH0Kzy9m+B8ap>fETa}r6_a`x*8iffcrO+5mk(9E)0cTGp3mqSfP
zpuM?MYL4S=G$j$?u<8@e=Ez~&o~}GW6C4V%ZE=)_urKUN>k8<}cxhifMU1N=ye*PA
z4k-z2t0@{B<2c)~E2n`)0Cvm*6p{rAfiBEhL?z>D?iEuB*>tM@&f&JFH-2uO3~n4o
ze*k%SPsTIGF1n>XuX>zN5(db}p&~{&yu?eP>sjIgT}Na=c;Wr!jQTUZ({(*Wp@80r
z20hKjGX=y2jp4H{skSDI6!-$k8J1{{r9abu!UQ2<I@?B^Ofe5awO!c++L(rHj6)Q&
zkorr#h(kgOT7Xirm@jq&kx9Ix#BUxENyH9L*P^Yz8Hn2{XgiPQjFYy{BFS0URu!UY
zn|$;MXgNX=;qtV=UPhHOnQe332XV<Y!knNCDCDS^dO~2L$52L-1dA_<JRv-hglE&5
zqmnVFbIhsUYzkKymuN5?xP5r&4daM>#9A|>6SQQB!gLxbyny1DRL(RB&8xqU^b!|d
zBBW3o^Eu<5Ab!HBTzX?7v6roaS{|&Z9SH`UO=w6?lxo{WJc%TolO40wuF{^V;<Q)U
zTuN@$$jlmtgriHAguoe)&p0O{W>KIwptBx@$ya-oU>^vM*4sSvGrLsCv5ll!g&B@x
z5(zXW6UIr(M$Cr6K_J|<Pn!|jNHBCs&^!^+@S&xuIY;E9lKH3%muN;f@zDEpb;fK#
zvZcIK^jwX}RPWYdpk1|W5F5?6){kjKW!<t}tHGGFkISkSs~}G$8bEn1L<yJ3Oj3eG
zBcymlYC;j)P%*{rbbqT#St(thWd~~-?gmtV7}s*}1KK-{fT$BCkW$Vf#mkVG!9vXN
zf@ribLZFvQekW;%ub2CJ$X(5s^!T)PfY>-ki6ui58Y%*y7(9?u05@VNB1Xov<JTAn
z1Ye67N|QA#P`ZL?#^?|hny1o;&Xc(%AtXTmP8SXtOM_~m<8@yA-&?2vr51)rLA}xH
zjHZ(rtK{U8Q%QPp{PSou7;rWwE*~9{c^qQZt0quF$wNef+?NQ+=FZZ~v@B3jBQ7bi
zszCCfDW$Wd)FG{EcgBo_A?u>Q%ul6%NE~2^yXhNbIJ^5Mt$4|J7`VhILQ0R8Kwp5I
zq-gj-kHAa0SO$!4?Sq4H+nPCWBGhWpRFr^j#st>c?3%0xXyqpW$-wO8xCV_Ri2{Q?
zI9MnNF(}B@EDD$Z6U~*ls01NlG299l<AfT34D?Dt%m!k2t-*9>t&GU+u53^$1PiLz
zCJ4zia`w1ceLbSrDJE|toYqGlOz{sO!D|7<s5-&6k!}p>()gd&bf7V9cu3D3vm~9#
z8R0HXPr){rMi5n#rq%}5JN^Cvu~;vv61)^6qEhYflJ1dBL`a3yLv=9v-tgGKGs@QW
zx0acf);4NEo!0Ll)t3tXzNHD!8JRPwK}N&eDk?EJQD`1b(WMq-3rOgPlti)*@4SSE
zS_&`EM=BY9$Dy}@lJk371?+ZS>~>!5=q^*yV5Sh;pmf9};$%X&R<4X%t@u-<_m|e3
zLZ#~R{|P(5DWxis$R~=b8a`|_UtP@^f~}+_bETXS3=}#=>vv~InJ#?Q>58$O=_!Jp
zy}Elni>C|1ISmLH1F%p$Vu2QzQ{c1PTK=)KY$kEXOvR3#?45|n9b*~abH_5ka@IvH
zQ>(QlNl4~Ia*$Js++wk(xrkoalOzn$FUQEof}n_9dgdEYFdPb&N&*(Y6?dQEXiB^q
zW@HN<m~z(eq?F45OdbMV&IoL7Y1>Ed$+#y3nUBMz6<D<XR_xZWY0tEJiN!p%_h~Ml
z@61?_=BmR)C}tsrW%UlLW?Z2s)Xhp;(946o?r_}h*9<{*!3@?|xDTQQTfWi2msD7U
ztj=ta&BBk+6iaf6m&Tx_A7e5z$e;UU4RytDj}#pKMZoETa660Ef}mk=3Y4bL9h}j`
z^Di@PJ^x;^n1yV*G;e`o#+<0x4?GKimIsw$!4sm{If#i7Lu4``zG7WM7t-uOt$)P8
z8l;9{MKU{=Mlj6`lKHhM%rzWR3N)n)0(zfTBWOq^=!`7g|1*L@c4<r$MY_WATmXI0
z`YBQCouW(i8fWYF2qEH4z3i76!MOm-(mD2hBE)&+%sZtO$v&SE91wm!!C^SY{)L13
zk5CWVK}T$g24Fcr1|_Xc-peZy8h*7xY=SfpYWamWBRL48LDwaY*i<*Z5{p1y;3P<V
zJ+o0VA1fJtf<yw%Op*}#+D>_X$foF$MghA-ft`3N()Pd(%1~zy%~-;Pm!a!>sI+hD
zbW!X1v%TG2(b{^1&d7pV(Oorw1$u0x`Nzf#qa+c9BG&X`&GcG9()L_q#8)#lPeMuK
zkXXGM#UYM}@V2<=N^>u#Yl)}E0uoXz2<!xXc${kj*#<<~)Cf<F{ZuoBpGi1JKAXo_
zQjNjh7Q2iH*Oma?@0^I4W_PIuVF_J9z@0!_EFzH<+lWSfn1DIJ9A>MD(K;cXDh+Q;
zW_Upv-&$phN~M7v-I@8Ufbtd{9L6);+0kNm7^3u;#%z4Cl|kQij|>dmKPGVClO8~r
zaavw)F=?RmYs2!5^^{7A!*FS&(tvW}%W$cc2~|4dXKm1<fW?jp!oH*nFs<sEj;RD%
z&TN}rs$Jj+B~hkGhU~JfiAry9xQ$|>jV@}D$tBEkKzzOO$Y|IwZYw@d2$l&ao>q|U
z+x?Rv$i^hn{1W^P+FGs-Lv|_9B;lI*5h1NWran(O4iX$992jb=<TgX8eH^R4K>1N)
zv&REUEWQXC4g?t8VRm#k(CjbAfYnMc)XIT^&MfIR3h4zwK_uo_{0Vkt&ELH2SRl1U
zXf8o;s+Z$HY34#IoLvxoNRyRT3!iSKJkx!I-m9G(bEc?`)<Q#q9lM9A3H(S9%>9`@
z>?D4Oxv_?U=!<h*QZ8gVmvER85!l`nH7KRfxGfslIS;podeKrFgaI3~9&IC4wX|(Z
z*ddWX%@LhIkAxG`3`uL}M+>v98cfYF-E98h6bl7xj^Vh-+6Gf=p#BcvC{BS=pBzQz
zjNV}B!Ia8bGWL8n-w`pLOo;tw9J2Aw9E0F2B#r{i1F<t49KLyT&_3Mv=E0-AP8+&v
zYf#|GH4$<jesxjH$lYGZd>q>IveW(3uCX{uMW?i^K^7#E3GDfjP0F?Z0DZS6J9{eS
z+KiNP<cCCQArr6!WLguSL;GNdk{J%FeW=fA3`tQCEo17d($I2ZRu4yr2p`7;kV$47
z!R%Rh%~=?-L~f&TBGqCWm{J>tY6oPcwj^9HijY85dxJx>$=-vNouD~hI$+W$ca}u;
zmTP(X^r2<Q3GC{L+1MhPOz1~q>?tP<%@WQ*kP4WdV;Z53_i`IulE++O&Jrk=K4~T9
z2rf|QsC&_R@jH7I$h2yZTJGSllUkp!M^>(nS)k-3o*0sr1XCh2CD3KG*8Y*5K$?bx
znv*KdoUuvR=!SqQZW4oA7icM*fCGd^9&4y)!F~$VYk;ZFRH!$iIf=uZM2{tCyJ~Pj
zLbPV?C!8x3uV`1FqFN)ZYHv=XUgieTF~@Y;(uqTBdNOVZB*^>|?8zO~YoZu+c4#S(
zU_cY0xt|%Q|6!5Dp@IqZtosJfj&#%jBtw%V(niZCbfWrxsxjz5A1#>q1=g!(5lp0N
z>B^^+<0aC^RftM~*kzOfu5E%L^Dj~gN<y;0kyJZeBL-12zC!CvIZ<5*%5zhYopze;
z&o=Ph=osgXM~?eOXYYq&YTm*UiEdiPRI06&Ga$~AvBU4Q%b#aRFt|Z#<cyPXNX1Mq
zUBLVc!l7ys1%#u=uzwz_%?Kt~)58L+nSl}fW3HwMqyRMaxpu|_|C#LY#w$A_`fQ%J
zc;aa#z~FzQefHX>etTh@Rfgsm2uh<k3GErEBEA+8tRRZ0P`kt|o|o&~mgyoe$4S$F
zik3ZX6D3M%J)E2{Ip9Q?6M85*NW#$QIjK47(0&*apA#ukIo7y!_I#fuk=zEs40Ih+
z&S0a!b5h{vMru+GsnKehzqHU&_W(IFv;m#X_nDal9byI50;VQOb&{_k&=cwrPf@c8
zj_|fM=uJ6}XWQWGM5F1`>Va1t*yaxv_fwMbWGJyDlO!Ax`P7`87}Pyha>bYcF@njA
zme$Ug@hM~2k2y%<7O6RzD!Fi(TQLKlIjDYw+O}5P7H?mWrF-6#69yDR1OY{xxbR0h
zr`n9I`EkmT0+)>UA{;IS6}i)_5koAIaUuahsNpK<(tw&xBlL&RE<AHA9m>{jhirO|
z#W{S&e44-+n-XhsN3rRrEl`Ae;$K23pbi*)HlO3RATibsBKDjsCcG_t7L(NTLaQij
zqC^4#*eC4}wk-lHKvj|dhN}PU{x?+m=XT+DDp%&&=nM-KC{Yl27*r98vlxYlMcD*t
zVMlR;Oj>d61R7Z5>7yn%n_BDfLguktX4VBgSa3Cgx)y`2DCS@r$iM;F%4}h<*if&F
zTBgM=jV25T1DjJh%)6!ZGZz_WG2Un9NKS<0)Hsv?v-OS2;pjry3@VN~$B|l=|7i!P
zgg`;$cJ72<=@dj1j)4`75pkrb9D>;SwZ_uZm~afncHLpMtsQJhB$Y@~;{Yhd6UQN5
zGSg7XuWQ=Nl(vE?&=_u%sI+akiG^|7o*}3{O}k<{g<Q@wm8~1Wir$RFlx@?FLCy#@
zgIqZhW&k{fYQ{?`Pa*pHI9I94e%_9ugjtOvEL>Pa6tEMZ&_Fmq9EWxcy%e63qElNd
z4g&Xx&ZwhWuM+zF%}Df)mG}`7M9-Mj<_i8N%ojU8i+mDGv17q$XSV`&f=IMu7PQT`
zok!}0@e@wZF9Jri4wJgc88f)%c3SmcW;&DBuy95^wyZ&rO<?})7!=3Tlu9dS?#|L}
zKOx@KQ&<B{fHBYV8{v}(bIODfO;1io2VJ$%%t>Z;$f>;;^-^Ie36Ih<GB#J_m<0CB
zNDG|MV9bL3li?5+BJ+g+{ikglzVzR%PoK2>dCILg<7M3Rm`LoU_0j*a^yvSz(C5!q
zb<-H;xG?<lr$xu>bi7?n_<T+jE0vcF4LD^=_w9#R<jjCt$!eSFY5SZ?wHyj{^!)4Z
z5erEAaoZ@UW1^-duM}JDknuo&n&S(CK<Qet#L9_km5kSlqG1fgg9{2Sd}HEcqm8Qh
zj}7F=SD<^<=7?1YoZGfL3T<tZ?U)nAK)_YbzJzX|7wy0ZJV{~-UY4;tjhQ_bY4f7y
zAl98+y;<ySxkq}2hHDM{v6gusr*dQA7}P5{ml%E0HremJ8y%jWbd3pv&SS<UHWGx^
zbG3s(7@BFHfoXXLM<tFgmKIqJ3TQKoMorU^-8-7Dc&YfU&tR!2nrt-Wx%Mi}I;!mf
z;YxflnqkKEK~`2%xNWpl;ZP8vbvr#_!c*H9JNl(=!JH~Q%2=q>j39NqY=vxkq{_B(
zf`S3xHg{wSbx~_hh2JHdGoHeKIMHoK<T6}lPAV2Q=OD}nR7&P?&TGnwmwm>`elmAO
z32g}kwJMr|o3}OGf>BnfAEuNcLyppk&>7M8Z*Aq(Zm1+c3P(g2IZwN-sR1z_`U6$s
zr`8X<+du67u-nowek_$R_bd>qsNF@a?^|2>F_6_ms6J?rSX_u5$?;@D{kG=LiahS<
z*1VaVhmVXWSetxQL>k;-4a>480QqU^rXUZ_a5N<f+|H{#@7b=m>+SAzUT&*jd-hk$
z)Yg8LFq?J|W=sY?eN4cFrnrX#q+8#H4XD|$J=smGK%=IEv6&UEtvDnhH_aK$-{;pR
z`;c1~dw`l>G*hYk(ZF(at&M0ZAAF28vSo&@uD(|DS3t(e^e-h;|8<FZM5F0nu%G_2
zyyY)8nQWOOKeO#jK?9oJaQ2{i8#&IFj>?p6JEa=ZkWAI4GzQ>4izNAI-3{#L!p<92
zooCVoK@&_Bn~FIb6YCF)sP;zCM?N^9k-`gAGU3KmBYpiwza7mu5i=GBUG!|%?Ud?c
zEEJFsFJbz#7EPxVjM*#-M4@eS1h%iL4s{7*6tu0!ge#GKOynhjJ1qI83+)Y{blOtN
z&GL7l98|USb7r)%A+2Z?LzT8Pl(VI!wf1%^tL^SR*VZ)GLIj@T3P$jiLi&tzMsO%+
z$e$7aLU^cW7#W)&BRH9}_*_9_7yuUwnFzIGx~TJFcQ0K$Yu3_+XTW!EOg|nvjZ_C+
z^dA~u&}bWlbUKqll6V^hSmJ<9x65bok21m3_53hRvqY*{M{oOsZP*heTA;V5r*DrA
z&U=Hw(P6)*<b(76*}?w7$>^|mG_*#XxBY>V4g(Sas!eEUuv9nQMJ)|yN)P&0a-ohR
zvdH+Ixpy<+EK1MVv)u@mGDRuCY^%i|@Ef&7HFeAkk0^;G4V{BqDgY@pC0Dzqm&yF^
zR9QF;9;!B7{R=9egKM`L$ZK%5!t=~`EGv@%u$^98a?Vj=u+y6@Qjqd0vHt4VyJojk
z)w34l3{dT_W^Mtc=lenG%cowED2N#a9jn5Z(Aq-p^r^Tmmhp@1h}5742(2C(S#Kh`
zAmI|tSzu&XVUJa|wZ>t6J2UkIv`y8t&msY5>eAYl9L>ZPk=Hzr?tY3g8ylDr=zmCn
z`n~kpAD9m$r$mXD*`-F|+89K^vr}tO{o$E$niPt+&Fo3Mo`fEdNkAPVd8Yh6yLqK8
z5Uv{0@1=O<73^2eZI8@aXNZyR)46`EM+cYCa1kXPQx>+Ep6Vx9;`A`jSj#|`!V$8<
zVeY=bdwncilqLdu`l=7az`H}6D8QhiBtQ(8B1xWrX=mbe90rRN%DLAh3?SNema`SD
z8k<=kV?(lUwKctJaJpb$m#eV_Y7Bvc7uC=LhcwVK%)j1`44!DqpIS8~)EaLO7*p!|
z(nT#fqdaKGn9F7Rk4xEtiE4oth4WV5jFstuOR<)Q53WZZ?xQ)ukubl2QB5e};Fw~L
z=9Rh@(Lcf4P|mCt4Hn?b88MfX=0wcwi4ct>;n<h@qydcVux`aecSV2Uq);+6*3D>*
zF<kB>kz&C@9}Gk9<%?%HT3WowXd8xe@`P+#pXmr@)W8SVqd;EGZ0BYoj0bxgeiK)t
z1T!T{{f!ZxPC1#v34kJ;5mB4L96{x)j|rNPz+5MlY)Vq}ZCj^8TkeumDM3=y2UFUJ
zZ|<kUNn#HF?Y_s6>(v7jq?7`C=OLXT0XVHKm;yW(#>8iHJy+I(2Q!%{m1|p*af1P=
zl|#*gnaP?-)XqFY&}n2&5j6$Sn1l01Le<o^Ifb#W%o)~`IgYejfZBSAWKZ+l7m&uT
zjy9}Vgw|gDW^%|!s+~V<2ao??G!l;yF54_MIM(OLI--mTn$xLWLTwKvmwH_e_dT=^
zRx4p`^|~x&5gNVT*QQ}A&4h#1ReKsNh_PyeQzJvh?OV03#-W#YAH___wsDyB+;vZ{
zF2m|)MqtY)u%3o(*DuRnwn@csYtdH?Jr-yLj!FB*`lQ(5m<WktwU?DZV>l6*I1pAc
zSxk7Y7POY$s!+`y?pLvt6nbOq7G|PB8Z=7zFb=7-J`w0(f9SavqMRLXjl<SKQ*HOO
zT_8ajnp(ao(%b!N{^vx_SRk@v-w&pK=K~lOvRbgK^gcKofH@ir<;+UBa3=`$5BJXy
zhXpm;+sH_9tdYnzuV>lX>$NnYh@<|Tjw}l;pr?mQp<NSvbU4sE&PXcYf6KV^(s|Mf
ztZi~T9opUpa}Y^|+mF4-n@(A{)N`1d2WZ`jL;;dB&XTFVEtUa#toByhu*UR+*<3R#
z&BY$fg=PX~KJ4X;T9~Bqc1$mNn~GKfXVz~;v3U1*N6&jYg{d588?Zz<Ad>JobZ$s6
zxDJ5CU^{uD1eGmq%)!BH9YKMYV3ErhCfK)}K4a|LCeq0X3y9Kpb=g7#nx9dLge*`e
zhbCI0`83-rYMY&y-C*x%S@g^9Y^5uky=udd`!rB$YUjs2uk-Q;Z`bSW>^*O#g{-{l
zR>M}5?0E2>b1^IiZT^SdJREx)z;R~Kr>hXDv$B7SX~sk2Bnx%bHe$A^<+=WEo>=%^
z&URjc`}y-{W?FNTn%+))XXvXA^<ekGwsBlR3l=7Gg61rNGp!4v<y@su2-kKJ1&)KT
z>P%HQmZ9jAyw(lO%Zi@XIFd=(My-w@(!wP}+2Kuk%83>f8*;{pf><#oYfjG1Rd!qo
zKAu+L$?<L<{JBxV8Z2>m0p1UhQi(x;@lY=eGawu}Q=~5QXg)d`>JUjuX1!JnA0sgX
z*IaO+?e{XeIcEV0RbOiU3OBdhTT{cdL#vb&2#Fn$Ib{R(t67D<Kbu5Ivq<fuo(i(=
z{b@JEf^kmL95Y;+%MvkXA1M*;DUN&A^#~ah%Qzdz9{L@CX5rL~2uWsOQe!dlQpx=|
zWsOFXpX1m#s$}fg+e$ZQ9s73lV9WTlo>cPooF|d7AXVx*wsKk9$q?2kI$G^&>1KKY
z2_?YBA(j)y=US>&2nbl>V7n4V6<+lQhvpK$<4}>^bl5`LmZP@WzyM`q<f$1DL3;3`
zxW~WVkC0>+1U!z=a9<-Uc%USKxs$0a+B4Ae;GW0Xn?8E=qVwZ+>O=Y5>v+$s84?s_
z3|0eho`|I8JFdCFEMvc?kKfH$o|^a(s&DHj;#g!%`wHgbjcwhSF-xlPSaTRo0!uf2
z3=<%86JR+T*nX|#Hnh&)Bbb_@Ws<|u@F~(aw6x?N1>nl63Z<7GtwGMqh*@^!4Y~ox
z-H1i){}9fMAZssR4M#)MgE1iMzO@B;H;=<<v?rsU>TRE0Gtu^0v6WhCGy80@K3rY{
zxi~WQw1Gr2bVR2!Ig})}1KKxHARIS2`zhs`3XuPvF(Loi{ci=$KU3(iBw<L^eq$`O
z)!@7YCc9gpL&g)#0;8=Ewj%uBSj4ltt3NX#y8~;>7s+@|%?faAe3{|8jIO86{Pylx
zI)K)9Pkuffj?NDUPrE;K_RPUvYKZTa%C|}uzw8Jxt=3M5-_?8=rI+Z;==1G3ZQ!vV
zkjb>O_w4zLm#^yXZ$3&9NiU*tI8-Yu1D2%Ygrl|6{k-h7+gjb`_@i^MW&8m3O$vdO
z;v{06-e{fUk0(&}baJdq9za2`V{hI|cA;v6j&gBPuGWpzVNA*D_R~^X^ZK}>4&gXa
z2%qAcMqL`2T4~@oYwpY>EPa}knmg0xO~q7H2O9F@^G@e!wHL89|7l}*(a*Gu>8-rr
z2Nno(goA8sKJ?_cKX__cBT$d*UZ980^qz(5E64qTiA<-uN(4FX5AuGn1v$kCKUQ4K
z8K+Be4YsxD=3^yf{PgyMyf@YQS*>mK_TLB9?PY#Mj-zKm5)e6XM5cuXC07>B(p`vJ
zt!+Cf+l`~zjF*n_cTN<?pkki-pgGZVaF~W1K>gnN;Oz95!~KJ^r`ph+NmyenOdyFj
z%q+GqLzKWil`K7-q|Ti<<Z~_fs><n|N?1$H8v1AZ!dyi8M?U^*>hiX8aymK~dh(;Z
zofxC*;(wRpzdnEUqKW@~FOLyfKYePOP?6{f`4icou=Z*)YPFuC&!5|$K9xUx{;Vo1
z+2Zr(mUG`5yr4iaA;JH(wKZZWB$!9qlMatrBGWrNSdeXG0%d%sPu}$5I#L~)3oqaW
zi9UbM%1nv&X{#!<bwWN$r1&z3gx{MB3J9aOHU>k<(@5VPaii>&LhBi2a|fCn@g;<*
zVhKm!pac#vMCv1L5*Q!%Ig1J|!<xN(zZ!x%m#59^S~r)S&8z5Bpf-snjQiTd>ZX;y
zhr97aJJ8yzGT0v6W)iJI1hI|!zZ@9TmklTw1u)4o%mV_N(lklqYODdxHoKGd)J|Wm
zsUMNcD^4Pd#m<-r*|sKWxBix*;`W+$z<jvMp=BXaal;;6lChwYY;BDQ*v27dDx6T8
zeYImQB*Kvjr*K*55)N!-+8QXH-ZUgTZ^-oj8T&uJTaZEU{D1%WpI7ztKaI<LJHf!$
z(f^kv`v0=?@<l`c@8dCqU+u75Byg`7#=GwGF^y_J;g5<GyBQbkHyTZM7JFkNacAp-
zMnTuPTRLDtcC&QL4d~@21-K=SWm+{iWs00c%iK^Z3nB*5J5#$00zVz7Qm(J7np<Q#
zhs8pdD#G+vDuG%L|5jSroUYkRCRrpscBzPA+xi>jT23Q{xJ@U~MZ_+nwCQq_sWQ<;
zEim`Cwv-y9#y!U$&vbZpk?W~?)e)N0XruBp(&gdT2qK)Hk%^sY2Y2FF>?}I)UgJ!5
zO#)ut4SLLp<kW|iZ^OYyH}!hVd3#x%QA6R!iTPb0v%NGYew=u9#T78^c6-Z#?Kbv*
zCH*&6Th4BW1FWY1oz9C_dqw*H;`z&l{@=&rZZJN^zS@^FMT)gO{Ne|=NVBk1+8pMb
zv5?eK=C*@A8*IZ3c47N2=rT`28%MHqBH~=Kgl&&w`j)dKhKP_jm{Xx(H0OBkOhI%=
z*8>#&*0NCy&Go^&Dqt!s2p>b?DUq#h)KYS?`WJ3^sy~uAz>=uHVtDm?-q}-=2<y1T
za(5MPZ6KLn*li5O1`sa?^f8C`bGA^Te*bJA#e^GBwd3KK6MTVK7!Yp5^@{W!Y8uHB
zgY$!q_Lg0`GUq-|Dk9hbEb0G6Ld4GAkI#PC)2=-+;ExW-V{fVZI57|x=2j0V<*RDk
zX{2cPWp<e|_gd{j5=nb3<$i))>b^+*zH)ELM@b@>nCx}+0;LNBD^;=X-?x6>G8@@$
zQ*C|qjGJNpV!Ym$4{$zG#57iB2sM<Q{jv!CkqC*t-!aCCaRQ!Lfsc9WDVl1T_0yP2
z7KJIQ8hRc=RJ~*s<Y61N^rcVrS3p7{Neh*i7PYJ?lthwKB6Ojz5HK_6s;u@WN+fFs
zL=s<SW+tE&I{LMZ*;XWZF?A53p44eKYx~M+aw8&VV9X~{;w&+N*$OaK^&hi9z;<8(
z5qh&|?*@38UMB{`wjL=Pf>!E31#`uGq@9ES#1$qXy|S1wqMOo^Yy}GxqaJ<(#m1oD
zYM&N&3tc<(U=2CgWL(?G{(y_i*B|Mvjm@xe=ft<)d+bKMSS6cOZc5-Ga~zkt%Sg&*
zLWdLca?F@ivJV`A7nzoOT2(U{M$2oXTxsplVci8<n-to?am?8Qhntl)^Iplpazxh5
zh@rKsR{m<k1rKU&Ag~2=(vvMyB!3$}Bvb4!+tvn=hg=UnU7&ZyTf;1rWU8dSUXnVt
zR1x^Rpiqy&(14E0S%*&RV6mQO!~J13AVoc@3J#G#ge2`KuqiySo1AzL){CV#IINfx
zXGec*8%Pvl7$?JxHvIP+3y*ix`R&MK6&od|PMr{9y^iw1LbQXVz79LxMllnDj^TvM
za5wOgv~iQ*hQekv&BP4baCS3%R3IMrht_j|d<4&d+$m9^cXvS9QdENEG+BhKUeYUx
zbt}NtAu4VaT;1fR6KO4Jj&0(JWJ3v_4|$^;i5A}A@aS}OesI!zeROdCwl_L>-~08v
zH#j`sKNuXH{(5|HGCJ>{o{Y{;kB$z`o}w1GM1YBL>n<!TX7{u+4*C!bEhSmJ#K`YJ
zk8omHRw_4l4?!xrqu+1adVBL{o&9%A!Ab8%X5cmFe|s<X3i;pnc6VPj=YRL|T%S6<
z)|m0&&A==q=D5kyg%vZgWsja*GX3SoZG=ZdT{UF+xS!WK7~AYztaNZ%q0Z-keGoi%
zEml7))_d#7egDJHaJ&}7?*zZEh}~J;FHO>~^i=bIYiMczad{zbd<4AC|7Z94i^BQu
zt4@>u|9+l=Emo7?x(w<C%9_zn8~?U~Y(k5GM{S~-YWo<J<uB>K^KJX<*!hR)_F^)x
z@HDAg;lI$I36lka_LZnA&2tCOYWja4{-2%B?yFZN|Ifz%=YAfw%S{&7)|`l0N@{MB
zD#%_LyyI*^>+=PnyURF*?mXud`Z8Ik(9QBr0e{UUo^rWQmhjEX6>^x~T1i{q4ArHx
z<Z<e$K3LXKUMyals4qd4R9`Gv(07qdlTql;5noJ05Dm~X;Tc=$7137KQpJ5!J@qEe
znY}=l-q1zE^6gsvq__Rb1JV$9X;+>N!{We!vQ(1#N^}<S(B6zESu~S+DBPQ_n?RD4
zFHCqS$R@LD0#mv}$zR^AoX`KQFI@Ucb@e6VSDHuNemaR6&OV7bjiiOiYpp@zR`<u}
zosKqDTz%l?Qgm+Qg^SXaL${Zr;g<fD#%)@!7<lO__4S72+;+|ltKt?ky24H9bccRd
zJuWxSD%_gR?+bI0`qQUt)h`i`t3XqEOS!mfZ*mP9)nA3)Y`oPFI+(GyyW6^x`N(dC
zUwuN>UOz9+i+ctA>J#IDdJi*`yO@9Fxmgnc0IduHaOJ7V!+Mp;xe8rjF^T#l5{Uq!
zm!nQQ-=jA=7$hnbD|l5yfD<Rru3$PuWb|03+3O^+$>zS_0o@r%_A8!;*{nE{Pfm96
zj7)+4LNp3g?>|(G)t!)9>7-ixDTnnf)reS0?8-+c&1$61f<1?80QZ~N@HcJUqxWCJ
z6AQmpZIS7AUhH=EYKOT&H&<=H5{FiFc&qn_yicFXV1E9r22cm7^XC>|>wAJEzHnj_
znj8Ok%ob!j4MGQ^8jS+Fppf|2<Tg~AypHxbCwyuox-xQF{N4H9#GsctP&(Jq6_uvq
zVDf}96Q)yZQ;_nQW1aSDh9ksDn?`Dn+uV!2!6C9)MKn;h$2R(oaXO_D4k1iM_a~dV
zz-p!*`U^HAY%E)6Zpy-_PSa$P`L-&?si(EV_~~0?=C#b7fHhyzw)vn<muQ`FR!??S
zq$C<<k=(BpxicR!@2~dODt*!xOpij-0EQXqUsdfdBsraDH2<Y;s7RM0H-uk~Iv9Wf
z&;powBv+gn=Ho95SK8_Gl+2hep`qfQ%afuzxPsU`U+}54|7Jc@w_*TZWB+~m>iNr}
z{rB0cCjQI4JXII0OP8x3!X5kv&-dWFIWJw$2-WQA0M6fCkmWY|Zh=E32IXa$Y$G4R
z)LEbuQ@9{YB_~7vL8$%tbIT>|`r3bmhENk9!t#%zJjHbkfIdqisr%>kQ2~mDtL0&Y
zz+g|NCet2gkofBzcxYNf(HwsqCVWb&deP;NO$o;|j6c4MaF#}WMNOxi0f}gfqV69I
z??(>4X37?++9(+eMZ~@#YF8;cB~&Y@NR|_rp*Xu=Jz;KCRRG@@<U8Gw>akg>(pITS
zt!TW+(t;ar-z%(ex&VbqtJ3x>ma5iZw4NTsEXWgrmBgU7JM37+ii5APcW7hnfU`M~
zGm?m7lG}8UoymMs6Rcxdx0G7^yj4?1_#DTii&~N=WCf&GSm{dQ6|<mVZ!F9Al_jgJ
zIVJdVBsSk%!~!xj6eVlHeOsk!RMgD_Qko!<^QAkv1Lj_>M3oY#W*}ANRxKY*R5j45
z8ecBeUxuy|Vca1*&z`+9Z?n8(S-G~6cv1tA9grz3P-~}ESOCZgmN&qfG-0h0N3msF
zTUFbCMa5Y%u0J(ZA3uNIsp-ujj__L1rf#XM#MAl?)W^bv*Ieth$@)z?neyPWkCmR5
z<@y!793jl7!aXBuqwHdHEBC(Lp0kKb#%VO|1p)sFEO5_j;5SL(J)HzI*Jaye?$^gp
z=TPFO@(4;TWS4$xyVSY;tGmPE{13sR>S<7g90v*evTFaZk4rC~>$esnH=lg5zg8Q!
zN_|xd@b$Q2NNAW$Y4KD?4aj`>sf40VjoR6`ASA{iT@WSiLG<mu&N)C?)SHt0SV}#t
zsh#7K$RyRxHJQ?sfk`d#!>;ok_!>mv?V?eCu&Sm)(i>ELwNce9;U{Nf(#_SGNg2N-
zGXD~x7|U4~?POUQ^V3l=WLlk^G*>g9Z}eI2qoi}f5}AH|;d~|0B0v9{dY>KqayUFZ
zJ;}8LM(8|gtq@N?m_I%g*4j4xulJ+#!RgUq|JSO<%Ns9Ed{#tN-JHJm&_6gErGbGr
zYqyjdpr-xP{qvLF@j<!KH=NCjiwju-(r9e%Q?QH|KSRX<poY~SJd^aH4x-_p*Z)#r
zWzJ7|*oFsZzZ~`t&U^j->AREB{XwThL$55HRe<>KcdrlnrzdX?-&Wzt&I0oto<uw5
zqVbMCoHH(-PK`>6Ork{|i#Ag;O4Tf^nW|B@5lhNPrBGiwC@Vn@C%{8IkCnQ<YNw6P
zdi{g*Vefcwba+xZg=MBtY`jA5EO%sXG7Zj7N2mSMqx0d(;hQ&yCvVT+oSvPZz8k$h
zeRs0IS^ud*1vGpZ(aD5H(>ILUG~P9&Y6CzHPi_MalLNj6jKksR@O1yYx4&OW+HU*c
zwOSe}9lh30RPUsB^y~0&xNc6?#IdQGiT=^M;ppJ({IGVyi(VCON+r+9$>TDtEHFfo
zXE|{^YHW2jo%ae&H!D;;#p>*pPn2p-!wj%zo3vHjSG77FG7`*b6fVyglW%B9v`4au
zc%LhnL_P6N5S~*3oo{9R(D``6BGp4hyFQNbn1)nRB8nU!;4Ch_Yop%Lk@HSx;W}0n
zKUcrj*)$U<%IQ}t>5)#E0|8KSus|L!&3;O3BaOFGp6SvYtR#luoZW^iKpS_i0S<Eg
z+xE<LqT05I^mnSt)Iy)1rHf=tO1yG4v}rcK4X5fV*RRT8!Y!Y5lTiL%S|g2iBFlU-
zBK|C*I^D6N!jX=R!XlgPC_rtSFLy@5SZIGqrRwfTqH~(+$T+Bw(+om8k^td}BpeZ?
zp-XU5Pg8s80g`zvm-{s5`Z*^7P3B#640+Gf4|TY8vrV&V!^E8Fl=m)lg(yk3mAo7`
za&uT^4^9FI;a(-%i$HkLy@!*aC_Sl%e2l5~gh;ib=g+c~IoYGNweo;U`0xmw#ya&u
zSLX|ylE~x<<}9^E*X=^R7rJ?(&51EEmeG-=eK{Ls?M__X%Zd$L>h5~`aOECM{fJ!n
z?(0ru!DFNT{I~M_-@Me8a>m;?ybreK{_l%dyM_4wd!4-(d(HX(eLVFZplnX%P#>Ng
z8bs*d+%>Lk&SO&KYJBDH)>jT(Ifsx8KTWL-K5-B`O|lqiyENDygm#lNSGz1h*jB|k
z2@>BVGpGL{o_5<bx{5G<Xeg%sg&iwuX-sMvkKJ=WqAk=Cd7OH$LrJ$#%T9U=T-64g
zNVx<nc-~=6r|fdFU)iADz^BkEwB1IRGwRQ5RqeBCBW1_ts@zt3?@qfu+wYSk@-^3>
za+#$sJ|UNO?o4Ppg~|#NGYf6)EsijH9CJFyeEHaV?lOpMu?_sy%`&Ti+cGIx;cBK#
zBBGjM99o9^e{u#XM9oHm++q4Moc3LW0JIvxMwYPW^0cPe=*(BuSz<y9LiSv6_6-<}
zhkT4f>Ql%HohER%HMdY%lC554uLP07_~QGn<KS||CQXa_9HK&pEFQC!x<<d5o_^n|
zkc{HmlPZ0pf)mL!h_(g}FY!|7cdHI>YsObqz0Q9Wp-73-*Y2yLc70bG@rZlu?Yg?G
zG85KxU(sSFY_&4uVXM+sSh3DK-=o6`WZ`8IQ6B|LVtbhp^4MQGR8A=~I5J`7Z3f;s
zo)Sp=XOgaCsVYcK5~IN8V9xCYcr>YjIulGo-D_*0+Dy|7s1GFQW)3&zTes6q=?!WD
zDCeE?AJ0uL#^Bsy>v=B<&J7zrKc)iQj!4jgO>1rhw45tEkbKz?8pyw^h{||DSz`9P
z&b6J(C`|<#b5K5XJBIK(ZbE7^eE9SUrBGRj6m%N;GK}Z_8SyX958bXlfBxWxpl~}8
zIbXCVGc5j1mg^8It(>wQ_tK?#)kS})9pZtt$a_m9YE9IiJLx*LZ95?Uwn|%~=vr|j
zKuv@t7tpCqSyuz74a)R|0OqmZ7IYqmBnNc%x*qVX%)LPhIe|-n!rRqw>SV&3gPFTw
zvlh6#v9y}%=C1_ZiW7dN{#VFYa#JVpwedg7@t>aWHt`?t<uP2c&mgozCLLDgtxWIG
z;4n<ZVnL=5Ts6DKWy6X1jFXl{+nw*-c-2WXVO%B=mLy!-81YI(P9pkeVp0g(+dQ@>
z8tHuc5xI2IzHB4G&?P}w2s(|n(k5a~CiJ6X(**l7qpoD<klp~kfBsz5M^l|k3DhAa
zQ7*<rLCV#;=S<&sOsVg?vm;Ag5+3FciB{EURm!Kvc$iNwcH92<s2t9*Mt?@B5pn&n
z23XD<0ZqGu*yQMi{(by9iGon4KGwYXU^0Qgf9QloO0aSQ32O~mU(5atwfbiVz0rXU
zzgrdGH?vmgR7RcJtQ+dRlFJfKtXJ9_Ov5dN(tJrep=rK7$Yt2tM!M+&D^PN1nxrI6
z>Ypw~8<vpfO4!ij*=gI8>>Ue<*hVHcuh@p9&rh=*SYyyJR)u4Tx@|a+D4KFsC56f^
zha4LYVOq)E#dAzQj`_WePAy{)f&;o%YQni|Ls5Qz-9wM{p)GS;;F~f`!JUBOe6BZH
z8B%X#{hja8kVvJmfz`<<q{2gQC>Ih5qeM|*a`Wq{*;ZRd+PB&4q*Djm#CFiff}l><
z3BP3f(N{RsK7;hbV5&g@BXIBE8lTcFxAQ$ZVW7ZG(3nYQbF11q^+nqBwqjUQx&SWa
zlK?XJnuuDasM1%n{cP`KYL@z>aM$@sKuFwY@e+AY(UXAs616mY(^j?2!^vwsMNbRX
z(qZ}D%E8B&6P<3&=JL28%We)Wx9mxZ#)vLDv`0zCBA7pcTd{%C!<2NbT!lX85Z$hJ
z)~mGvxNv9MQ3>>YM#Kq|2OlW}-qLG*g?XvDV^Hengvpv&YNyu`a)`O7>QvySwpAFM
z)Gq~O$WEu^i9)*qwm!W*jM81-B{~(><Uy|GL)|(l5~f0e4qK<WLY|Or0A!KYo|I{=
z_Ld5Av^M={Qn^^`;O$`Xt<uC5_*jc1X2@R}M~n0(a_J4oBo)L)FNzs~rZwrJLmjhb
z_P}L^MS890mZ;F}QJ~F<$+algovm*D(q@<9t_*L{FR;dLrI$Y4$l~>K-%y849va5P
zr#M8u!mMY2Sz5+LSb_=RR`38PlKq{r;O4;9SQVQnAAg6Z(*7H>AfSRL;3YLqf+@LC
zAdq$O|DQeIE9U>%YvO<0&r^Nh&xm>h7VM{Z@LJ;m$-+IjW+QzpzGLiQ#!6ICzlkOC
z#r=X%F|2^ThK|sjM!hWdMQ4+k7UkFv8^%CbKgHLMU(tl9y24XQ|2e?{;cg<UyUhRg
z?B(;_QvSEyhW_8nbNksT+hy$8fVSUBhAachdXiX~qB7H`^eJeT{670)uOd}_t4f=n
zeJvy^t|$S^k$=BYO5U{@zE>uAhXj`<`+P3xyv;;!LNqC;vm{^@dFfYYw!KOk@^lV1
zO4V7JgHtsXG8~Xda!RT*f#R5ES>9J<BlZ&^+1$Q@({2h!kzZW`{yWM6d}rOQ&f&YZ
zJ13!Ru5}x4>;~9)yJ^MmCs}y4XkQiB`Mz@Rm&d*0u(=9~f@4z7J7u%Atw`j13vexP
zNP}C0>~|+Z%w6;U4duTZr2$^2|93hsiuZq>J?k{`-+erHmMQf?ih;MBF7*q{!PPSY
zTObV&ZsS6+E95}^(#YIASAJ^fzs9+?#M7Ine_coaU%lMhE5?6*^{UDLcQ4N))C+Jd
zNubl5m`Dp&Az9-SzV!&5nY;WkmNV@pU>umh|HK$FQ`apdXyg-wv(sXUr(2M3jz%-W
zNhHH1(h{YC2%8IM)K4o_dl@&ry<g6^_XfVaYrT1^{dwy>dhf%h*A2fd@f75T?oU~;
z9=jAHJiRXm+wZRKVe684g-Gd8R(i><s0BZ->*^}8$+hM{QF&5On&sO&jrs0Ndc%IV
z#vOKJFNyEIJ}*%1eda7}**)cf`1IYzN;KY+_uxHQfpV!^<BXUH2Y9MvkBn+u5_E|p
zxZSIz5PSPbq}P$^-5_<&EaBA2uJm7!Si%jaW#pR_T~`vdO3s$)z*6A95?{*-oNs(B
zACRwQ#rieAmUrrF`Q6v)Y*~Q_jkD#q=4@GQ|GBBhNB&u7|KEF2i2v1j(Rsex*njTh
zxuX4lmE*@ICW~u%@U1gDuXg6!#PQ=1iU~JrIRwXA5Kbq{{PlAIVLY{EixZ$<5g4x`
zIQ}zt<vsKsl1-vESkwt`2YlJ)NrVJbRM~`nqL5)(P$5a+ZEfiLP<4`=Gj^CjAfomA
z*488RhH)fxo(t6Pnb?TMzRHcbjvJ5A=yd-Sh0MRuac%;38L0`<WZcIPZPTuLB5a!1
z{gWYrFHWM`iUDlb_;BP-X#)}x80?qcE8pT%OaE_l;+ucgp8xI^<A1z-{<5+E-^+6i
z`oHGj_d&9O>mB@-Pke7{@K-;^z10JQ=G^!1@>J4)b1ZdRD!>~0zxS-@|J`}<^4ar-
z{@=$_8O7I7ny==rPGxj%8&tg*D>9dyvMz^3Mdf^y*}|FTw-=nHc-?8^%)|D!kdy1I
zZ9+S_DatgyK;XQOfk2N?9AXOjI_yDnDFvC^%wDdUnUt|;2a#%LJ~|qj@V7sRwxH99
z1fXlIZP!Mg%C~CuyGO`+ahjklMH`jGd`e_FquT0$JTG<Wq#sn%lIAr<LgF-je6i8|
zO|0SyZglBt<11H1FNH@4E`6op-;{#)*r4HK>%-uIx@n@akpN|>rv<ts+We-M4aYIe
zuPN)9J|HwHUN9Pn6vwkhAhNX8E`1zfll-BCyBkNoZ=Qdw;s3@H@Wx`m8veigvgrTY
zd9~MR`2W2;tN4GWX;fb&NK>;8wZ%y7x#GL-mKzOvg9dWR;=Br0?EJWQ`Q#2&&@V)+
zD)+x6A(<1&my5mgj@Q|}Aq7~y|6jb=efg}o|2uoHn*DztkJ&1UA6x8BS3kY$U;eV#
za{~b=+<j!?-zf=4OEPFeLrLKD`VxzIdW6lQa0#vu`p`{y#hXgGZk)XDHK7M8tmQk4
z4i4iPer5>TL9}4YHvmor(Ew=M8rrtP_uHc%pK6ohbH-$Wc2pCa)pg2#dYh?Jx2xG$
zoj@D<2Rd+~)eUeQhszP`qMt{j!TFoRqfwgD7No)~Kay_}`k~?B{z1Q2kroqjEVv1k
z;6;iGkN>~U|55bn`^RaKkP1m6l1n0{m%2a0w2+5Oe<<eW(pb_W3W+>jM0f`4JcaM)
zewq{dd=Al7d8^QdNXBm}8?R|zHS2Mf$gHV2KUt~MY!@A#3=hsm=dTamoStPFbafWV
ztzt)dkzHK_l$&Ktf^*+-hqh1af2nV+E)?;mj7>v=V=6qK&3BR@#vXiFbi9#jV<>r&
zo}6cGpM$q_RTFyL&duB06e!B!EuMMrv6$x?EsYMPIk(DFtTxU$4a`<QXC_T*sa)>b
zUbz`(GFnwb(LX)V-Nwnp8%m|*!5%8&LpB8TSH-7HrE}u=*3m@`_346eP6OiE(U~kb
zs3Kh)bWr&gsf|5OrfP`VYiYZ#oSMsX9cEjV2E3{oCPFm;l;V06zaz;Y0niO6Aj>KG
zLw#QrDJ%7}m{)F#^y3C-RpJA615wz1ka4+kJ3NUbg_Lu!YhZVnci!TMiV8Rk*`-<~
zpUq>FY^0d6R6jloO8ZGakXEt!6Oc@z2@9m!1T5IecJq$QTs;c}0A4dq^(e7w@KF+m
zw>Kyng)}1P0`_mNzarhtLGA{gy#d!N=3s7^Uc>ZiMu#?MdNlfmd7c^E7h!p|rA^r7
z^BEKJd<M5{&nGwx$JoDUX*yh6SB;taqSZye)fA~8j_G`EaI4i_SrUdXB#i(8&dptA
zHN1!g#Ix$sZ;!KN<&S@_9kgjtpJBL-1?(~sk`p{Xk4cuh{G0~WGJ}4q*KyUC-@gV4
zq=1h1C4kgz@kah=<c|&HkGH+i!Ta8?joi`59gVWRA*DASw+~0+_!`)wowP<VZy4j%
z26ZFG=pIu@|H`Knw|eFv{kYwnJKWE?!^y$u{ps1izcnL_^y6~?;_oW6*okP&CEtX(
zq%nEG)0jLq6YUiFYs?<svUJxfig#7prrz*zEw=vvJPsPZf0um!+csA;z5(~{8<6p-
z#thLgsv9$^uir@D@TZ19Jt)MzV|Qe2)HND*)IrA`+wRy&$F^<T?%1{}wr$&XQn794
z<bKY0#yR8t1MmJ&W3#Tc*R^U??YZWh<@mbXlX5vtvUQywjGvqIdtQaMD|V$Dnq3>o
zC*||GDQ1Y%=WXf6d0|!Cz%j?of?}|;g^d>k?QQ4v_e#=R8)*U8Eo)7{7g->QEB0Yf
zkVbD#A<EyZ5UX$WcjPZZYl-#dlnSB+{>j+!-O*Ck2tW0ZGyNyXS=_!1JKJl+?zKka
ziOf$b2q{~fv4?r2jq1d0AMoPB<=o~apoFLgH+>vX7QlK&FJ*qo+D7(^jan{mXC2!;
z$a_7p>(lR=n&7^~e%ZR@by<87oAFg;;5Zn<_oC0GeX|SYX=*6aIYlO$jn$}<H(>l`
z(^;hg>`uGiV?44s_(FwovmB@E;CUCTN^KkCjNJg2uY;1UBjax~tcjX*cU2$sa!s$M
zkw3NCw)LML&sw5N6HC{T1q<~x*kBhl7Z+m_mEp0fYN`ETHx%R)Hf$EuDPAB^P`OH6
zw>;Pr$OJ2pXtv@{zn6WwJ1$XLa~Jc#?DuhdtATEjcTc2Ufb)Lo-Bz!Qy%YMm=gsyn
zH@pz$^d{#c!VK1>*lLD_L*?mE{7Zeou;R^8LO~H>xQUB(p1;rOGLTe2q6OI1`}h9@
zW!#8A3(DEG;`D;8UhyohGRDlQ?sgr86J9zod$qe~e)3HlVrs%EbNc(7Kom|o7EhDi
z0J(GtKHuuezRo(irQe?%-k)TM6MaYpPad=exeyg-tOe&-2v0JLTlYTvF5TFkPP$Is
zoDc~=J^Sys%~N$=nL#HdE`TuOmb=|4npXa~EH}U%^Zl3*VqdK@L2+W&p7{~nle=bx
zri|w+UFVvN|0(c*u&=F5F7Es1t0$_TEcTD-&sV_s|E=KfjqCS|!uAl9ug;w};7{OJ
z(<EAyEkDW^&l7Xx=|9H*vs}L~cr|~P|3015PQ?)SOLN%Q_WkF!IhZPXHkqCAk^#!s
z$2yGoDtjUu#M2JahV6DkL)e!NhcOVW&~~?*O{p{Y^qSeg>H7_SHFfK~KMh4bxJG?#
znS=SUg7Rm8<WSB?gUH=S4f@(rYy=eAeW$5<-0F@Nd9vH}{VAB8S8aDC)Hmw+iC~}`
z3gfG@HrR_cm$mwPRDC=$<{RMmoqu0K_UU<Nh56-uB{|@G^}Y9M&-^=Od)-$of+wm(
zi8|BDURMI)h0<beWF%R4%&r~yGq_iWyqj#^fJ?#wU)xkXZuogg09lTD=?9m-`+sv4
zA<fW0_Q}N^^?qZwA7iOaVZM*xhSf^!{i!nM@;!Vxg3CO`A-tg%!*>vlAt88QA38y~
zWK%ld$26Hzn8^^`uo6U3zHqa<JDr~FzEk1#mGPbOrq;Y0c(dK^qwHXL9tM$z2kaB<
z&xPw^C}Wu~tY-z3FKs?}K8xLMRj4V8iap=6=c_0HD7W<XSl>KE)r5xCZnrNNAtiRm
zZSXcPj{h5cW-{vykh=I>Gw1$0?BFssCERS0NSp8R`W`VNzqV3qKdWwlPw5~z(jYTr
zAZD;mC?KfbhBrWL*e5+ot?y{hnAW`_gzm0zzd8w{5tG?jcXf$Bd7y8udcP;7f>2ko
zWb$ml*Ecl;=Ksy~_f&qD7`O8c5QDt{G?_VFC;ld~HezF{%YpfM@doG$=ycl}9rgu&
z`;C-^efiMK3RtB7r>`eg`7)RRDbbSQALz}5eIO@Sq$=o*h`<j_MvaPmmJAoUV!?XQ
zW-dd*2K~MM;|;T$bajSSZwLw(O^8L6v)|q-XO@U}c}`n>p*|cUaZ<Up$<MS2hyNBj
zE$#0g97u_95yqX1hA`naK|D?q!C*;d;!J}7AQawcIewBIN335?9K;SH>~$A^?^00)
zM)4&I!iz#hW^(lR!D^v*yh03VO0Ij1@=_ubf{yt0Md1~<{}U+#_S|D;?1thQ_&<M&
zD*BUUPAZo}M4^-tsFd^Q<9ze|MojN8H7SezO3R|>@7nA0rAommN78PUjmOJM2)qP7
zEEL7;JYOZ2T-1N5|0{Y8tIhmY0xFy;@l!o)?=6d?21;C7=Zb0!kb?HjN#MZJ6Oot>
z5dFvlv-b}uESBeksr1QJ;Xw-zqV{Nz|2ofM;~eSqU|Vt3-AU~_pb3LRgZx&~95BUj
zK3WEmrN3pvSSA5*-J9=u@=YN_HGrnbxa6D_qSA4q$M8kD>50&#CqMOx{zy?zQ(|%a
zsZ3;;>YGVj#LJb$3Z@8K3@75q2NMtGEurJ(4@OYq5qfa&u91ApZ3rx4L55_^kE5wL
zhL~sA5t3}sc4CjhT*jz?fFJ2K67-^M`^Jo3ttHN<NBrZ*o#tk2D}_y^NG=<i<Sl2-
zPuNMUDn>?Q0|!!Q7W?==xSuf{iC`7CL@<n2Cub#1t5~`iw}eCFXR}i@QR^91t;XJA
zHR3hR@~o09jvByC*;2|>bc$Z*e)>%Ajrg)hufs|o4rD+zuMT6q*ghSU`@b){Ki&@B
ziF~%l9R0%jMcVz#se}Rag4#a%1RpfLo&aWaX~|YO$j6r{feC#R*E?)3p-n1unBWJm
zvXSVFJ5Ibc$#ozBvUs1N45azDnAOS>wBgX&n#Us$ftb)9+CMta^yBxTgC*Qpqku#X
zSX5ZDa!$dnG1y?L<N#T^iD02MDkJJIWC~;|u}IJcQdlvZI?_|X1)Q?{)ClrF)WpVb
zT5Z^pk*^FUpqvg2If0@luKT{J=?4J}(JvH$OmZ96Ugk40EpwWXK%SE=YFrF5jJUxh
zD495>|DY5+G(7|S4Lb?6WEOv^ivqaI@1UPh$4$rK^<U)7BnHD;LN@cqh}LG7nw{5c
z>OCq~UsL56)8Vhc%ZMY-$<OW>QTwv1L>zx}p%(s40J8>G0wNUQ2NxFP{$7)!T+&@I
z<4vcJiYiP?m0c#<a$9^;N7KX0zM}TV#T$8{D`nG37Y%EkMI41#(8)BwF}$FB@V5Xj
zSO2yB0MY4QO{K60WEIx$TNwc}4l-m<(HXGUnxaQ2QD095AZ)bZ713{$ZwC!MxW5O*
z*vnIB50C%6CdCWJdn0rHhe=VoQU_*7-Kph!+!SPq2%H&|Hq9w>gR4-gQ^s;vKjPIa
zv^uf~I5cO*Hsoa`B7H&Off3&~I8a=u^)8!zVWNqgyPri^Rce^`SevPUI@^7wa|^Sb
z*-+May{DXqa2ysXvRa<q&5BCPDoD!%Yjn{No<t4zaEdNo-7m+-s<NWnWD&-fqS^de
zos;%g`KJFAPowazSt}%{t==e-*LRE3cZ6+?79-Z}^fB3dj&YBP$3&9czNh6pZz^IF
z-}R3u(x?}@%WMfB!__?wb=TGp@Q!pd?+O1GX6uEiu2)T68%Dmh3%^OmsEO&T?4L4E
z)3P4JQ2heczSj#VaKLixvR?*|x&O}T%r&bYer4drLBja9jim<_DNKg1P8UwSTH)1)
z3f*dSz7DRjY^IF0+67v9Od<a!zvb>=f^cgqbKRre2~r0v7AX@3eOFl@9tJmIkjI0f
zJ0mr9CFjRf&MC}w0mTFu`jIa*y7f}Hx*8|p=N#hvM@rXm(GWSwYPB0)l_i1myqh{B
za-dj4O@^RtmTxD17NSfH!dv&DR}vMCiLaJ~_43G%iVRE~ysYS{Hz?EZ?&j(VeaPEM
zubZ_dBYfI93LR7?tr@>t?WE7ucZbjS@HRXT7x&5E4~38^LD1T@u+G>qu++0Wc?5P&
zo{5VJdH$kf<>K5rw@l2$BphDd;h%T^>c)cuvA&%MnL7q3@(*wZQw@$O#S3Ltc+@MG
zwUF8aP7dzh(H`XA?aBV$#&#s+aUnNGI4R<$o1NZO`jGG4I^Djnmqtz>2#FKcVgl1o
z>d5~xB&w<bvLX4Jm;;e8>X?Jyq}Q*HhYnwl+rw*XJaV|<YXGmg47<S>R(3XlZ4L)N
zbM8FR8V-VJNb%7yRQ^`0#$oTts+pQudlqZ9aPW^oW5L!~35+=I(X@;3Hc3%RdKL-E
z-pC`B^>q>8VA+~$S21)o1!uH+c|M5m&p&HdyTu0%Cgm2f-wkz{Mogs=&BdVK$Fk6U
z8Oli%9F4}O@*f$%GxR(*%o1h12LxG!DcJH^Dl==}Tt3VwIm`B>H6dz^2_o|p%>X{x
zmo8<8+Xb`i!1%{T9K(a(GoHNfTuE_!6{oM)MoxB1e3+34va(Y#vQLO(NG;DNxFYd(
zfB^|Ib`wy>XbN+T#e%I&rHUS#Jq@i{Pi@IcDhJE<Y6ZwME>#}<tj96bH9xscjq(EV
zf{(vL*RxDya$Rif%tv6VkmvUw;&EuEZL;6)Tf<6zB)W^sN7G!Cv>^(@N@ae+e;N@*
z3Sae5AxEQENOxq|zKSfWkGoWVQg)Y@*&E6XoZI;hlHlO~^sU;!a)xibMfN8W7|g{t
zor)yRhBkNd%j-+<_VB<3u`OQL5b7>)aG~}_9cJb9WW&k20^mI%$Wj$~qe%q|X#GbI
zL7)OPv=@hd_qG~{GFT4x(TOz{uK@2WTQ9%BJ<O-5qI7nN4b-Q4LEqw^-#VJ6?RU(f
zm9gU|CK~Xox2Ni(CVildo09$!3+-Y85#sO&z-1Si;MI6=tv1}64gGdd@J8M}h<&Dk
z4aBl5<c$@yQ>#jpmXTsN{`ZaPJH){c(*jtCPcmzSiY~bSTutg9n+=7f)-tT*gs=rs
zH6=j8C2(-45T(hV{sC7IUt0b#+l;Z#vxh<0|4)JWIPg_1Ugeiz5k`Tx`B>veMGlXq
zvbM#nwdubX1lc@X0WX<?74h=0R2i~@3&%WW`tZNlLaI?`%&;jkIg=LAig+UGf9J@y
zdVcp(ZRglci5Wx_d;RRMSYi#Q4R*5Xb1U0av8l@H@(B!n`+LnDCKfs*q=SrnBABxY
zt_VK;7+zIpmYY^c21FFMT$)lV0yOPM-sa#M(xqJR(H#UUlC4692?-xv>nC-{ZIhJ6
z82*NB^g7{n58Q$Q8&(VFFI|-z&jFniHD`c7EnER*!&OcevG!DB#m9w@n?AfFQNV=F
z#$a(Q#V*B!@mj&;fFqMapE2vBVhyhM+RiO>Eyot!PG5J*mp+BFFfV)LxFXVAqNM6r
zz#c+WN5(`npN4YOx7k(|JYXfdQ=@w_Ka3UtOP^>zPM!F@%&r+UdU5KV*c8m`O{W=`
zMGC!Q>=focgN?J6T}pD7`4nPrJO{;AnJ1z#qfq|fuHC#*WH{fg(=P*Fer<G7WwUIx
zm|D*lN-wS_K<S3vD6g}KUz*-3`5VNxR{bM3hH<e=gL2vP)5_L$nbJSOFTP~$MGB%X
zfQ%;-;sJfQ+%d?7r*b(uWSIR@WfpSdFj8F81H9iDEv}s!dATZAKi$sMl|dO2=P*y>
zOi_^~PA?NPxq_=?(P0xsIe>gh86|(rsPdo8OjX6rNkShd)@WEK^qp>=GO%`!EKILy
zJtI9^@wZb6M+%*$*E+4(A~s7rN@1rzQ4_KvAlB@k1{8VcvMAJ%D3q<|hwk+E!&`P%
z7j`Co_WM~5A161Dd2X^s=91!FwatLSVOJ|Vq_+%23$u&-(Q3Wwi%s`^?`N>=>Q{h}
z_4m&<=O+pt>JPq09UkAtw~Fnr2ZQSQXWz~7e8)V5e-~=;=Nk}V>PT|EC<K~&B&o<S
zZgK7KIai1mn5J@j?|gc_J{or{3l(?Ih_}m>ERbm5#(!Q>x;~#hz`}r`tnvEK{8bLT
z_DC~kYt88`I*Gi9P;HATb-HXk3Kx0H9Cpp|lIcSc{-XX=E|8wjxw}V>D37Ji@(50T
zF|BE}>j)l)U^P6W+yfSB6Nn!bVQ%iVbL+p|EqvcB6;pFr^em_NhHqd)-&8nDz+DX0
zy0JQD13+p?TseNsDHY5Oe|xPs2SEX@83n=!K(Q<V{rWfxVLm3ApCQ8EO0yCOWaX2A
z1@URQy!*l8Y0V<J*V&1`pM4_yLDT4g^phtA+Fa9FTYaE}g7Jm`ktylnubF2eUl`2w
z$NOR}&rN)QYlFBrP!7L<QZyO{fGp}UwmDB%*$PI&0_IXFSq$|=ysTfa6S;;MfAd(W
zXSUvgRxrt{m&n5VjP7}!w4R*2=|HKbd9veD9-$%Qk)5nkD`~5b_hwF|%>L-mm9e9G
zoho>^oE&B+C*||iy0Mbhc`9$^pTLJgWW-TwH6DWk>2B(JS(XBz_9Vn7-T8&kXzDze
zYBH+E!ursv0hd1~ki1sP#R9o*V}BTq>{uS*^S1es&9yG;Nboz;5>4{Q;@xV5T??wx
zioQ}b`(pS`pQ`}9%UGcd6<WgXfRRHk2tBq~ZTWJQWPVt}@Mw@Aei~}=C~0)rjaF3V
zk{W2DCy{#K1V;|decIolSM@)rZO{xEislaJcvy3B$QiIm>OvdBbl$9<Uzi3Isa(Oz
ze`!x{DTg5FoEVFLCgvl-$v5UUPTT5N*%77TNtI_vPq_>_S%6hZ9EiE)TFpL4CIJ+8
zTw#tPRcVC*_H}>>Y7-=v3Vbq94xCKN#Rjp~Ofb$0v}dRV^tykdmJ*X{nD@Kv%;-U`
zaRr1pMDV0lLW1p!%8CrF5uIKU%v1tj-p*lQ&x?giJ@}l8K4I>O<QiCi(V0mU6$D=W
zhL&)u8rqImZJcMr4f9nnoXg;jqJuQF8&oM&q~8`tjx$weJ|kbRE-o*pB!3@iIM!5H
zJk~tDryk}Dc}=BMA2HIUsLxMsAr|U1S$J5PW8gQY(t7))01QdHPCBcC>MiDA-CSje
zHFn#|<?r+-9@BMHrkoF)?3qmC{q&THe}?6dc=<s#am%v9Fl}AzJ?x6QH_#5}HY^Ia
zCoPf$gXj(IY<=i4k}Ma*!-K0BEyHeE^#FMoKh6I~2K7CtJ#)c)8fyFi+N8jBd|X<F
zihkk7)@g<-I7kv_%?pWSqJ%!^r(68Qa3Da&V+!;y#>K^D6$KS(@t#n8BWX++lA8p=
zw*yU)-37tKqZSMB%%1qyw<w81jMV&JvNQJNq?6=+&@bY@`-MI@I=h84!skKTdHfb6
zEpdzO;XsyrnV{b{9_AbTR0U|2N^u0;G=SUPMgQwXqyu_}YE+Fx8F}KJ#WL(nEe9%b
z`e<Lgs2|(j@)o6}Strj%s?uL?>KSk%cJ|0N@I|T*ZQss~mB?t#v;P_SX)5p2efB>%
zU`ab0g;FqZ+P`|o3w7~!<se_i^ZCb<?<?SE!;m;xg@lUx31Q#KW6OI_|Kf?}$TIBm
zvXb$bFut)?PA^^@hM?Teu^*iY6oD8eAu9Vllxs}YXgTxk?<tb<IG1BqD)9=9Rx8;l
zcMB4^z6D*EP|2wnC5tJ_2&Y6yBj2OP{q1%)_3d_d;w+oF6u1@c?L2F1l3>O+zQVqT
ziSy4@nQH(`+-H7~is4)10e0aG1DE|sTj!UB-9Gpq=|uon8i=FFxcrM~>g~_2Zf3??
z%Zr>Ur9)A1vPWta#&x)7kWCzvefJF5`I^%?%Ar)V31>JVt&0&ww0h0wkiIm}Q(e}m
zx>nm;vh!zi$9+rhb@$D9%xh`O(D7w+<MQtd$MIz>Hp@p&+QX~_`PChmrJIeI66}ix
z1Dy@%Hg#OzqBgq4)@K2?h-fHMB403y?DQpk-&Z4wNqgimA<VyuixONU*xqWh$05bX
z0lyxJUqQV;-&@$>lI*P|Q&!A+n?J&zSRxkrDjqYdwP?53op~gp$x%){(Rhv~kd`Xs
zU9FjI-}wQ2x{W&vrY`M~dTdx?y?6~K1d!MZW&akKy-dMN8SpFB;fwcwQ17DavV}S)
zC|JNH@#T;=uJZ#!sDL^qT1!7U>Z`dcZJ(&*s(TTO_vgp7Mad<cd<26C>axMC+a#IA
zzKIo~iJf<<Is8?;8*(&3CK|P=%25?$daBsdX#CZwyAohtcWKpi_!()sLB9^tx^|OW
zqtvScKVbEA^^^YvSMF3d+EJMs3A93dvh;R!$+-mWe#^c{Csu(=@&mM=n~_1F3@U|C
zjM+zZeAT?v*IURif3$dJEoHE7_2xpyeCP~>@M;$yyQz0}C|~UyJRGib-74)Ht(NHq
zY|5c&B-9gaYqsgst4fM;<w&Vql+l<C?^@L{pusE7*Kq3^60V4@gXeXX3);gaOO~UC
z;;zh%#iCi12;hq1D)ZF4)%+XFuWJ{hHG@>kJda#{Zy)`FXoC9HE8oxgZLG>w$;qO`
z@(D25lRGj#vF4)0@OnH~Zr$j(KaDniLWa1fLfS~9(G5P^tL$-BobC9z{LFfEwifU5
zyDFz8>v$hKC6u~pH>Q2v&e{HLT@{Ko2l&FV>bK!@AR*lDPxR%Ev46(d_BRQ#9Qrz|
z3;}!6wvtMot^1sA<l4C*c=G6JEkQH)kCN<|@M6J6Rgpu`jSUrt<;psD7*1{LgxK1y
z|B!WdU;%t<2y5W}V^!@sdgG|;1+Ldy0b$VwdX;A_Uq);?+~;Fy_wkj#JjPhzijJ|B
z!ygpv*eHvv96q;Vv4O_Z)A54ksxABut~^I7+m&wX{I#(!WAdWFUrQ*ZnZu@kZW~~i
zcAFGq@X0r&q2;{WlVD=XD(l#AML4aMiD$di*f1l_KVbJt(E@EE)m=lMpv?hon!^n1
zz^t4!oA)hy>%~+Xn4K!_I*(*I6xa$nKf^KlF~?>y2Sb&5%vO682I^?i^2<3B#BXym
zjv9o1sJ`Lc(SB8o4AMI~x)|Cwm(JJ!C5(<S{k`b5pVa>|#|9W{uZ@yH5IO4n*ki_%
zzgbtm`XJkf7KnsFS9PA{;%p20wUUEl8ac|wOmaA-vZD|{nIXjEDelpHx(*Ye#6@k<
zjS`4Ky-Xfk2~KwuqZ&M^wOw`6acK$bRr=tOCT&1h$-fT%R1GgZzCTTknRxeveY#Mr
zmHY1P`lgnvl4AW9ncxyTvDa9%+@$M9nB12_XrY@2*GG)(QC4|}DJkxDuP96bz*XiC
z2>%@Z;)h{iT6mO4?gfwle3wn{IHDyq%cER|nAd*Q52@)w4q`AZ0lN^6sf5y|D}1UZ
z?Wjsbc=-4q8oZy+YJ!_=CCct1E5g&g&C9e%yPlImLKgLp>Rm1!9JltmI#OuesoQ76
zYyg$B;S^8io#AFrkEJmlwg9Rsd7&SAI3BwZ?}P9WfX*&=H?QUhPq+l#(|fp(ao3$z
zV9g6%nGFsv5b`Np|9<n63N01B?-aw78m_uq{7f;d1Dx;#M-us7eV;rtVMN!z-Lll1
zk6KP&t;(h(9a>2uEo1PrS(Xxte`$@y5p>^=xz-xjH&yyACM|Y*R^hO6-*9Vhh?nIy
zKU=c}dh>@-)w@p^934@TQ`6k}d2rF3Ijoc)RYLri*9<m-C?6oJ%k!-sB?Fe-v3%->
zx6AeCxt)_8FFTiaR&X09=fzX>_T%Pf?>9qw?%Qw&ofO$JKiGy<-rORA8C7G0K>cs+
z=xYJI<$9I$mfU&2^sby*(!(gulE1uWvCh8_iFj_SmeZgD#8!d*1ca4h&ey!VO1j@d
z+RHWyp<JhYlIZdfd6~?+kNgy*2^20mSxUR;plWeedC-!)Cj*tT{t1zJD~`en;aX3H
z`>2nr1meQA)o7zs;oeP>S)VE%^_*crnx|N!G^b_N(iS@^8zim5DxYiObW~&oWUE1%
zbwjUVR0`S^U$<{<kkwM*`hdv<!;0hFM3VfxhjppsTCl{ng5PLJy}iq5h(Z!mp|aJ<
z0sY!jjjik|KmPy{@(t`P9UM_-$}ZVWgg-;kdXx{&OTg@vFQb3Pqg`uLrwqgPY-Zv?
z`r#|t#Ppr2$ZjP~V-H7)6LLh$Vgx$Ej&wW7=mN5%gY)aRw%_kl0_yAg*Cvl4IG(<F
zP#sy1#yXkB^xTCxIxu0X2h8gKe!eUaDnGX~4T~eRtWP^Tp!C@Oc^ds;X?NBt7j9TR
z5~k3orAp!x-ojlPij3d_f-6D>hf}`=2{!CFotXV`@?zEXH&3{+UAB>LIk28XjPNXV
zDVS$7X?b~US+~4=Z4>9*%5L@8gm)F+g)dRoqWpGmr8tp%n3wwQpdd)X-SJ#8fv<RJ
zBVF)hagtv+f(4~coj2R*XJH5TatPz{66di6^7~3L-E53E70Ra;{=I?YSx&Vi-hPfp
z()f8gxYTf@S*QjNsTnSU$bZjp{dcqK)xLH<POpy_JEQ9=4>x>mDSNXX%PCxZcpvvC
z7R{KpleJ)#PyCcc7!=B#*>@9EXL}c~I+Y^9=fV9+TAEcpF-{O<d5E&rD{(P<C`7vR
z6b!X<X9%<52ibXu7QL1@Fw{@{>EQc#hq=gQ${BV+l?PaMKsOE5p097D=xZZYxSBN*
z`)zJ>WByu`Sl)O1!<);=UAx_RE3)x2yb*d!i_V-bg*inMR@Sk#pjFG^tYt}yt~F(x
z^nkeo^0_)IdYKoy=s<e;QRKw^LNN};c~WSDz}l8|PI~_7^Xq@i?%C(axqaUh^^$y8
zvpC|s#OE*o^PW156(s5QG}R=<#je@vkYxHWhT%piIrItSj*ndDY#Xw-cpGlrAgBlI
zFpNi1!>BN*HbH{QA7x6E(idufD@-(i{wA-j0Bjp&+IA^>iPeh6!q~NQN$*+(XOUqB
zdwbkgck=Z*p`k`gapK(CEdvQsRyrc8jID(Q9p%((cD!wEQeHYhgc8_(9v(RgVY$K7
zk1}MEa)oa!j;~GwJ&WDLcc|g($869D!qC@AEJq${d-+CYfynuusNSBRXm{6gMa&0>
zKa7Zu9cx%_n3=WtNPZlXu>he!@7weH*l$vH+wp-3RyM0eR!xgNgWWKzR{oJtL=SPL
zmw!5R=4c4!MCz_4fz8|#QPH<T$hOK@<abr)ms8wuuRlcP=`iZ4;tu3AXXA^hlV)3-
zaIkPaUyP2*P)T@XpGu$asm1-PB*=by+^7m$H4|{OQKgZb*k=`v&MBAPmMutRXIqw&
zgn8Wkm=|AEUe)QNkgThcpj&ODf=s8&N$}z+YaxPZr@|UtQD&4H%f{(pl9_u)kc+F(
zPQnr)G){B6b-~SphiK7`ur(gtR2C<9S1n{%_1q9oD7ZQa9!uyZx1gUTZjSrOJ1YSb
zTcSl{ONV?=kQ;;VN(q~km9;@yqy|BS;ir?l^1_nMTQIY^j1-Dp@vxsBQHG~h!|`XN
zh(p>p;iHjeAw|BBvba>h5ndVnmb6y~Iq$*a(}cB?T~}u6lL?QOY`z|1x4cJC^#nt~
zBx5|T(I0iQ?~Tqk25W&XXo@XUkUYaO!}=*raFNs^?u#M}bdz+q^rs_GMK5$L7Wzc|
zf{2@Y4I1$uhQb1*+c6loR~9H9p0X5VR0#xbL3hBtYwRb&98lnO-rD8AwJ&M@S1uZ#
zkijqH+Gku59!a+l`Rc-#^*#kYDy=&iyAec0{4Iprbq<<u<iyfd?Q+AD>q$qR7vOot
zc4)BLie4mnq_NV9?ot($Wx0cKtg+%A%HtQJwyo*y&(@VN*NNe-bntTkv<;p?_%G16
zT`lv@(v&}18RYJGydng;ohcf&QwW&}l9*bA(dhO*VC7_&iR39|Yx8Dj`?&c0qT~J*
zQex0+sY*;<smBPVfRY>?>X$+|!bF<xzhp*OrF8@T3(zvtRIrESUKdKrW@Pj@1tZE0
zLLT>W!V$_ti_x+=oy9b#KlsUqG{*r-ebf&%%gwj(D%~S>kUgvSMje@%?{f)UuRx%;
zRK<|&*XLz^dZ28;GqB?b@JTD%{clfwh7$SmaBubP#>$;B<9)7P+o7YIzKZm5yFDh&
zKJsD(N|=Sv^5S1HB%c=z&cRlebh6aDAm|A$hT3%*?;%=fOp3mr=Wx!`eS3_(E-%ld
z+h8GY;&N0W8bL<$N3H0U_kcw&o#{f!(+NHr+DLLWQh~mo7$QzU_uc14$MHx0e!YRF
zrZ_dva{X@}<IXF6%}4dB=x~Img{jgKM8B<!n^iYfEh*CqgCUlP!<G(WVOc&N$gliR
z_2K{^886MFh}HJC7Qss4L`V=>ls`DX_q&M;ug2$v5#BJ!l(T9bYQp8AhT9+QY#AU8
zFvhf7<|twCYJC3Y&7QSGxnkt=<>(v-ZIKnf8-Ln@dVEv6e9CZder2C#NjTeN0I~BA
zuW!N;zN2=3^RX+iRrJn)f`+`D`Js|khjmplY!=xf<d;Zlc_?D^mkV#U^j6d~djI@^
z7kAq>j){-G4{sK2omMG#ihS2@Xm7G|ymHM|F+D!y&B8c`dizj7gopH@g$plOa=<E3
zRR`qLg$W4w#zjKs*vL0l)r~W@SenPdUPc(eboqIQrWCzJvro|`*mi7?M^6X2<Lw9f
zsERNm?%;MFwReqGhau`YYw6_ijyq1ds$ZwdyY9-aI!+U8opl}{ZC!L8VtUKFBomi8
zj$Ef+vK)PmGQU{ZkN9?$wULm8da@?rQ~f-+?fo4CdcNNHzA#$w?BeW@6=HxXBPL<S
zjt;E4(ZNR%5$eC`$K7N|&N$L0UXt9r9(^<%x@kIUUBuV#d*F@J%TsIKk<a4WoW(c8
zzh602+Hk0~qm$@{B~lCv8ylAn)Z8mLRJweA0`r;rebrOD9vzgdaE)8oZ~FG6+x23d
zdi{9NS~?pWdYXr33YXnOa@KkLtNN!)=b-tX7ITj@;C4Poz*;OrZ0Ql^tFj;7K03+u
zrc|ra0p8)Pyog*K^ik6Pj&gc=HrPF9h82>0fBH+B!Rv`F>-c>QzOlD_iVyJcZnO_o
zdH*b!wK(K3qd!s4&_S>#_GX+WO1swK+-14<et`Mn;z#foQm)4cj9&4SO`OK)q04|e
zZ{7Gqe~l9|Y<&TKY#2>SJiL9yV`j^s&jULHi-JYsN%Rl4_7?oTvl(VJu&rFvsr9kL
zvevGjpNaLR7ao@GWt>{bb6Q}!H}LBTUBPnl^VchDLFmW$QOsxUFr}>W51X6->l@is
zwQ^kf#pZdmRdC+lCqCClplfbyE872N&mo>EVhfP<1TeIIK<j`{>*EOh=q2lE2Sd?O
zM{1*cL*~qGH*kbI#zJ91?QzYC=y|e~@c#ZVclSBr>LAeA5*N}ve31wleH|ZR@Zs|8
zp}u&%Fu2$d8o>nwK>iiCH?a~9$;%pl#qE7bKrE#E)qdi-N+&><l)APc>xDszFSnlq
zpC`~};3OJ14n^jp#Vs&9aGge#`own^l7@i(E4vCGl})ZD6%de(M({Esf{<4NbsOlH
z4V&Png{3DnAQ=-|<DKhee05t0{`d63S}0B!)CDFeI>4%{&f014VN;M~)J6`Uyr|a8
zFg#NAR6b9ll9tlEfw8s&8x<PIZ9B*+|Hz!m0{CRrhf!}zOq9%tp*PS!;x(R9X!(Zc
zQc7pu`bf+~Jw$9Vup@-|6U;?*L$*5Hnhafy1E!8>*8C;pfd8{Ve|mCFS(0IX1)wYo
zelHpdZgiJ1VfLKpXO>6hsoV0&Ucb)Ix2)CSc`pM#)nnZSW_T?C>M9*9PWd~MhZM7L
zYlu1pF;33v$w_A|qzm7Tjd8C2)tck-#6I-5q>T`XW@);6{UwvX908>qy<Io-jROAt
z+z38YWsWltano|S-T6;q#FQwClRzvy-PNLyd`xFp^`*OBX!m;)NZc05`1l;T#tZBr
z8pQFB{Pns6CD90}7qEeY4!_t65Dg(Hm{uhOTDV_%l88X*+61)NS%RKxF9im&FkJ8D
zl*F1K!V!Ek>t{Yoz-hZV4mW7T$>=?1Y$FCIYl~2iV=v!d!Ct_D4oC_iWb;ZbE#?Xc
z$|bItAn*w+{JbtIKHhN}sgAUIcgmXTGjwK2eE#{A<C;hCy3i5-j|1L4M7x)_P7w3Y
zSUlMT5B|y7sAXc}n@zK-%j@Il2V|=pI90O%t#n(S)m%3!SaAuZw89Fll2LI6wEbP_
zv;A-?XQ*4o4f+H0<KbaF?B$6}s}wF;SAvwaI8DvknhsA`B6*|*8M^gBietVWoToeK
z6Y1J_InO*4<iCf4sqEE`PkqnLdE-*=maDXkKE&SY3w%5lL9-II8T2Ub<YL;83m*jh
zUBso)Z0fz%x#=(&ViP8+y+bL}A#Jrh8;xe7!;4et<-9f)8Im;zN*4};@w6(2?a0^t
zBaN@aH>56U&`q?%pUO)0jtA981m>Iy0crv#cpxwN!YOndTeoIN4+Q}O_FxG~!ienT
zN}@3pS2xn)?Y9bNe-uS^xCIL56Vft+6%#Nx@l1kUh%Oqqr5l;kZHbi&xiMcE?lcm9
zTTvyb=&)0%C?%8+B_y_zROZT?5K28~sh@iMV)JY*?<5Cl-xwo?X9B;*1|t;60b<Oy
zzPi`}5d|@j5L?Eq`YrBO^^n5Pd$Ws>RGbP55vW>iS9cnoAUYnw_)CUwbn|mNo=w-s
zRO1r~f{MV{vz=*a1e;vX>OjLI2f1HM1L=bUSq6Vx>|4?8<q_2-d($2FIA*OYIzcY0
znXlVH;SO!CwOJ0q!MZ*C#ZRV6v9$@zw@-|+<qM932NZ8givW^-<o-L#2T`EczkIUM
zKCgPU5Woj7%{u@b=*G<H;{|MSxNxsgXYzbb8}@iJh8HOcYe^U>UktC(BP5-P5lO6M
zNw;{T8sG&hcg0RurB@tMD8sW2JzA$M_8Y=Fo}E6(7ECv;64BXPchc*2QIsg(bdZa`
zvF~}twd(o^>DLG{OJI0D=c|b79HyV!a$`uUJOp}o3OGdx_Q{_Y6e#%P7|GL9Y}w0#
zOutOHF{--%X}VXU%PW>wu$&?(<iS}b$bAQGhPJ{~MFxlS2E_Pzxe~0aF%&`Da$6-(
zpg3v4T-Q2Ry5&J?Q+%u_oRymN4>le=;k0`U{-pU~)HL1A3)ETI^xVJ(ue^l(kg^!O
zJoN_<NfbBybG>6w%Qdufv%AK>>4(GE;y>?^gu)HTSN-~~ZZF)-B87g_5rsQa;IvT7
zxJlA<w9NywE#p`YMN#I;fcr+yV<M`IBxkVhy-r68TH+PvJv+*AQpev4kXLuDJQcS1
z+^gFgHYP(IEZBC6pDyx9JO={k=J9#DyCd4v)R+{AX}rRLFi~$_3(>}FF9V{hp_<-E
zmZcu0M;{QwIBPD~<M#2j{&m-C4(hn3@0xJ=&JO}qX10e9mVsW!+t~LATa&FhT(?@P
zI0*e{60W<0y=3A(bT4jn56`kte1#vh<G0Zmq_lh+yYu*syp?@P$vG0FMGerBrx>oS
zNMz|U1xdZ8Mf$PovHRr%)oI&0_SfZ43GS>7N&Yb7jq}vcRV0B)?@W7eTG!s%9c4;p
z#d%i|{*+0<Gn7yMQzP}O0G2$O#bGrM_PV;>6sJ7=i^R6q8nN(!Zk=~dI%uiHp9m>J
z*$`%X@(uW#e;n(3mzND#aiUW0cG~aeN7eNQJNxq%v%+azc{AvW@=s12d|2H-JRBZP
zUOYH8W$4kl_qFs3)xA0eI+^0L<Quu2dc=9zH7!u!<Lh+wA?gLGLQMPTfkz4MgaWM$
z5b`B0yVu;O?JF<&DZ8~nQ=i5ln$dDz&UQ7U+^Q7a`2i_>o&90>)F}ET9h!fp^Q&tE
z2H4SzRAB^N#ps}69XS5%+YZ98?8lg9k84nrEc^3z3?LM-$GFsh(;xK#q59{Iq%N3*
zbZ~F`kbuhR0I9});Shgj*2Y*~mwMWgY5zs%n+-0=s|92#tONV(daZ(Vjb6`F>~a2*
zY(L1lCAy}Zy$#2UG-@0dZdJ22ujwD&mr#L}YQ)2)7!%{MP^6nF{v@HbO0qrNw`9A~
z+ao`&!}CB0$av;hJU^D;s`9P=4vv%~FDS2CsZ<sVqRQ?REe%`^*kKp?OmybKZ&CgQ
z;{lzgNKp`zo6#jq(T<3P2cvI0O{5+6aw#%GE_m;wnOIk9Cn?t~RU1t^v|vVLD8Q@L
zi~H317+Bh!oF&bZqa@t&0R6;BD9>`7#w)|}&$3kNHC0q7;X3-UHCZsK3B8VeK7^R6
zHxOdbt85ZSqFgYgKkZ0`8>_l&g9Kkg%F=zGt(|UKhwl(-RQwp9v2y$OrFmux-c}Ao
z_1NFw+YWWrxL}Kkysz+)QtMYOf3{yPymymg6_{;4LF(ye`ZFu|mAvjW$-04Nf*l*z
zj>-6gjYMk^>K_QCa}8*IBuJaW*bGDHo=Ysqk-{k+q~IUozxI(Sy82Y^<+a&}3q~eq
zZ|&^da?E({N|dx=(MVhR5Dc4A{WQf`L0Yfpb~Z9SRj4i?e-|{#|I0P~Iz;09#OjKD
z3p>j6nxv**`P*^PW!64@yspq%wN$r_a}=v_wgQFq+U3}N9o@S=xa;-e;m{UZWv(TF
z{)a?zOi7QI<9AFj<SnCUH8}^SFB1I3{FnDLz^dU3=jg_sAvY3@oDUfnzmjk&6MZ+t
zAk#3$bQ333HS~53x29D~BM!lk5{EN@CNeoNr5cW!zBF5z3%VnANcrWY7g;LU)zg91
z)OA~TxVkt@PghW8Yn+wDgrSt+$n$ke^ig3#H+^91i#!3Y_G@IJWM(*UuSIY@1pKpq
zk`VF9blQD;wn1cPOLUyUF1#G+L+06`Fxc-RymvC9*EZG))&^AFyvxt0XR!@W+dz}<
zy%1wglHTcJ!;{iZ>lYF`R-}%+s?nBO)o1I^Y9l0Rgb7-IWmS=JTIsBT!d4x9x|jve
zigHOle%0q_(_n*nolF!;{Jnh>#TL{&e3syNU1bUrYMBWJfcT5mc5t-fb=bjbD+gLo
zMC>46t>IcPodz=RM(N|OaTgl?*j6zY>q2dA{1&J;Yv87BB3x3JwPD{r;9!l|sr67s
zc%1r}J!PitGHhK`Ih~zsQDuL(d~9eK8#vNhJ;6-gK2100<)1va(c5<9!HPv;e|9Bn
z2)Q)xt3-0Y#{wJ2rJi=N*%tT%+9sJdykC;ORy%nOA+e~r{I!sM56BuKxZ3wgH5JI#
zKlt3dbG4~HlLeV2Mn&;#71G;GIb~DmnX`1H%p*5`<%{<aFu`-(DE_%{n?j_&%Qlv{
z$nV7D5$wNNb09NycyKqiYBkTNq28XtQ|nP#vrEtad*fzT`*zn>Rb&h1$StzYX1rqW
z2Dr!-J!>DCSByJsHpMt`IUEwR!Rq_0yn2YpB~0-Q+u~9TO-mIMY|N+Q@*!q*hl{;i
zX!uwD<lZOCx~pQS`mgD;*+URul@*u;+2Ld=pu`#1P(R6Lq^)^^hnH{tslR}TXqw?G
zX9F~M<y!aBKe4(C%KD(%Kc8X+-t5{&WB9f+-O8{J8zwsA2UvIQVd4%SvkzfR{1=Mo
zf1%uehZ4j2e>D_~%i*A%Cq;K?t28(ce(H%kD)fVKZ}RdNX{A3BRV8yBYqtuU7^80;
z+xCTCv^jJsW`faJ)82F*=s6kez$F4r(FLY<02gMfQ=*z3(^XjdnO5=^RVPU3T<X0M
z(?DoQkwd%2_3}(3?ohxgTx8G9BHHxtpHtiz7qyFL1Zko~1}*!T@3{9O^*45mm*0*#
z08Y-dUVpw$j>Kt2@j~xu^xuWm1TK9bS)K?@modGTp{q-wDjPpH^_()QVu~?Nc%aHo
z&4dnLNV4|0`1pxpn&*7A^56Cr`r-o$l7|>mOZMqAWrbVKU(+&ON6TJUrCRK*$?=Fx
z@o<6qeaThB^M9~oHR6w%mZ#E0$6-=hTjC{^kmf3<>21ADR2DE=ku^6WEaY9epWxKy
z(Z=hY$_mLo9qH8@r#OdRAnEHQwn|6sT$^CWQ}i-7=2N%$tQ7}fFBGk=boHU)K9s+~
zuoi`rqvkTL<bdx5U#DyTi-(<k<o)UR_;`B|fS`-l>G5)Ve9$|)13*B~?PPzwk=@RT
z8ak5@qxkvhRO76<I^|7xus6*6OgH6>5be8zMR0vGkM~CDcM1FNs>U+E{U{7$)ia<q
zrlObP^Krg71|PI*ca*kU)R#mDKeHD;p6#J)=93$xntc5;NP8^SvKY^VT3?rN+2l(f
zD&*rt@$@onLY$rj{#@7#at43f6RLG|4Dj#olKdmGEI=%)*EumG`GSYi{~p&?_;uEG
zIA@r1Y=}ho6!iIC+=8~O{7>o0p6HUKuu1eR#4&3RD!ljCg@OIld;%0nq2Nnm13J0F
z8n$e8POn|~)9!upw<$rws3)2+xoY*}*2I+Pcz4#sw`?UV#x%iouYT~_i32}|&g4HJ
z>Sgfd#i{9-wDrV3J<Npq)tOU!0;7J%{gF6ZFgc-fdK4Y!dhU)Q7xW(LizJ)6YxHR4
z;)rRG^I1V<NX1A8^H?+n;1`j=QL{AT90yMKt5bLcjo$uoyq=)S<cOHk>KY=<mn-e6
z9H-_(i)cfL9#*5PJ}mRmOrY>nte8-_ab%O2Jlb!|2hj`viisihw*MA456NqUR#s=+
z2we3T9MjI3@OK5y6*4FI=R8O~FuOFU=L<O_?|^J2SOM1sn#zpf?t-%e0>FE5<SVA?
zk?H%dPr0tq?XFJ`tun(c{?$Tpy!+LAeVzY&jIaBRH%a63yF0BGz*JU1`V^>|lWwfc
zxn*$@w19XrC%`uHGH4X|;=ui&QhYwXLBNG4E6=_CFf<OUYphF>SYmX2q{E-E|4U*e
zU-$Nd>YbuF_%4cL%R=l^uw#RQzs`t@laGsoY~Zep9vFqufAGKHq4`!XyYOkk$>8q0
zK`l;{X@vXhBGX|kduFUBxJT*v*&K$cJ8$MRhOOy*1e>jA{5X#y4eup@K%e!~npOS!
z{kA(grFf66fA$+VJTY^7b>Y;dksZ1l+_!2;m711FGd0mun)H3KuH^<~%ZPLrfB!$=
z8lP=x3%XG`Qm0{m|FI_@$M5OW)7#p;*<Y~7?%SJs*pRE7qW$a--ZvUG+cQmR8&$lO
zW^_+B$%aO^r{n00?j;rx4hxUZlq<5#s2`|d4BPX?{<xE8e2Q!&k20K=zN0jhHgP16
z&fC@oXMJcQ(YOc1GTbQSVev&R;q5gRQ=x06fG66{v#G;~omI1MAeha@Ury{V(>0H#
zN*)y;#`KCj|HgqGOPYQPeG*$QPo6XAMct+0*=4;8#WH3_ihjy;zWbvKM|xUEcB^37
zXlVQKhIkvjJ?JUr<^Jc-sZ~P4MD$hT1U(n4^fafW9lfu`7^;|$oacufSg1gzxVYL_
zH^9E|#9uPQWG&psc%x!IE)RsRyH!)5I=Bn8kxoq0$5SA-xv_2c9pC_%ps5`DelmY|
zOb5yYL}wx7dWGB0Y(9<}@R8z~h!lSv<r^b2aPyfmac9iTj51AIJvP3S`GWjB(Z{&Y
zekwSZS2H|kORkRka>U9U=~(}5(*T1TE-Kg|XYd1Khwq)GZP%;B!o#5nb6RB2(dCu~
zC@nkW4%-3ZMSm#><8H(dY3l@82jfBsOEYk{(S2uizoTxEhDeqMEIi=MYj_@rWql2o
zChBCm&7!C*y|z-G9Cin~0}@j5{fE@Yi|6&TXC;xtEzi(4$c^95%X&X>20{U{1zS^z
zH7B;Ft0+8Op!io;fALZ16fhbePUd}_NUodfsO$XD?OA<dG0qSb42ri(T_gO3{`d}B
zjfXW+w<T_64q6%pjCeRGFhXAq-8BbsRaE5ZXw2wk(yTwYhE^Pe>p&3ZD)dcnaqj}M
zSqN*gOe8U0X^YNO)<zz!8Qb;pF77w&;*%^^YgA`Rrqe8)zHq#T`F4*K<Abh!yAu>7
zo6LuTt7pAsIQQSx7gXn7QGC2X2n8TER;^sm!B6dt+y8%P@UOar7@(=qzk!DA%*mAe
zotIsM<O3MWgv{qlBc>zO$eY!-lPfefP+n8@(Zo&f>A%Baf$tM2TOYl}vOMk`R73qT
zx=Oh`NXW9E!B>zC`!@8v`hvZGu6MQru+~8Yu-ikCs*n`HmeLiz;PYxbNUiAJEFo~)
zK9_mlPI*7$GIYjl*6jOl77Q^Ie`cZV_q=h`aW9i~_}6`kC?Sk_=*St4@(Vdj-vS0u
zUnzRBHxaB$+fGY3WxH_Z|K9v?CyavjAOuLR&l%tn)IH*ON-ESZF3P`g-uX;0JpZ^9
zEtgsyG+=>9(T5gT;1AxZjG3b6<+gmj;A*(>e;WdPZ_3>Kn5SJ=buN&dp5`K$m4KVU
zCnQS5A&0Q{nX?hl<Rcu=^hs4ZWGkWPB)?TyYuXp-k1KHN$F~t^sA%-RG|+d=K&uUK
zhV|>mYiMRt`lzHsls}nT7W;KUOPjccw@-@_rs+~kQ}x`m-+!ZaE!lHrx3}PZquU`#
z2g#S1@GBv;8D#KvU8A$GCTbNX%6iESHSm&GK*f*ZmxsY>M!_F(puaa9WP=*i^I%#&
zl?cNU(bF*&lnXEfwDaogF4+Qs@S!SB5;pyiPl-~#5N4vj*0Yc-x4?C-Q}nUV=`08W
z@@h}`fsoML$f|yJbD!#(RZHBsf_juSxt+KUmrhga6mDN8o&@zGb<UcG^(T;8ldguB
z9~-a**oL;L6JSMP8|JS`>D+x-q}RES*WNb#ck+kv>KlIA>g&PFmQ`v`&6D13IHq2v
z-C5omw{ZM}wPm2)^31Ah+Lx89J{Si3n10pZGx~S~9#hF<L@kI6R(mX}A>O5@TeK~f
zxn|Xvm&1h*2i0`!bA3BF+bgh(hPj5>s*+0@vSQRzj?*)v@=2p!p34EeOmQ>>rE!P)
z03+vrG}v}m>eLpJay+~dSge;Ux*^<~?p4MSH<6#B(h=z*4&yEN^|iq$v28<r`});!
zgS(InuGjbl?2Sm_`;2|~@_g7;KKgn>B0b?UJ=Q{hNz%udmmh1UF+nyrE#vi6#?9}0
zIQ;*bdgO&66XL4}eYE9(@us&hL&DjHTO$V~LPp%%&5;9eC9E8Q+K;Apf+|*#00+wt
z7uo~bCt+#Q$|u?;49!~s86NF5tGL0oDR@C2J@*WFr;GjfIOp9M9pEYHr<7VXD0@bB
zWJ*GUu7|_m*IRo`nEKcK)fI19?<;fY*QDq532^S2V>@-SK#moEdMn0sJYsb}CHul5
zsB60_;ELB|i16`%U2Ms(q7f>a46h)!u9GW+CXGMHKhKQBUCUawqvI#|2G@_yVxV`V
z`TKnXh~9d_?#mo(?Bx3Mieio4IkHg@=&ARsXm3beAvJ_KCczx|cON8kD+8m`3MaN<
zlUorR(OCiMI}O&WP#m6+xW}bv>X@d581DA9;h3%?{=xHsq+hT1sP8dEMF}n_n_I(6
z3;L`+99PF!aR6t5asocpy^NDvr&p5~AMQ72P5_OMZgw;<Mz&u0$>+0G_2$9r-G`g{
zgT2iX?Z(@>s=EJfys9W|uk3X~Yzv3)>7>(pbkz4(T~Rg2zGlR~#am!`N{A?*$$mFJ
zA|mI@mB83?@R!&RjO`<|qNiGZN!;71dPvJj-9Xuw=Iy^HuJ}E^rI?UZ=MW&@-!9NR
zShXgl*J1<sepN>XaGW2Z<*F>&FV69P{uv!*kgq;J-23=^iawlA7X?Fp2iQ=DEFWsC
zvM^tMM%gjW;r`28_T*0fF)8z`8p$@6s`cDKLyLi^v^~*a9(?io-oBL1@~hMH1LgMy
z4#G2imGfXq(RJ*1U+H8xCLX*44i_u_&k2`maeZ0IegB_pfm5K?JE+&|{k?nKR`*in
z3{pb;okWF;gj5voQwybK*pKT|SWV$<qGXgcGb->UsVUP)$CMZ2k>*9s?RoO~aAFL=
zk@|&iKSB;y0>VhMGpC$_{TZ&DAyprW1K+{7O>##mBlzg@cxW|tpcXE{SO3&|y~G(y
zZkq`Y$(C30nzDxvR9icL?CnpltGtfChJ%U4T}LaiI#=o!`)J-;ld%)8`uq+CVt=Y|
z*Q4!BGRQ<*EQaog%UaRaFee4m;YTVlrKbWcraBecQc>*!z{jT3sLf!Oy#kgazE#3Q
zm`W4$NS4#JFQCJhkUFuv7h4|DJonyEnwi&dDFz{5yu}PTM%O>&c?|}^o2x!GViT76
zE!{F~+|BsF@u!MR_YlR^oLVau=xg$~_@UP2L~8ZGFa964-YGhhs9W2PI<}p3jE-$P
zPmB(p*mgR$?R0G0wr$(CJNWZ%d?)`tT2-^wtWjgsLDjt1HSdM2@{+fZR=k1a8Zi#6
zqaXswNH;4s4zy`IDq;k3eexUEmpGU`ymdJgnJiM^ue`c*9ip(lDyFsY<9Bg$a$Xo$
z11jo#O2=M!1Vnuv`(Hw^7`!91ZS#Dtep5tg4sg?5$+AbCwycLoTZ>JkMvt=(<<}Nq
z&+9*<R>A8wlBKMW2oUiKd@F}eFYo7Ax^OT0?(ncH%cNK?|6rz`CDN@5!+xbN{COY}
zPF%$8R+?q!@zzPds0n+}<oAw(supwsxV~|(p1P19gnuqbx%fAEBe%iS(wi)JIYfPU
zBXgHbgL|YjEMTrlmtI-uTgCmnbu`#zhOY=%bgIEs)q*Og&S?)=Y-r-;{yk~vyGRvq
zE?HC?TPZYrYcmb*89>k=Y-k`PVG>Lwa`<+3IPg9=J<(O4gTzo9KrL=wAzzzIYly!8
zuulElP=9N{#p{M8w6IvedefX|JsD2$$Ga|k_tYF*8VusH^n7EQH>PU{5!K!_MhqM6
zQSJm0CI;FA9x;A;iZ{he{pRV1ke@pj5qW9FtSDx`QF;i2&U<P#?>|-&iZXHr9tCU#
za%_Z5tv~Y8DyAn$;6Z<}7vivT672R<!bVF|vZTno)=FhM=9@b}9xv_ok5%NnFq9%U
z&?2~VeBi1ScSuZox-{NmmC#$d(R<pTR^j~7Z??a9pt-;yz2E}rzbH`^3L}q=h%R&u
zT(f!PU8Dzr)EMiL1+k&S@3lX{0T+F|*|a;r`|V?#E!Cm4Ie3oNb=S$D_+gzjg!%}p
z*8P!WevUk;E{v!Tu9%$OM%CH5n-WvEDW>0%i9ThiX>5hw*``hU_w}RpgHX{aqdsas
z8KV4+xsC0a#Ujp*wGBy=ii#A=)t=7dj~uVbPfz><mmpx08Y`%<BVh*dB;)w*v}xhN
z4m6)PqG-y7!+j*FD#8V1ZOgoWj5=WK(i&}Q$u+F!Lk+vfyK4)nDai-tO0PJNuif$q
zx018-!_8#Yz?a91SloO>62yda-j^OXBOmX?;jpP<(Ko`StOdzj_7%G9Dn$sK|JT@V
zR|;%dm`0~x{4G!T^P-4@3c4oh&d+=xRcvJF@ZsYRd-?&p7zuq02I`r$!9$j3&9AX@
z#k!HUnrdC!74_DzZidjWzH13qUrboR7%82m=Cj50p`31<k>+Ke68IVOdh1#*AP=hy
z0B&8Pz)NM<zI~>CqgRIiTzK4DE7w>C{SD?Z#0c|{r<Q|D7v6`DU^*pY)s9u?o7DK;
z*01xla8fBpl|^W4U^VUU&b|bT?Pn!|OU{O{o2p6U0!uQcxzt*%GnTy4#jKgp9qX{j
zuNT#S{Ve^#zfQ7$zR|i|w$7j=Qdies^MMns1RCShDp@K$eCWSr=H;2Opl`V0%``vS
zVa&XqA6ytwFY+xOSp1`6eeQTs(&*u6oKCxKue+|-`N{Phv(a~+A<k1gJ7wPBh<lkK
z-mO@y81VZ76a6-1OFMtNV`uF)hff%EP<_Rp)fP<$nEzSn88dvI#4z@$5`-VaPs-ob
zChSEkSRsKe-kX_Zr+n4_vKW|X+wz0vv3F2$rG9M-U3Hb{pTQye;}cBk@-P)qJI9t6
zIhXOzYsH5{Ls)m+ylWHdj(kLYxaa|JCn4k<ONgpjJ|cuBI|v~XMGPXyr`U^o=&K9h
z#Zw^yycK4#;}r^O8|th)B)K6q4fP4kmyib!Tg<6#0kzAG1pr3Oo54`YBjAL@7t>`>
zfPh&d(ZE#<_W1rkBpisw0^AkbxxP=do_{X+pXw8L(e&LJzovOyUx~yOkdp%Tk?ad&
zCbDK8&xUBi2t9J_RnRVd4zfp^Jyqt=y=9GPthIoo<4Szinih5AH~}pW{I=>|2bsKs
z^cUQtb*N4qzgWG2sVFqroRfa~!9Z!I+R4!;RkFWSTlz8Io0Sa-b(b4<={iKi?TS4P
z@3+yP6f6kG<*9IrOge5Ep}>XG@<!m{NoI#YsLP+{$LrS2_aW8DR3B8pe+E2^;mKuT
z;6QD4q&7OoBi*#ld#Vs*Ft9vT_;(Wumz=3X^W$35wPNPcKw>UztHi0g(+@b@+B}(K
zx>u`8jkWNXbW@uGiwf%-oSeP+d|1+TG8iaLeQ;th6HYby47qb*7#bu@oOi-Z1YCdb
zSD9hDbt!zSV2-&6UlI4AO%C1frTkyxy}RS;tM3dUAp$P9-9&kUL^2_LhB=rZ?X-6E
z9v=yzS)PBwsCfUILitS7rtt8f?w27NArl_CjK~k7%a6w6-HKoN+MwzuZ^V55%w~Q1
z8t>1a`1EmedJt*;BFYm@@a|ZK;$ZB#nG^bUI`F&##pu7men5l@kq97qL!SjvTIk+g
zwX_ng0QuLaRmc$s2V1pb`>=JK`fQhPa8DFa8UrTTDHtju*iefaFB;Pi^n>r2vVi_B
zXb@55goO<vd~*j`G2R`5yp(Rr;RoGj{%x?_x=9;+X<3d`IijzB$Vkq7hJI{9GL)=;
zF+|rLe<4YPFtmSsA(Oj(ZsT7GZO43~;~6nDc5aiHg1-pwHhZTVg4eWzd9H&yf5ce3
zU!-xQWybPZ)m|?rz8(Cg7}~Ql&r;R@g59dY8sT@k?CE#;x;f5o@6V2b>}p?Y7k_Tn
z(R0KkxB9*JnXh)X1qeQv<}1-vC|&vD*kf+v120+q3SmIfF?s$PR}b0z^a&+FeB0-%
zdPq0IK(va{%8~(}2JHd|Ld>02ACqXrx{|9>K<K5EgTZVN$BI_)gD!yo6zY%`aKayA
z&GBFe1o_OoUWJ%pD<BqBrxL6R0s$Jvn>+ScdSIc#(xVVd+L5Rw?eXtDp+b&euAm9@
zaKw`6c`UJ+%F)W2*$Gh1jrewd8Ol=&w&u;>{(7ohp?pt3pZR^t92B#c^#(jE3v%3@
z37X>T6>S~8q$arfN2O#$wwc2d4u-`o92rh<4%To>#XTG?LB98f{owB5VO31{jd$h#
zCN*^&kPK;>qzt&#eQK6I8C0#EyS8_!Q;<hH-~(kc-@yb{@m+J{s@<}}<A3g1GJu>Q
z+IT_@UVOBJIUwm0;D5F-1Q^!Q585*`m=x!6lnL_(V>$~;wuGL5;-QIGzlg<yRrDOu
zh7f_3$#@<Fro}pIM_**28<;9G=Vf`${VR%zfc+$*OZlijHQ*(h;aRJQ`u?XrIT2(3
zT8{}~;QstV78|j)>H>xNW>g$7xTpAf=yPZ6V?VZ^o-hgRkm0p!ZowdS3bB-?)WHsj
zC1)H313ZQTy7nt1NN!tQ+$pvseZ>!XXhlJtGWt^ZpJP3h#Vo(Z1K4iT4k4<yzF%^T
z_sEG)G@>qn^WAnpB4y53#L?GNmTv+zXF7e)i&5Q+t%rQi-lY*Dg(D+GUmAqCZAkr(
zKRj7cz2~R!@7(ww&a7Up{Mr|MpjgM0-^(<jT`bzZ2u`;cB#9+Sl$CwLTZulaslT@n
zV6UEKsQ_CR0sljg<yhgx>1dTT80Q54J<d^K9!-SNVPJD+{v!KE#u^8x?8IHQM;`rW
zP`Do`X}WMim1=2lHiSUc>qLkg$MMkAJ!ZD_`r5wtfH%T2K06fc>FIuE{~3hdPD{O1
zSinsp&?3}J?&B6@cFlFdM4kQdzl@k{sNvV$D=9T=vDiSmFiu@#bjjKJY50YZQdc6|
z?Xhf5r@m|Q{|^qURm@RI2?T}@?BWJijob1>A6KnxglhrbbRIiVGu2b8`ehKWF}Fg`
zzNA7&K4+&Hyt&<nsPA6iK)rV~BsZOYVM~Xz7}6qeOJDZAWsW<H5stm!tpK{mn~)qz
zoem{G2Ab9HK*bQ(h+VqFvoNPcS;0M}VJTjwJAI526ewJ?_#}0!6HmWxU3fJueB0;f
zizw#}1($SARxaqzTX(WAH2)oYQ40fu(Kif+oAmU+W&ivlM1AYRD*0U%w2$%klf_VR
zVVE^2=Z_66`@7>zJs26$>WC2fqo6mUkh~ieNeU!3%IzE}nQSzdM~W>2wo<h%Y4|T(
zxPH&)^^@>`<DhP><gnLN;4W|qoF+BpCRQZ|Rn?-FPRh`U(}B%$Cnyr<=zn0c<<4)I
z%;krAU1*4+HqH~4gY|Yl{USNtvbU(o;2+T_&J5@Pp`NR7s2mx5x^?ELKaeaHxf$M4
zLF}iMO{GgVMW+w~CHhd@AMS_?M9JXIr{<Pk2~hPlNDhn3-(cB*#jvz_zMb-2zXAA%
zwj-0wEE;LxTeR&s=bl3EX`<6QJx=7vINKw;POE1qM0{QG{T%<pM^C$7^wzq=2Aq5i
zdO{K@iJSG}M7nbdN+6h&pSxegdfX*P=GB@It=Z<Y$n)Bx%_jU|-u*0uz4hr~XByR6
zEywL5pSsoiVe^krJ5~+I>}2RMb;fF9K@RNAWV&K*O|{rOtv^Udl=lY0b?Rv(+>#?+
zf<M)-PUiYumGR5uN_TqyPpV8NtlhkW!0i{q*)0m6$Vl?9a0y72WLSN+IHmx#X}@a}
ze}>jK0HMVOr53Jgl`t-(WK5EjN90jX5d!qJxZ|Nx%+>GX6;*<&8F7g7$%d>81zzwV
zGV-#8{0hm`@*GTC&0;l`Ql99KPkJXLuO@zlnj}c!CH<TbNkr|vo{^1W)C+Fc%5WcA
z)SG?Xae9qgywmn%{`-<7F&Z&N@6uQY2Weh4W=G$=j)B?|MPea!TX8hM(F^y57vU#`
z=G2gO8gwV7_&cS>aV~PL3H5f8zJC07q_HI}v#Cgi;aPfScvfp0h7S0vi@clPY^^bJ
zOnBS+tFLdZbQHSkOpRYagOso`ag!e0e_yluOJC<FgT3QZU-v@Nre8ASJKf=rADp80
z(?Y0zl`r;Uu1_E%+f=w{3_(zCXvi4FA2*yIKN`ou+mKkQrChl(hnm~P7iD*^=vwLI
z(+PWz&`g@yRI}4VoD1D%dA`6s@C0r&zq<PaCSHB)ZuZNs-hD#jnUZS5hz@`Ot8%6r
zz7mE69YW|2D`|Rg`A7t&HNs$w8|Ch^2`$wJ=>&T3ELfEv419&@b-vuMUxVWtpFWR<
zlwSgp)KVkKx5+7Pt4hKeNovH&<69DKzT1KHdWjB|G)c2$pkAdiH~!XS%uirG9FJ0g
zLU1zx>2DLs&-r4$(h*7Hgs9DRlE#YA>3zKerP*oOolo?1z%J1qF|+<oK}o4Q2a$wM
zxYH;|8Of0P;sFhrC=K{;2X3XtTv_&NX2nK5Y~{s*{X*Qa%rh380h+#~hbLIA&<fnX
z9OCFaZ1IY$7?b^7gA8}Fs><2?3;@Ikv<l9?#Mv^~5AQnR)<S00r%(Kl{jtBp^VPhd
z)jwT+S8F4;q4R8L|K9NqgK1{lLh3Py3eRNLux?(l_f_bI(G@%ML#hZv+Q|2#g-uet
z3;5xK09+R$>bb-XGp#ewNS|9CuDmBQI)YDXGOlyz6olCMxgx$_PV1cxYMMoxCH`(Q
zq`Eqr<JbLc<Qu-_IMdE0%hT&+^ZB+CvGhu$p`9iL;`}n5kEQXky}SFL_Y|viL6Z`4
zU1%W1WS+Ye8!wa$XRlYGrt~_>u(max2|X&pSNcfI8>>bnC{)6%W7vH{Onv@4v8RKG
zQa3)#kbG(5?q66vWBLg1-$6P-TBqme`;o1$&(CY9kL<78<FEJW-uf5@{xE^A^V7IR
zJBaRqT(pU{?Q7SLfBF%aU-FhNg-r@yze?u6-e1lbEx+7e^ZI@GB;CL;WqT5o;SM&y
zS~P!{4XO$l+$pDGVcaMm9vu-{AXnTVIAFl~T*IVFWI5$JETPJZzINIha<vO!)VF24
zX$mYEC>DtIb4D~OVk-MAtwh|Vx$OU&N**eRe_dYxLh#G3TNw4JzI)5=@6WgS5)eJT
z=zd}{1Akea^Inn&=a;HIXaM(k>SDMN3hkHLT--wQ1y&Kn3J!z5MBSUs97n?b@ZxE?
zhRTHth1#InfTXC9@`n+7(vzQ;svTMUbx21>&?t3H<l#Z`29--F&&`iJ7C^GD))ik6
zQfPMo8Ep!LyA1l~Gpu~`pjUZQ8#{&r|Ce{{*CzcR-jU#!=0W*;>$59x_UH?M?_*Tj
z`E~sAwL6|d@Z}Rbck46yrFDnv)?=9SH+>ZANcXPwd3af;;l*b@qWhQg``3<Y@)r@o
z=gjRF6t%9vmrui4U|k|YA?3_eA~bIC<grdMa23F``vvd<Ie+;=;`;Qt*^dFfKSNQs
z*MIS$e1aJGfyx^Fk;BtdFZC-dd*Nyk>+!!*9!o;LgDZ?T;jN0#Z8nyEh;!cX=aX@<
za3Fl8C(AUc%kSd`@-SW^j)TVxqcs@>HWD{~8=)mQ+ISxTjW;LYvqPW8#Tnd1=-9-q
zJ1Dg3+m<GCq%9cb65<NR20S$>e(=W9HTZvFxxcWR=ZAk05i*(!;C<ch+ziWo`ozY^
zp9&Fm2+_k5V}MGD{{&MeYVE&=`5i{o;R_Yf=yyDJ<MMqjg?AG^vky~%I2<`$@bpC1
z7g_wGN>W^atma{PU<GN^S-sHZmCY0V7~RVz?A_`WNvVnM{nyHCeE7W=_eW|U1~()e
zzFW7LQjNPjW9v6b)rD47BLf*WC3fW*t~JI>AyzHfL`&5`EJn-FW6y{uR7F;qU6Pyq
zCI-Lv4H`{xalPjTz<gL9g(%C4c6(96=Omo@JJma?=Yj_uFnE9<j~ialal={Vg2(Wp
zx3)uLYTQqOUnrqR@=|ULP-`gRkY+^}#JT!$getV$;w*>wiu*v0AR!CUtA_v457@C4
zy^5Y|Mn>DQ=R?oeSc!?_13@e6tE~{m7EB>Q=>S584%7b@*_NO`)y<<lG#LrUTA>1&
zf#nqj5#l$p6xb!?1|hwgl<9%oiul723d{Y+9b(aG0Sf)!m;u&=PK-{+pIereJAZ`c
zUOgL{?%$D+I~(^R5|^x7)`Y^|Am5hEUenH3P&>bz@Sp5eDAUcDL9RPMKreLM>_;9k
ziY&@UJJKJ#v$qRxjU_vMFV;^Wx&F-zUxa)052ZWX844)kU6)!NWe+%tMK22_9xRSc
z<$0=KMDI!?lyc%(C)NFSmnIS(*6kOmy{KSY>*4$&F=e>coluTx#oo>L-D{XGUo)|n
zVqkZnYHx~6-q$opGH{<RYwva8UGaClwMy`<0%y>!R9*zT!E3`u^=D6+;`?Ue#6WR;
zxr9kzo1&-&5J6)x$=GW7A}%DP;Gcr1rHq1fhyJ-|Teo+uxCXFoa>^^Cqa%Un{+8|~
z_A+G=FdZ_g73bXrYZ0~l6VS;R%LD$_6%a?)w1knjq<LTjGCxbEUTEbU`wz5rmqK2M
zNIPS4dN_adeDuZ0jh`<w(wpIrxr6i3tYfVstT!Qd^G())H?n2qjG!pbFZ?t&nsL+7
znMg3BdM^-ycv*QS0)UYX&EFD|?Q>Yv_eR-Kh1naJJgOBvEEM)PPlgD#@nsyI(wYMo
zB7@-1Tr;K63|SOf>{SHHlS?~(`ZV8&!S(w1<FE3aS5GGGi73d3=U-7tR5&b6(et-K
zZdJ%v<=$bwNMYzQCBwr?HWjEA1Jv>VZmWnw63-oz2{(u_6sxA|brV#|R-7bSZfqC6
zKs-Q;oIN;ebzZ^-*~?s$wDAu_XdcI)x?lwkJg$SINtHS<oP^`X5FasMnY&RBh$GyE
zvX&gw2FHSdV{&M78ck$}VP)YKL(H$jqYrBDl1n!yi%4wuj6OWP?vLO#OCxO*yA+*Z
zB7d30-}Gx*LGh*$Gv66mdIRclTm(ff@_IrC1O1dmP6jU$>5x+k4BFY<s*NP`yYu{i
zXuVmF=0v2r4|7+uucfrMy>Phf(Fu3@Mtt2S+%Q8m#yR=NWIs9h!E_C!M@K;q(iew%
z;39<2$oxH*W9k__XhU08aN6VwGfyl1K;L#_?mnXDUnLAH)$srYh@mwGOf*v61OK^_
zx)jt3p=zm`KYfFnXqy2m;7K(!3|aN&*cE)j%5yL4FG4oTF3l_&ZR;9GE>8x}&GqO{
zSb~VRhT~(mISBN*;J}Cwp-15}J#-KhZvv02`w8=alEzKoFB6V`VZbfZ^^Fr6io7kl
zj<o$h*oUJL;39PdcI`t;n%vYwMs^J}J+Bcl7S)my!|2wqg+<a~Qt!|KAX}#1hT38x
zBpiCW;(OwOa&uRvjmT;IZ1;nrkc+XxmIn$s?7E}FrTY8{A``=jNHX4JY@>Og9c_JT
zf46dSZi8OH>~J7R|K^~4^PUX!nyCxOsvHazzq8K6Grh0ee$-WJSXVIeD}0C-<=cLD
za6u6CJoAPSP(}*H)ph+<8l>iFyHN*iP<;HAh|2vOH+Y5h67Kp<qo$H+iB>O_pxw|$
z<OF69Rn+A}uYtqd{+dAQfiNw@gHkB79ZBKm#OWr~$)JDO%A}tziZ~p6O<%nst1hE@
z6a4~4UE*W$pIq;3a_u4Jv*0jn{~_G&<>`Ro=t1B}q0+<Kz+ww8EZMuU1du<1ux3(H
zJl3G0wLc8TJrQG+L*4~d7rEY44elzElDK=oR9YTj;s+vaDqHb{jskUl+vzMh#b@SR
zc+dkpawU!N-u}Z$qONONqS!@a_$ZGz_@0h!56rtw(X*EovL7#Dy?OxNK3bB&iO6ux
z2!6B|k&{Vk$4({52cOCUss@tA_POJanVSFy`@PP(Z6Q%g>npMs#$Z(u)JM5~@le?9
zSZC9P*fBEGj>r{Sbd9JQ4|&EE+!KX~AS;V<F1`7dy~C@W4ouuJF3#4)@GdoBD?iJv
zCrZVsPbKflfi<bA)eZJ$HC&t!|IF{w3CiB3A6{|b8{fN04n&}~6Ss)s3+)7|<Ho<3
zvgyCL3A2&pDX)h&T<YkR)Q;h9D=d4l0`GBkiBL2&C1OVRerW59DB6KH{=uf=Hd{^m
z(KN@eP2wIAJMLWOCD&-unQ<r6$qzRFNTgo94yYgO@9sIon%-M$3|ls-U8}a}Jo+>9
znN%L5;O9(3Z>+5q*sTOR703?z1BCngTj<nTnqfCBHeX&=^snd9qLtq1y4(_ltu)c}
zF<}J?!uDMlT;+|ee$vd1UIMiJfsV|wvr&adSjvHQh=yJ>Ke+<v^B%8Ti#Mr7XeH$C
zdDYb#cMRO$<iJ2>Jx(qP`y$?a%l-*_HLVZA5sDjG<dzUcQEAQsnXp&@GcRSa76qAL
z*cUTbksq&rrdr;+C%ckPZ8>jb3HfW%H`AGCFYXGuz9^EiQ0g%)L0_|Rl#KP~y4{Vl
zTQED`+#$Y+Xa9%}G9c^LIwlUa{agkPs@xpwxt_*DjXX)}UoyX2&g>$r62P8KWS^_R
z(q-M))x?-&m8mk3z5Og}k9MHC4T-4$5{o}}*FmewWTX?}2BT@9Pv<^dOI;G<J}24y
zD}XJh)t4OO(sHXNf@9Ytcykf|OQt+zXw1x6$%@N!19_@k=|o5rzJh?xGJ;@w4>@37
zrc}`^;dMO~8tdmh`Loj*Tu89tPU{q3f(njIsO1FrB6<pKD8V)4j~=)@pKO_G<7fbe
zj&?vXZe!A$%|XQJDR|3v*e8&cO=TXWx+Om4A4%A$Ct}u>Kvc$*Rc9~i4+L0baO1%j
zZ4h6~7Q7@3mhNQcJK2Q@;_Afb)xL;{G>5=emM~M{a3`@awVF_?7<J3C%1AceT3k<s
zE5#%R)EDcH#=<Ee-D1WUJ`jsL<`9lT<9M|zz$Ui8Qf;F;)A|`?JrrtizU)4^vl8DF
z#0AuW8WEZ9=4&hk_m6N_YRyCHU+0O2=oyz(b6>TzEvmeWRGhT&o%Z#AtEU_~@vV;m
zFuqkcf5q8dITw{DbfuO@pnHTne8n|*TH2#7#U#lqxr0iQO=P&sd-MPtZ6znNQBN6g
zorVOB+*fv9jNjUL<}cHET}rnW;M3;(tzFme=pxg{>ZxE;%6Zqu>P)2L`@!|qhrLOy
z%HC1}=SrqToh{0-(RPGp`KFtpFZ4$`){6{tAu(+~ka!Hyp}n@k@=i>;Y4Q<R>Mo(`
ztE(ZQo$q3quaY(lA5Uj<6Lf$U1dI)o*i~UC&IJOqAq$FH{W5af66g~pXYK{V%*5?3
zVz_5E8yd+$!hWlUM!t`SC8u@?KbY_uN_n0*n!C5+Ll@7z7`+%BI`@bo^)Gk_A-pT{
zU6_PI&<5oW)G60d-tJONBpt(QC(}UXn5rgL%aU+y(qdchna&>(=%YpxdaYMRLPNf!
z9FUnZv^3AQcZ-->5WT4yI;y#mZqb}I45MH^7P{g?GnTM1>0X}u>5}KH^QI#xzj`U_
zR%O=Sb|8o!_ZH_4($3!1>jF)Ha#mg@k9+qwu2dE6L0^+)2EsRVju5^8CNl?ztibm{
zS})WuD`>!6i*@HGBnBQBy69|BLZ|^4O;{IWP;v<ppxex@eG|-zBpmc$K#yWxAyWL_
z;*5+|8qL`VjVhe#%@;kOmZgs-^v=%E7}^9yjA+h)QC5S{3fc;#us3=g^58pjp>Xw2
zDwvL_TZ@<xq@SDF8Lpp!D3jk1wyZUJpClBqp#dY4|J;ae<ilx>UvvYZHfcD@fOx%+
z6mc|{1QXW9gb+tw14JiEAr2aA;4b<M@W+t(z{}lUFguw<Vu&Gg5ix;cLoPRDKh~>^
z6~YS2peLFy<PL%212M0-sz1ceF!BhgbigJ=q!8a|k*xK#2}rh)OmOB}CHdx#G4LgZ
z3PDg1w{t!KChTtTHPX^AbYUETEs7=>M+I3!B9?>FB8e^%8fQ@oBP#B-j%>4_HXl5b
z&z@!tCSsAlNk=TT&elChX1iQ)d%$j6wOU}a+&PqBK84e04{-+00ue~D&t}>-iCu+K
z&t}pvB-^y^dbsVS_^(Q;9)YsfO<6o)xdP{2%5p1HJi&OV6aMf171IgAFGukmTE(>h
zJ+?wz?7mvq6C1=a)WTD?RgfH2!N(`Y%E}TBUn>mcZUQ??xV|WcJ3x+h-bp|nd|M^b
z2Wnw1K@$$VY+~j^djHS_v3?%wEOdH*f4ntLx|wW_LEZ%zWAa5GqBY47GPB|Y5+n=f
z-**!zPH4q7QISxC9RYgj`uat5qMzY}2NS>jP(&6cd`<IMc~2+ou=1?n#1byqRl>o&
zey4E(bYyl|H8Nk_HeOiJM#8BebJ!GRb1W$~frbVkdMqVw-*6!hb~@FN9{VcO{{9gB
z3WfCWQiP;!LS?%Dwy2w6@Ww;(J)>t4jG!Dkcxr}Fvnpf=cTI*+63lO);YbG65RXwr
zMBXPEZWTJ8U?$a@O)td`_hS(I0KJ7Ulv%OPQpkFk0joNsp$%9M+F)dLn*Xh+IaEAl
z_%4kt*fcG18)3os9toO)K4Ei$s7y)qQN12{sqIGALa8Vj^5`rI*;VY+QS<M46wRP3
z*S#aG_slGipcYeA^ePJIBACXAc<9E@|0d8SUlg3Iq3F;D;q^*d<z5I{Fj8}=OrFKT
zxq6?$qE=ZG5CWBJq)MPJUtS=YM#k^`2FWKW<c^62NtpBs@LTS{`VYXE#q0|_;!Eew
zj#p>IVI?k%vzk;>0O{ef_>Zw>MZLjkQD4V{M(q5cFR)g;c(wVr{p}HhgEtMt0rq&J
z5^mj(m7Ku<J#RfoGw-O6XWpMT(ehGWUMP5bPYfEA39mQH%6!ug{HgL=nU>wZlKqdy
z6J8CNfw-OqoVDJ*w!~sV)Ugp`$H3EpLBI^VDcUN;z6!HznSmzBS9w)0^+6+JQ)_S)
zVChD4KF@k>HkRc*H(}ybOFgoI0wF-+)LiDl5$$imWQk4t(E|(r^8r{X+4jM}JYuJn
z)7a_o857^C=KARy8E&TG+G1KZ5TUR2BtxB>GD*jiu5(`MUVDx=E^><Ga&%U}htQkP
zB7?o?IFeV$0;gmaCV%^9y|UOnFB7NK!xVCqNbXV6SoU~W$tb1vWUupH_d+)4qP@;q
z=w+TOBF>;4liW#q<d9Oc(VFC;*0ky)NhP+J`fNl=UaJSLn4EchPV?4*De_M-U4o)=
zbfyUJId9mlCyxSxd?Tz<mq~*-v#LcCCJC2#rDsRE3Y(4CCoT3!7=sKF4vfuw6Ua5m
z=yFPf^H2oUS#Fnj2z5)_Q-V>7S&pXYmfY^eMpDZQl1A$QXxvL%j*k=UqESoZjEFZO
zGvps4y3bX%Asb@xnwuq<kju!MCm0mTxSdoOYoZp^Ll(MaZn^w(1N2H0YCSfVf=z6(
zntTs>bnqHP-d2!n^Zt02{gI8kgGH%hkdg}~05ejB$#M>nEOyduY<r93(-kw+iSi{}
z&w7hTsLc%R{NAN~FkHJWcW&ChVT7c!rX(@!w64u+2?w~9svjLaYXMej#+N&1>ct!-
zCI{w7CLeN(D>sk-R9%}bEHv0|U##_R9uK|vDn6E8+|m4ia1z_NE?Wb6xdCyuKd`p1
z7JK3Ew;cAAz%!evr8ijtrSx0c>O=<qv>Xb@r@O=JgOSZe&MZ9v=S<YVjpm<Jj9}`E
zz=I}GFbf=2z&nYvkaxQjN?F(}d;hzc&{x`iH2_%kIPXIPSBHrMs9mHW>^1TJ?Huez
zSJ7Z^F|D-VcqvvyRcfkSQ13S#Q#Bkz7~X2A6gCI;_6MqBXr;ffk-#(<mmN@ov+rZ+
zUYI0Z4|=3-nTZ42#io<@c&{9?Ug<(H+kb4K?_g=);=Z!Jc3X~v#;0w~$1yWJZ4>c#
z@i&vn%1S0#C2NS3MV2D>T@+}S>a?E4N(qHaqY&yCgXK-sO)*`(g6;gKn37afl(|2&
zwXN}4KHs`!J#~D&l)Gfuctsp5E;0ML@ow6@7z={YIt(!_ITD~g%A`#K$fZF!Xy`FY
z04R8dgdvCm`Zrchq)FielwVH4zyWhi?2-d!@&2<X$@OAugB0`w?$W7{rI>)(N0aa@
ziZG0IS4Qv9EZicojiCKnDuB{Y+{$<BIijn9pBhiQigZx*5Fzb_g^JuFhEOJ({o=Gi
zx%vjeXrAp|?4|q&yK)=pVoWQ&6b2z~ZN15;2x)cL{RjT-c7e%(90018b%1pm|I7kF
z)6z;)62}ZTWS$kUL%&f>I)<PGjynv=C<A3ic)vpSBj@MsrPh3d&OG3*84k)yk+6~@
zS1p-p9$yh~SB`xU!aRX!oQhYbL6|?}mfK`L#Ym|#UzBzbuvVmn;3&j4Dz~aPm&R_$
zr~yc0%q%F{G-KqVc$eh4PUteVq>EtDw=Jr;j2K^Dy9|X|K`Cm*NBBQ~=+_Y3Cr5Pj
z5>2W)AsmaISrQ5y=n4~9x;1eMVlBDcGTcHrKLYLPio(}7gQ}$rT9Sc>cuuu$4jjtI
zZj(Q(VrM30?@h7>CV%5t$G2ExQLnq?(Xq?TnDqUgjIX;Sv6WB9@qjn5NHaZU8lSGm
zgYs64RH|f?Y%++SG+iICm{ck|<#|nyos-68+lLnmCQ21`VUtWTfrprxFSRU|+_wX%
z<ZhOZHo@Op`_<DZMbi-d*JfH4FrRUmio*^+-;vO{O&0W*noLNZNjJOc7mVyoS-p85
z^S3&6l9$KAw&qxs5--aDS?i6<8~|aIRyr&jA8j7pwuGJbjrASs6`2pNNl_IMCAJHp
z)@JsQi<+ltl?h4O62Q!H0#d{B#YmYW<Neuu)fc7|;KF)b1T+xlye~tkfJAY?9;WyP
ziyE+dBVfD6Wl?FXi^!l$SWB8Or$w_4-e|LvEv4qMF|dqolSPT4Gufp>u5u+D$Q?Ik
z(e6a@J;pD$Igtbv%23`F7NM0|mOfONxl1p!ZmDM>;R;=_PD2pjcYbos^hMAAluS6c
zR59*5jmlYF+~`cJUKYzP**|R5?nw5rbg+p6UD{njs<)tVa}=qXVE6o?HMcX&9e94X
zqj^<6=z7jsCB9eaPbA|_j6TOG;%H9b`f+}P`hz|%^Z~=BoTzQN%JuxIn$f{3el?@D
z4PuG*7Bg1|M12$h=o<%tk?|J&TY%>I-Z1PUG3PyceL^}7!vTxCFrCk<eF}iU(2c>M
zJQMO&OPv|n-}_c8r+)&80zhx$*d(b;TIA9G;0cUOS_b<U=Yt3pdXk~rcvdAJr^4Nu
z`W`T=+kv-Etm4h;ZB@n5_PK?D{%DS6G?|EQ2Tipj&pubIfz<~Ah6irxV8?*C^y0qp
zJ4oqLrRQ0+T7wAE-av=RuKN<$DeO%8`of{s_&s-kf@1bTYzR_{mYtR$!4QzT^j<uk
z3`SrHIAVY{6C2okwf~PuYp<!h6=AcD7S0aNC^B>9QROHAVw$^O6O+$PAWMbg>#E}m
z;!@pVcoi)Y{rs$+idf}C0)BC+wPk|Vmb!KANDS2lUy2p$g||s;O7zxZ>vn~JXS>uJ
z^<fl1)$lV&{(ipN8~69BhHPcXE^J|P07B^>V(%`l4pDT%a15KuS;(@+%hwTtEcvbO
z)MCOEDI6=dA`UB)O1CQv9cn?ejy3}aBv*aO^nk)Vf)(lcEH*U~3xpp0pEdfV)}*kt
zA|M5~e+-3dhsD>Qe$^4>(4rGB3tNp;-&kymJ$$!=*S4?8gB-mHo#gbU*<>{E)oT|C
zyLMsCi1|q|EZ*y*+eJii-sX~nL2gymHe#N$g{>PJ`3gt0m?2>Z0%W*6$xRuKPa;bf
z9>!ul4$Z5GqXJVPFmi8X{%KIYz^3c3;+P$|<k@R3>ClvI$jfX325S;W;U8<e%9Qaj
zS+n4pgqLH%PX0}GB6~2F{w#wlj?b-tEAErQk}Lc^rU!B+(Pv11pNMI;+0neZw%gJC
zzYtt;p03A#&-?YiLGt;DW<1`!?@P0{--+u0-aUfZAZ7E2i~qh&gVU}GtmI{1X~XK^
zcLezHUx{Pt=%6`p#Y%!Y|8={$Am!6kbE(t5QZn7^zS8fMz3&jUM=4zK_bBzBC#w1m
zem_vz_b@irj3y^Ws&3O8+Yrm7j*jp;F|tqw^Tt?-V+JNDYK{as7brIakE$f-PR=+W
zI88!K)^>v&5RL!}n|IPDCCUVvB&wS#EVB?&q|4f}X#>iRG6>>ez?fi8C7$ob<{Xbv
z7{*-(gD!^dB^chjf}@Y|U9Z(LL)3@nA(=B_7yUwFhiD3&(;K!1clgdco3rAT1!c(N
z-5_BO=;38`juK?bOBFPPFG{9ea|UImfJ7suih3WC%tpjLkv#8Z%flA3V*Qr_v6t$I
z?$|qp??fssGlQp?#v~+yEeE=(s+S=i$-rP^CgLFK#z|oaJBK2MS7ylQ8P`3q<V&D9
z!2xOpvV|gs)MuzdE(zid@5h_Rx&r9IUP!PSTX?d8ypd`$S}EPsoI}uA3i=A21A!=*
z<>5<>rP9rqZov$d?A!<xVg*GHGXSAgg245Q5M>I)E=^7oG+Jmz*cG>Cvxerg$X}&k
zEMQ;T1dDF~-fPL;xd3qGZSIfK0B0_nmb`zDG8FM7a`+iV1kIRr9E;W?cX64t48<)c
zjM}}_KR2-&uhUr9?NHM>j9J|#)0nawjyBC%HB2_fW4W%reM@?nO(D8a3;Cecl*{~n
z;+Okg9p(H|Ow&m~0MY!RVv97t7VZu{q6T`q4%*yAyzxS^4KYR@&QCR#v;H>2poqJs
zpWfRex+>MpWi<hhN+FFFRl~*mYc;txYzTseVvHWdaFqUHhQa{;C)(h<9%DelsI7}{
z0CFLKHINGOb3c!jM+<O^l6N9B6^Vh(BsvNIheEnPVG7>$=U9^h>#B`NA?Hj;;otd#
zMhLlt#lP9ZQ35P}6`=+onrMR%Z6<S@Y!r|n>;Y*Up%u*mwP6PECJ6*A{5BK5)_G1=
zouLoxt8LUTfJ7*x5r8chQom^$$bl%6?<kIwma$z4_&AQrU*AQx;E6DU4w0r7sx$e#
zUFliyg|NJ9Oe?S|WnHuH)dC79Uzamuua-<IaYtjuBMJ~+#fg_PYHayL7h<<O?5aD8
zn+~wNb0POMo~j=YDO3n#D9T*x*d3JNtujlPfjGUdqD<hArxpowoRbU|4tTyFgpsl=
z3@nDoIY$>~!au~Aj1-S*gcM!6r)B*Dk;Il=W`q?dK!VfG1GoLO{BXhzTx?lm(a!E#
z#+xIJz&kUpq?8)>_wfdZtEcYh!|gG3qxg;Q-p`CYu?A<vEfPO~@g`Kve@*<c3LD?o
zCqvoC5VlKT?s;$XSoz5xAH}%;?u#+C8l4))soPo}#;Y?}l831?;2k7k4cZwzI!;8~
zxv95_FTH{>v(@3B<7VV(kG$cWh%sH3Xt290{$G`sWm;!fyk`QMJkLYjEOjwa`S630
zrFHRnf|*maxw@sd3mf!to}<obhKl=b<AWUKq@&cmC^L6N1Es{*yW7iSiTxVuM3L^e
zV3Zv82jbsMnzZAvUa36SU^9GJwrZ76Z8=c@|E>jM71~$fCwxit{hYWJR;S|#Rd9s8
z@U{_aavS-)IL)?uRT-A~AXQtqjwr_D<~)^ybOJ=@BZWW!H1*pVBd{=3<00Wm`KD=`
z^b(uAU9!;<GeXp{l0AZ}E+Mfk+tI*zKe%DLPG1&zAHB8ogpiG8M%+Q04@FDDsw8}=
zHi4`~(?jN3l0B@e)_DNoqq2%X!w{>~8c%e_%%}ZSVwe%2L%XlNfFvA1h5gp%>cw+F
zAHQ%W-pJSzd?H@WSi5i{RysqWB*UckPiYeFF^<9|&Y%g*MGL&H(r@7`7s^t9<n6|g
zWhM)A<2Rm31p)*6pbEQS9=oM5o}YzIC(d01&g)R9a=q-Zc!Hiz<I+yLYPrD4(E%<(
z6Cu`&@BPxe#;EKAb{IdJTZ2Yxdt(~evRUQX@sA}!qk0-kDD`gcP9Zi@c@M^O*Rt>a
z$L;F2c2(u^van%W@PKND>vR3f=Aq?u=nGBGx22kU3QPooNKe|97nf>8lho&Av=rQv
z4uIlWk-4<<?NQqsGMaX)AGbV`z!tqp2U}%2D4}+Y)ahOqf{-6dOW74kGXk>0c!|Xx
zRw>-wIv`vD5ZQ!tBmwufjPGN8=1`gasjLy(IARuF$$ksXe&1ilGGVD-7^UoyoR?+E
zz$_-kmrjz2;OXte=l!5CL69Jwh&eONqsKNxNMCu$$+A#mE<B0-r8Q4msgj1k*sXa!
zp>R`qi&~kT&AnmM$Pz}#uMU@>716)gzqJ&tJDGa2YjNJ{$M5Z;HBm7X&eT72MP^>e
zC98BFITvROe^coWsoXElR$Gn`ui&i_U>hi49T(`HenlTIZDA#gCTiwEt4wscs*?_g
z%K*%YNNbx!70iOvYB0bpXV9ma6R*pGXi&SErCGDi^PP>2a#Ito%Uqd}baF_Zm|dV&
zI2$j??wO_a$zx%g#Yfi)k%%XtM~XLR(9O}a+y7ir?qii~Gz+idP<~*Qs#xg?xD|O=
zV5Hll$Bz*+kB6N#JG4#sw4+2EtwV~j;7TRu+@Pb2n!~~6VLT^f*QAC=KtoI0S$}Ml
zdNhZ2-P`&V-iyeN!ZR_C(3EI4lQ@V?fwd7t+CbJ}F5J6mV=@2WS7bA%X*e%DCOFTT
zQDhG0y30?XXcLP&!^!Te!7X^7I!r+gf)HlAomTXiW)t5H<kX9}GwXzDtP}lv6lxK#
zJ4h^$sP976zo9UBhs`zx*9dS7=E_ZDUnC=1VBfSzg)5VC8G}q%YQPB?wU`S$C1bl3
z4;W?Il~{Aje&Exx)X0GGU@^AV)$Urdk>Kr#W}G}U<D>?ZEoZ>bmjNhpVOE0!s>fLx
zR%dKxEXAL|@>v}($x~T6v;UGMSyE?aye^Ir2WgLw?oWseoKi+wGO2D{(R%_=`x`H4
zwsRsT6WafBPg~OK1q9ldq;cGn*?cdFBn()$ORhGdS=ZY8v!e}JBqv&9xp}NjtQaCI
z&-2Q}Xn1FBa^6H3BwADo)nO!9@vl>;Stct1wnw)E6V>KQa7?L~-+RdF%7xlk4T*iT
z<bXV4xFO(Xi>;~-toz8zCZJUSrCjF;Cl3>gv?HtGi5mUXqs)sB3hD{jpD^y>uWt>;
zQhNSsnE<q8oQhL%ER4+3*(}G-L?d^m(8u{$95Uj0Sw53^Ct1gZ#-SOq!Bl!E769#%
zoG{Zz&IUq!=p_XGPwDv$B?MvjbII5t^FCR8I@~z@MDz;Kjy#uOO-YERf1?($PnHs*
zr*EMbV9{{}ssR|Ol;_`KJ_lg35s#)xW?&IwK(YOCO|q-dgJ+hT;ati3G%L>iw6S5|
z*<w)bVlGTYZM_ifbS^BhW2q30`qy{;#lV&+36v=`6`NPin|kcJ^PGV;D0ZVb**STf
z_QQ0^Kom;T*3G9ule2}GtU9_{^z5X66D44%KHO`3*Gh1-gs(wt_D)q*9!<w{FmBqV
zU5SSjSo*1*0=4X*OV_0}Y|n<ufbstO4m>wD7$;5UyyaXsB!$WjMXaFOPU~Z))1_0Z
z*(WH@Fk#|oVv)Q?C#)Iz5v)accn6kSlpmG>oJ{r=#XMf&=5~Hdr+a%lfZsa?tZy0a
zfvMfEH84N_ze|#DIv;4b%nz9#t6<BLfRU9$8_jsX(TR{Z6O3L*k#p{jPO&4_$>zWg
zUbm&5_`rqw+2uM>`_n_PY<O^e<~atmUB=yuh$ri$tT7lgDdshR4VLlH3#d07_goCZ
z1&xZ{J<L}G;$YkHkM=?VJ=QPcq!LTp(3Ne+7NMqD!qcdBNZk+XZ8+xyLotOcjsTyQ
zL7e!ByfePZJ1^M#42vn;P<+}_4$0?CPxveC<4{Ed%kw{&&s9*WrpvmEUhJDW5{QAD
zRqhSKkw}Ckwe7&WgZn>+-!_Q3`_;Q}ihmo$@k-P}k4ats@Vk8(WVvg*{4T$ZkXdV>
zOh)*`+Gp;FkPU9>qYXmW{E1~x1Y+lgMBzEoi*FoL7==Zw_usYB@P=b3{`Gaa)LQd5
z$^vx)`(vbWrpwGoAS=>~U%`t>=|3ooIg4H^6-gO)$bu%8ePx5&lvocOL~GXz*oHwH
zB;FHLxilv{`U$&qt4?Mtgx7YfZX)hkncOaaYDOnfmYkflk3i-G)_(nM#Y50?!u;T$
zCj3r<WL)*P9jlHPYwmyNN*&s7Yu`Rm9aovF4+cy+--~P2l(zKWhIB@nTNnREBQu-F
zo9Ep$@F7;Isv94YW={t@!i#RVG570Vjoc|tX}oTiPo0=_CxVZY`n(3eZ4eb#txVp9
zSN!j_r}S3{*O5A6^B%6&n=@inUfNaPwwK*Em*3XT^O033HA^Fr2B^3YD^+NR>zo?S
z&Py+gb;#E~=F6+vbTvWEL=o1c$ILEC?DayYK?~*x3Y1tXDoYk;8V(hzP7pN{eQ>!z
zWcErZ*-b5J;I`pT{w6bXNfdTC-qXA^ez-(cHiqhH@}=9i29fcnKXMluha(r@xSrBD
zWq903KofWdwW<j_#mNWV;4I&amFc^lUY(RCL6@<e9UO=FBu9b`7(?L717*;^4H|w;
z7oJqrVZ9PkAz9jIlqB^*aBBb?e$sd-S$|Y3!#wxiTs)6`+qxy(nsI8$O?hYPWF&=g
zow^odMZBeK!(;7l2dhR|0^;_b0UG&lUB+8f1qZXZduul=KNiUGZ^XndU_*euKoHXK
z^~kPXGCix?!(xNlREcKnI%#AS!q5e9i1iWwM>R>kGx{WGcY7T}r(a}=m))WSGE;}P
zIcOxihAySYVvx!S_lZW;RBs<kkGhzbY-iQn_V+Ro?t5Sbi>5>RuZ{2u*NV9fFDR7U
z1MOw0rU(JDn1;_Xs5)IsStv6jvx`=uJ&58zSRXvB_tMH<+pc2KZNVg=bz1w95{LHt
zIqc6Xr27$nOP;=4#UDv>+2pe!MRCR3NIrtJ1=davp>))R4266f6A6Wh(9KtM?nK&h
zwUY9pGSOdy76mS^T#*+8QlLJxl*{Qky>~WM*KQ+%T2k|m=)n~hR)bknRA$tZOw5Xa
z6`EVl#wmY#$`y1R=TsQ66vgjxo0ESypMI{bJu#VJ)%(+@Wi3`ZM({>7aTY{4p3*WX
zG;;ut-f>!yKsYR87IeOeQWoHA{|VKh%;w9>1OdCjFe7B>57bvkDAt7=N@Fn&|C~~M
zxW@e&|2o8>kMMu6j{!AcTm)@O)i#M{Ik}=z-CD*})PFoYng2#fa0`|AIl<^xGnnqb
zzCKu0t;g2-+B(p_qWV89cI{cNM`4E1*0pGWpZvL^QB$m&REF7@UDZ|UKM>5jZqK;k
zli%>Hk@;<y1#xU$EZ@PIo*g5Ru$*Au_-6a3_K(&NWHj6NY74J@gO-xJwpq<Tvqr2q
zgN?4~3Spr;PdlhEUYd<d-QHB?bmM!OuKTO$Wq>WH{)97JlYQ6u=S5Z7sc&CxgV*zy
zN2j94qZ{YeT8_uP^U;chnu-w~0fOi<&BZih?-X{WnJ;60KIJht^HS6cP;HWnsscyh
zLv+i!V#qC7@k_H8a||xG*TRu)r<0#S*NwBP0~(y9peso(EUkRV<RFl<S5(BRV{|pz
zRTV?eDlkFKI(C<TX0k}3G!|%)8Ov8~<|b*hWa+&d&mS!x%OkR#Y@E-wUa7Rt$RZO3
z!ZuG2<}+wB^R#6THMgkplhvE|LPol6Fcv?dz0T*-g34))ZhMeNbd1619JAXJv4AF)
z?DwS!0fq;164E%S^mt`PLKqhkExgOEHwgKj33Fnaz!kmqXpa=DTz2Dn_BQ`qkzwXo
z(S7%o!q&vqlsERfYLK>jzS8aEE^-U5#09ne<;tHhi?2@Vo9A;07hv*38B%Wdq0~Nz
zHmcBH0Lj!56=|oFJpo~e9E?AKASav_Nl6I8)(qvoCEOh4ZSB_F89#Z*9oWgmg*%OY
zlh!YR>$9w1L2|D^RvkY98~o9?iOFGMBq$X1`GC&SY`Xm`3EimW8NVzh$0gk=;W2`G
zVQ0BbK{B@%^ZUp6Nb7F@t!7Dr^$rB<qcRuh9d73I051N*CTx*w_Tyb7$z>+P<+8K4
zU^EmgHE68p=Iap}poOE>R#B**SqVKk=4MdjPA_vuc~w}DL_w3h{8hzSkp`bLGm<I|
zW<CQ?Ys5W_ABA7#6igl>EDa#D-N~$bvB3U2RwQ58ukS%-fTToRkrD2`IlAZ6g|G9g
z$eE#2K%3C4!?EO6PPGB%aVo<4*gjyB9a2Xe^$e2G49OD#q}$u*A@8?2$Tgebv$h8}
z@Ql4QY-$;oiciJ+1BWzt7aT2Bi^q0As2pcxk0q`orru`-{4_Wq56w^=OY)N?f#bQF
z7FbOf-vOjD>n8NlRl0TjZcw~<;LqGDp8rQCUHp9dz+af?<en{eJ%8%O-6^mC9T;Tr
zvOf!vyH4=<o`l{pcj^WEJ+suka{k{%c!#a>_57f`47dB}AM}wzQ1O_)O-p(z+;-NH
zH&1e(F)r^y4-yK_<Ih49eupn<&%$HyWEGR!n&<zB#WoAVSHaXOG-9=a4tzg${+~vS
z_XPU&`;&s=!g^0C8qFx}3m|4EKM>hVhWOpD1BNHMbkT65FPPLvmQ-{0&vpNG{qV&$
z;`YMo&zR035{2nrZ$0WB!L+nECF(<V5z&&fP&7&nQ|-#)gHDDcO+*Ry#`W~Ki@@>5
zt~ay$)Cmt)dWzy8dm7r&Nt!Xyvf`5yI`LM*k1b;1-JxTyK#-_U_}IwNQBtQNCa!Ny
zdc`3MeYsBR>rzW{g)JiF5ELydZs3vXcMzj5y_j%1DKilC!vEV{{2;z-BoalHRy(8c
zP5N**Viv*(M4VTf9u)7-G@jn0J$DOBn+5lo$X;7GkkNzB{dR9~dSm-<F;73Q#<xWc
zE68yc5jV{q(e)Ewt{Dpm3&bUVJ0en##tG-eeu-Su=qO0XJs3od$KjynIYv?VvgZG2
z&{|ovddWJ1Pu5NW8D1y*U5Bk4Rvj8p98YM2ZrMjE{%_`b#->b-G{LlqnuzQLd%cGC
zKUCMb1^?60*i9PXYgIJ;S`eopNP%4$RnZdK>l@Zl@T2E+j7qw2FX8{=>z#r`iMlP_
zvTfV0+GX1|ciFaW+qP}nwz12$+4Y~(-M8<Jj{A_BxiWG_K7DKESYw7*=Zh;x+`BEy
z=Pu=sw)bujcC+#pVN{Hy1W+CNQJQHBvC`tQrHfUY%`L^LQtwhP6;iDiro<%C4pVR$
zIXX~@3S3u>C>?tWwA+`CN2yrmMlz3O1#L^GY!L}f-Ve~y=n=J-_eYUGT#eVZp6b2D
zu?lnNbFm(a`0GhsX4NDZxYPUyNA)Gqj8V}7MKn)KO2H(+9vy8jRu-*#B@atB^NLH1
z8~0M@w+AH%GD)>~?xd;okSCAre%}>ZXR@?PtUSz1Y8h3!jCt^CnEF}`KdZyfRyK27
zhw%)*RAeMqI2KR3_F660SL*(L7<8J~e}^=&<HvHTDjLGnA>FDh8?1&EVi7ANViNX5
z!^luz-GN!WSm;f%H%n*PoZU*Lt{yl!W!W2)DxA%U8nXhWE)&Sh<=ITdN?gtsr8L36
zca%7rm3o{kN|_vfPfA_Rmt?UH0D26Xl}-Rt@BNhA_3#33GV_A@B-*;eOWkAHB-+y^
z){1E>4kyFS$U;FuAT%xA!rySk4+9aq$C<*bI`Yc{1XgScH2Ev{J#S9>BQ@tr_5F5K
z001lg1m#5O!qdx6KA6hRpbzTGjT*;WNyP}toKq`QbdDyg>N7zPZwXSi(jBRUUSG~-
zZ{~4fOOC90i;E^>e~i1|zvJH|2;-dpx_n9rq4*wU)zW79jt)3DIni8N>g)d%=ZIAY
z`HvaN$)|z5<DGP5+PO!q1(32b=n(1P<29vG@58;7{1bLD=eCrJiEw#e8&sFfL=zt7
zzZS&gidS*fL?XaT63s9Rg@&GRcA&H{{zueF$@LAYfTas#hw|Oq4z8vZQTbe?HVYsT
z%{}4g%nhr)%`=LM+x{alL;R@`Te64Y%a^0a%O-YbX?z$txzb+RNySOC(=;ga>w>-2
zl{+`>1iWy1!BVbQR?<^hR{|+=H`f5yQm!%A%gQ6K?CU&3edi+Y2b!uyT&IpeS=YHU
zIHcm=b01RpV>KcL(D>9vVmo?wdhvuDyU)<INs=$anRSvyT*m44S4lPv)1*h!&hWY+
z@UVJ`<d0b5z$DiwcBR8%0TS*KOX0Y&^=dmRjV4v9=)8;twzE)Yaaz&LUlnyt9C=Wr
zy;ptwLJ;RQfB+pWp(z*lUvSI|0>j+h(a1(EUYxOFuNQsSCmaNHF<&EDA>nH7x~lvZ
zRi=U-q|B(MmTCb4lqH%FK@=SnJQ$q(Hf@>F42E?gB4n$VI{-dujz?g5*>c_1B_mcZ
zBQeXESZWACa6}(R@88xXm3U2IopoJ)N!!KH5V(vrJGo$P!|L@(Lw#Pbz&XWPY9KxM
zGNuovo2RjP2X3u}6zuNP$+Px*#er0bDS>7o=K(PfCA&ms=p_W<lY?M6N6OtoPFL&6
z(Iu#s4wQGrjfnV>8AA&Haj*Arti23DYO7S1&edlgB4Sp|EAKwKlOs(%;MhM9xKrp8
zj-05edx8b}HRy*DAhUn78Z77)KUTKV5vPP&O0#l<@@AoOXluDFJ1IC*d7}0vgH!Dt
z_&D2HT_&+GR0;xCwkQ+tjlR|^uPAk|_W9L0>Rc>?nFUu^F4roQUXV4LJFORWyw{wc
zfdQrt>p7c1DKN7Yn`Jt;EK|9MURX{A#qa?I?Qn^EZTAL&tUKWQ=C;jM4Nm$WSwE}g
zv^vcB_{BWi-m&cD?slT=B;#$szUSxjgJwj@ta0IO=Xd$L4lcK7C|QJ#i^6HD7$KT%
z<GF&d*{fpbugM+nC_Wl7OK)zTFOg1$$$yIgHt)Y(VS$#Z_EDZ8B74>8IJGjKYg~ai
z9@M5her0q+)=gFzykJw>{!xgb9^htkmZ3mL5k4l0ywHCwwx!npY8Ww7_q?~v{?IJ#
z8E4!$VQb`AHEh+qqPnfdRh}&4!2<VJvuRqWRcw5CUp9B%i0aswInViEw01uD{Aqk~
z*|t7d`MzzRDedFzPCL_#&z9ccEp2~bpAoJ$tW3yyd)ac+LrRcW0tp4UdUbm0<b$R!
z5)UVNE}`fp84@Xtm#{mqHZ(N+d4})mv_8COmP|`RE!I=*>W(J#he%fiPiOvNq+X<X
zl9MFep*)sl=Edg6k1b<jE4$fHkB4}zQArId28^7xhADYU+-Espwl`%uDPz5It*7-F
zG#Q3i1h(*Glo-Z^-?S;p-ugA9QvYEc>Y43iM_HFy>T&1zC&Rb7X*(AOaK$uhNEm5G
z4ZPT>@&)~!9E{)e+O1kiyS&C(?Ug*}Oen7E<_v+EpXk{+vE#H~az;^YhZGXDk$Qzg
z`kWw1U*(w*a;;fK9}Qs>qvYUi#*UZ@L?zTGOm>(f7Oxt);%7wob~k-`mC3dvv@0e5
z%HuSecZQAsz}sNKmnrn?*=4L%Dj?<;^4B<8$~F}}2pN3stz+BL{v?|kU{;hIaFYjT
z2n6Eo<-~L$J#SQz3>k591rMK0^9IPr7J2$3>~5MB@&*%h?XxIdGrWmZx14rxSUPtZ
z4*gFtllD~CR%H6IUcpGq-%AiwR5&-}@rHiSw@0r8;VsknKo=^b+E*9K*zAj<n>s1L
zBnEZZKvYK6&i-Wk)C_;9cBy3_nPAt)*G@n+;<C3kD#GcJEDL{0tYW2q5m*|u@)~@}
z9lTM|@LqBBhVc!RNx2KpfpgEGM#8DWkgmJ$dCQ*tFpey^n?Cn!robPtWk$q!QfN{&
zuR0gBOw0kXZR)N4=hf~WbsjI(Hgz5sldbws??lEK^4Z3(oXxPor%bhbSL$21?k;z2
z4afwkef;ep|L%Tx49^CGN|sEU;Ex~lcn>UbrcQh+zv!k<B(=WtQPCutMhqf~(Lxfn
z+7Pl&zw-L8+*>mHWv?1H`ekX8`(?e`T`Gc&vRf0b*B6GfIHQ`-;~;LV16PP(*a)}%
z!-^#-V;#-7oTr${6pCi0wGk|M<|R=eMPYolFh+*eJQ%kdli(}5kIw{}Z?v}aHh#0t
z-?(Yl43`GnlO5D(H=G{SaA&7}QNOZNtvRJ>C|LQSfK8YS(>O$b^4j@Z*GtBh&a@mx
zf|x)px)L?=mDSnbuQlBdV7U|W=|A=Gyc8QM`3;c;$y@qBsK^iWH7$<|Bmn~Xq7!(W
zOpj}{3rYAPkh@XtbtOR76tril@i4`S=3-n)(_qKKy2tjhXFFs>Wo1D@(HrSYaMen-
ztMW&y4pnYVaSZ8spS-UP65#JZr)b~dQuC@m+55DSqh?rA&?T7`oy<fsjZBc$NUEor
z>x5uVgUKIr>dbV&2&@w^e#3#b@U5{60;1`Dg+sB_xX;*WEi)xNDlJVpjGe^b7h%BA
zj<fBu)Cj?pdoEV<8aPFjO71$SE(bq=kGM9wxcoZA(&~zqrH>)zi-X7ehbJQsj$ZC=
z?p_<Y5nT^MkLTFR#`RAR2M%k`4&TfZCbA}V&f4%c!!z%S>ZJjYg`YtY>7jycJr;kZ
zlXhqA!@kFs5!1%Qf$SD}qCU$9UFH7H(UoLZ`OZM6`R+jO!7KZjXMK%g>0;W8IuA4>
zD(|reca*blFUk@ANFB-+*^G2&7vXjWtzuBM46s8zk5pJ`DY5Z{-TLQ#U_I0PKE*W>
z8FfxM{9~_a;Sh$wtB3ciuG$Hism!~KTlTPqxr+lWMuU5e#V`=&2x(0jEWX3+_LrgM
zCvNS5haHtzQ~$8)LHPul6)|V%43^}U*2o<uiG(pn4j|isr0QUU6QVrC7u=IR#<I7l
zX26o1vvRd8B;mByLczF}<EIQuq&)tp6%Z<fO8w}awu~5S-ql2}(pi6KPjjTOb$P@I
zmOdC6!ihU_!sJBL!WFI2^P@5^>tjAH$1ZdReac#!&U%=a`*$zB;n4aV20t;Bed<O~
z$A=@>l`V6GDNiu7xM?$(sC5!?TkfS?6KHO5kbd?oLOfQj_vglB(5ssq_#o22SR?{p
zpcYA>z&3Pvmp+rtfDUWIHVL7=Iae(|fY$~bv;HqVH!c3gZ0?I0F>aXgDZNRCV6ERx
zpZ<|2I3Ex%ie4?}um6d5z*P&6wnxQtqVrX`$7u2$r)ejNc0!z#cgFd|$NEOe@k&`9
zI44;A-0mOI<I+$9V|Fi#xC9oyNgIQeYy6G#oV&woxpzONoUO0m+ad-|*vDSwMpOOt
z#$55sjMWg0Dem-@9H2YCB7rhW&%%WqXbNkHLZ4^-rIvYBsjJ$erpuV-k^<jPa=BU;
zpytw0Z;WfBjbovTI6H8n7#%$O*v`k2u}pKiCUCaJJrk@gY5I}rM<O|F9hr{~9WRDK
ztx3HQc$3$}%zunO%Ck3XTWOJuZ}amTSlyEcap20~kFgsw_4<!QK0bl0I2<`|@rDfZ
z;K<!AFl3yV(oRfir+!cwf34jlR_5?nR(_nFGPmoPO(MqQ|AoojtWiYT8rtK>!aVZZ
zfSO$`8Sg+!$w`nZcF=&kj9-$O_Rx|zIwbi1oS+gGPJmT^aPgojw9JgFiG4KMsIj+X
z!;n(Br`PRK)J}Y@FAV-De%YH2tc-<_&e$M~c4@{RDV?F`67Xf&B<^3tDmuOx{iHMf
zIjo<khA;&_Cy%)6(XC$-h2CT&e^EvnY@Hn-W@0t5p+V6wVJ@yWKr6E^q*mG}QJ*K#
zugB3?Nh{EFq!c!bgQ5&Kf|MyY5T=&1NdFlx&tFP3lEI$>ck(VSGk!TMfVFBYd`Oe#
z%jxlaxvn)S&kXO6_IG6A;~_$hH;PBw)wc`tii@a@9ZQ<GBiTRw7p85bP^3$D9@VCN
zALfNt&KiquAk@@*cz*iqdx(fW>aSkgm{tisc$9meDIKni7kU{ZGRpj~kblUvqt_XD
z^&kF<^n4uE``|Um*pCy6Rjh%rU>1#rF=vqSI{szu&CU*k$nJ&+M%7xz@uVCH4R3l>
zZ&#*@kIhE^qgT~=Qgu7oKB%sV%PoWsO;a^0y+o0<<03YVs>$7*+nXl7VuY_1C3i^x
zF_U3bm9tu?v;v+)!LswtKW!>HC)ZG-xKT>2x};&iMO}^CBm1c&Rtxto?w&@Hq(Uz?
z&2r~Qp(D@f50;OLtC05FZCkX}jNonUzgH$bnv_t36)X33xs`ty-;d{PdB1O}4KIRd
z%(n+ytyO&Qx3vWL0uCjg?2`YM&|KXi@gS6EVeo^V61Y?(zmGMPCYEo$j$4V)@^pxp
ze7bpXWU~-m3kWPJkX*|tp=q`>sYZ6LnmN9lnTi!y6}?*_u?{i<ocu0iEjMiBnPdv*
zg9RchX4~es+2xUf@?{S&9*$@}DtoU^DWs%!l^jsC)@WiCnYE?A4C6L#?IRzTUN4qP
zHZb2IU!hNXiMXiY!R9=?J8#?|j8!X#aqs$TgGV1`u!z=VG;5>ucd?fIsw>Mouh?Pd
ztK^2Cte0N*V<tLp5cb$-Wefk*OemWBFp}qU%457wkTsMhDerl~NKNy@(>{5flN3v{
z2o@jj8dmfPt`71MRAU$4TD(r*VEF{w)YejI=Cxl~n}duQ8!F|Ro52Rd@pN-iz4xx|
zE|<2OC2R{{mp1IMH?!$)gRffyoczJRWq+*b#F<U?)1Kb=>ek4A(O%uEkckZiC{q!w
zbgq-*wIJg~Z?PKbCgr}0RCltB1hFqt1RXBp7&cJ{(_4SvU^7vPrQyr2hDlIexp7`=
zwD6(5vmRzupKK`}JgZ$Y_j}QGAQDjj;tGnM9`4jMuw}QIb4pTY1rg>y8*_<;cNb0!
z@@-YC>tZ2p;mCdWZM5LTOyqvPnmj&FW8dW8kWzf&br{Y)Zku=TP<V^40>-@o|MU6}
z+XX!^e10;_d!XNXW}5AY!Nq0*6c=F8nY>rKw53rd|1&r~`a1=qUXTGaA<8m04de9Z
z6$`v0{XZmhX5t5bZ%m`;l6<dpE=2-1L*>bWi{4e6bBwYH0QtWu3>PBpIC77eZpFIJ
z!!if2YR9`0yK3kC-der8M;sF(8L}DninMliXV3Xfd+wswl*T)4F6lk$x!((K%G4`5
z@NLVsdAImY+kBF*X@DqvMP0gnX~50_x)nS`1VVpGuk=~#O0P6!La($(o6C7D_F?Mb
zz%5-FY<b7FInaVWS)jRBd-<<EB>v1qXxT3^!J8i8RpQP}pk|AxF1_Oy3m{=JI>K@7
zPWN`}`O4TZ8CM`m5Rs@wRbfVdaJat2wa+oRu|=~R<$O52IgjmwPt1d7KvJaa?%Wp#
zeEtWUCVRo3{)0_?n}2uRpWpfaCpLK*CjIP6{NJ!>gAVlT{|Ad?1EG+v7|WHl{y)^i
zit-&@eXq7m1z!bJi_@)u5(pC<&2Fty&#u)Pdop@<baFBN=-}h-;qLSG@A6=L`EBcG
z<na<;&9w3D>Cj>0+3AN>j@r4G(I3a24>8guu$kJvch+P)m<yGVKq$PH^+yD?%hO87
z9lV)K9DSSX6mw2nE5kX?B?l|VId#@B6wa>p5+|h^KL_D*z$zI{+uVI0H*Loln0o%Z
z6%G%83mP<KfXsYg!Tp`V_C$Bf+-9aft&aJo(gFFwq>GFju7Kw8{Z%#UHjP@A7-^1z
z$(+UfGtTvR2YHp@UibfnG^|VaV9b_O*0$)~#t9_xCk`MxL6ln1!!siM#BgK9@R0)3
zrd6Tfc?g25#8aCJgyLEc9@8w4@&uxmK&WBMb)vSvwFTDP3yGe^lfK|?X2>C{GKeEA
zy^s=wqu0c^iSb5-i)zCs2W8&0`F+OeJO5dORv0fd;M`&42MxbEqgw@_L%BXx2{28!
zI2>SFFM4<(rax;;(*IVNr1jUJz2)@H{6?inn218SN{)<lJS%qWjl0NZGD!a$IV_k}
zxd%7?FVKNOp~A(oosxt2BZL){aepOW0jIw-%M-Q1x?xfNm7J8aUB9CI82fX0wk(_X
z{8$GM-&B5kKK5V0P+Zz8#I_j8ZSBNzb>VW?4`WLkh{>DwPtGP}^izqa*U-_BZsbsG
z)WY(SE>;Lno^*lFf@?HnKJxVqcEj$_?N}_PUl?EdapM;jj2Py}^$LKg%siU^k!lEe
zE~)>l&Re?-E~HVCiG>jHb{iJb^h6JPb2H5Wx1;7YE2X-V)9{cci=QQQlS5-kyePRO
zD(#{ba0ra|{ydy7n=yNcAb$rJFG$m8*gdP%t7E~rjbi)0JTKG64!#^RCrVa1P8`Bp
z=@)>Ad{UJLuIA?1(<B*>x9Wc0phm8UIXGuYF*Pt2{CwqXF{N}7rG#wr$Rr-}FyfpS
z28j)@vZ&81x93j7Q>Qop!xB2;iP%IG(HJN<Ogp9+^X{5!SQVnP!CZ=QsC`ss@%yAl
z(74N;<Jn*Os80A%wV-6qt;Hj+hqF;FGgN#IyByZa7B#ZRYW$*r@9x(oM`{ar0)>=$
z(;^1f7<GI_WV9Wz!;NU}=p;>n`4h{R044-aCRC>Q&4jB9QktYF>Yz;R;G?qeIwu`(
zy+~c|FY7q=m?+LW7ew1x)NEezDVdnKS2+xhr+2@H8$|5Zs#^gUT`~XCPXfQ%^nd6l
z#ruELPo~3v=qF0^zv-tS>z97uMgI@_xj}cyz>8NJB%&D4;7x-+eV6p#xLy>&UK<Jf
z$C&QJ?fr7StsCv~2QhMM%}MQHk(dcl0?qsm_cCk@ynO9FOd1nbj3@>#W=sT4<o&2X
zmIwV1@r_2&n@BzEr6{Oq8r_&+<$~t;{2x1l2i=yDWYImlkt+>n2_!x!QP1L6HFg`^
zPaOR`{+8)CsR(zz#ZwN>kuN7yi`YDm<?8%6(~V+fgkXjGwh_DiUkj>Y2=?jmNt)_n
z9kiffeWKTp_8yYxzY$_KC$&Dk_nW`1%J4fpr3#HicGutV|3gY1|0gLm;5sDNQEDmu
z9fIzey2K%Js-IJ}=_1kPl_J{5*1uB6<9b}m7+*$AueWxzsTSifintd?>gG5$%%;vc
zkO#SEH-=7WVAu0#L-%s;QeYT;+s8{^_HI(VI1Qap%ZMgko$cIoiF8L`!THD&>sFmK
zgbwTv6SqcRuU(O?xEgQzD&P3p29;U`0lHDF=@jGg?rO=lxs~6xLDIk8ypTatS&lFz
z)9y3bxvU<{HugXQA*vLrZDH;nZ>hqh#7e-%nrEMrn(tXHhjhk$`h@MBroVF8t?P%!
z{*2t-vrQ|o4gKm?4*Bw4+YSBt;#%9yU8;Xz|BH3t@2)DFq5F7(mBoB)8!d~qnL>s?
z-Ow-A=(LON#T*E^nhE)`wi6G3tji`nTgNXP-wA{gX^?@8Cna*=Ct=8{0#j^FZNk?$
zPD7EjuB__0tZ05@`jXbYHqoB;C*2eyj0h=gNiYCL_r=!ugwFK7b^EIPi^y`cz2^a7
zzh~PM^srsmoCyVAEhdGJth}wfeV}G$Y4?%ogfY>f0RLzD>&+z5I?oAauGgsHS<)g~
zqPW*>R49|weAui=wLb#XgR>)2J_ikY?=&=96Dt9(xd_`rg86WE<PTHjIl8K^JD9sJ
z=(sdUtLIW*PeWcwzcoE;<dtWwhW2h|vq4L(%9o^fCpGeIVmcX^<PeI~Dt8OlyyR9V
zWZT~hTxxjhg=LeYE9;NSu6XbrUx{np6|ZP5#4l!anK))kNTvG_3PJ--%{rZ{4GRJH
zq++Wc$#m`TvixY3uNlLhnH92gF;~uBLw6Q50pkLkrj<HYS;Nwi1TBgbpUmJOx+Dok
zk5bgYsQ|zFI`g^D)Z?B>hgQvV?8{u_D}UPMcABDS!-cPZM8082pn9^$?T1M7DeFeu
z<~dS+<prA;)7;(NU{8y0Za&_1neKwc#W_euGPXKP#q^|ct_^{Uz8>aX2nskmMnPd4
z{D_3#`~$*TEp>PEqILSD&_HC+tPH>tO{PiR$5NhoN-7BG3r*p+len-X`>xjEt^|m*
zJt)Q>SXOl9i{NPUp_tIZIIPnBAx4@DJqJsvjWH-k^^>VIs4|(ZWS;xP<~BAO)0B`h
z4^B$a*sI^1zms%y!mjz;As$5NVS{_(*oTnJvaO)vV-$_kZ=rCjXHd$Q?K*819aox{
zccRFO&XnzOxaH>o`OQJU{m2B~lZ3g<vMzdOmiUd<!S3Z~T{$<j_Q1BA-X1p285s<l
zItUG+*(<J7+G$0rY~dz4toCz4mspNaC40D48TE#>_5>#(>XX~hU5g^xtjd+^9{u>R
z)D@3^4i7zdKmX+JWLlYq_yX~+=C*HSU;*2Zv23kehSm>Oz~-JuHnIDD7vr-REuJ=+
z`}f#5h571vv2pp?m`B3#j?u>UB4cBJeb)Nt>ErFHy4Aitcy>z|o5Qu3w@Evg<NeHz
znGgMw#yhfQ-J!VR_3M<I*sbl9;iQaYX5=yY?r2x4a5p$HDR0qtp+b2P@0{%;^2ufH
z8F-z%I-A)_4jaR1bckCzj@Vmnx#t&CJuGz6KBHi>w5)-&$ZCLvTL&|(nr%JJ8abn0
zlY*sh0`UiVVlO?1yP0e3tZ3qWdJD_S%GLeWeE0}$jPzaM@p;nk%KYagEL&^xFgXi*
z-p;Eyz_Pno0E;m$i-cyw@t|X2L+y7#T1B~fS!50<dIW&i7<}~JW~K_BS!@i<c9z2#
z>utLAMuZyucJIIYEDn%3h}Oy2+}V5Xm)pQ(MRyVrZ2$fz(2(Dp`;7yspBA7i<h*ME
zJn!sL-uzV0On-kReBHI@9~l(O_i?B~S>%lY2{~mfaE?5FPj=U->ITU3?qF56ruP>v
zjOG0m8{-#miS>K-l*W+vzR$Ss@I$?L<d|rXf=7C9qj4&lGwu+x&RgQflK4B5Nly5q
zR(OeJf`fbhRb()b5h)RUhktJG7h{%u^Lq>SnwPC29etDkI2(@_t?S>Tdm^nD^_KCk
z2$l?>SljHa2GxM7mMmdLOsQee{0ShucZob4=%--O^jXa_hT$9{@15<|g``r6KH;!m
zdu3%@PoBEXjZ}Y$uC<iyTg*J{5Uq1`U#V<{lm+Q(^(wbLJsUX>F&=#yo^lAI@3!`W
z9dEspkd6`s7o<x70%VIHd2Q{Ro((>zg(-Abo4>QOrbe^_ie+hN{>sK?6MA*3@!Six
zoxPikUtMqdrvKpmq}9Oqj}1*5*L2!QoT&TvqG-P40QHqMa2msc55?+n*-@dNMsbD-
z-N%4Bob|T@Dyn3x|HA6cD2oyopqCg)&U#|EXzLx<ak&#ayUA(hYi4NdiyfXDxTwzF
z@)F^XG$!WG&SHIYa%B48&6*t0%fL?^FW#AZZ|e+#J*Ho4(?`xW2ZFKqb)B7Qm2JZ_
z30_HmTNfT;llO_ck4#unw`fLmvZJ1m!i{;jst_u9`b}N6ujgMDW~zH}nPfVxN~RU9
zt2XA=l&vtch>A7u0Xu?W`_%oz?+<ZJrJbFKa&_IVPVu_>!!_dNeSvlP=Cqkp>-~Wl
zQn2zYqL05_TQ-p?=(3?mcTG1Auwj&PO1rdC*VON0zM}Wjp{B&Ym$Qu;O*Soo_w#(Q
zrLPKvWvO)?Bg)OZ!o2+Kj(a#sWsPRj^azi}x@^c#FfBN<pHfB``vSGsdhcF^)7fV{
zk;+{%ue}B2U2_o3vjtHIue&LwrUtFhkul)VV=U2_%MMO#9Ii}RXt}FWZ9Nx_fLQp1
z!XBwy#Up<rDK)cAQ{S}>CS;h>M2cG%R@?i<+3F64^oJ7e-0ayf%asNu@ZI_TV%77G
zo}5zawpLu?Qp%+sm7DumOQHbX=ZSw?*_>eD)6KSI;X&_b?m=HrX@h&H`QiK}su-SR
zp5Ef)2H>FroTsmNDq|hLf|_q>qbIDX&i1&R-DpJc;bGS&+qLLtIirUopqyx8*CZAF
zP|Zc?dj=1xPt67S&Tp#$+)(YLB1gO@s(eDzBsY?GSMC0S<|sSbM5lil?<P{3G(BSu
zyxVv>csUT)5}S@FL}-f5Jxqbdz%pe~nmNnhK9oICY#2J)G&O_VE;O|upkr~ei|F=v
zNb$4BQIb+(*N(Z|W#BkS@!MOxmEG+HKGEh5u`g+Oe=VRb+54pXSYzuHK$+7b@Rl2W
zk~B6o`(<jzbS_TH1DVCNa8uI8M6WDCSapkxi*lwwe6^#QPbKn)B(?BIZ)C4f7?2R&
zR4G)=8xA}z<~VCzB!JvcDuOGegxd-)b`;-x*WipGl{OF5Fw%E@ZDGPeoA}gpuu8H}
zd~4F{h$E`B1?YZJftTv)%3ORygN_!Gd$O1`-L#oiS9AJ&(M9#;ueILg?(Fx(Kh!{@
zVP)_X#F$VDwQv{@o_b`PcqUe+5(OV2H9^}oxYOh@$88bS#Jf?tKu<Ig;@?$Z_1S+!
z4&q9zDRCYQKFUey|Nh;mF=iV!!fpHZV$F?_GxaMiHT`Mh%$%;3qpzjQpwqd?`LSc+
zNspzcN2r||`Pp>3(DL?TZSP9U7Rb%bm96=;Qb#w%uaTptr<;*&R*x&WK$n}PH~p1l
zX6sDV`hK5$!n_YWUOxW1)?Na?7VDNIE?#uq@a9gNkoW5CIA%lmAU0}i8X&P6lc$HX
zpjB5cf{=%a*vKU{!~&+kqz(s9c{+IT@^+?O{8_3OAHTGEKeEzHWcTRgS4*t^em~qF
zY_7)sgxeF)iyjLzqDQVSn3T%pFqT4haDbU-KsYp&0$!qDo1!UEr6DC^Ik6`Na7IcX
zeV6u-9*mRU{!{z(A&CKTg-g5zjNAmunkoG{W#q#8Gz(h^!KceQGM)qtwF)@lDAm%r
zsR#WyfNcLLKjU-eAdUtMdG1IzZreg^!32E0%)1A5YLvo<wqVSDdd<xYK#>!KCs@qv
zhQyb|BRF-|P(R(4J?;nun#Bu9E;m(Ay&qA`d|u6qwtJ^MWQo>V$s?W38kASONTBkT
z2~`cgAZ(_SQ_`PgAVCmh!@b#6OkVF?ktVaA51cPl-g=*O!jXvyt13*kgp3QwHiJXh
zkDm717oj6!ZJluZyY+!JwQ(%Dqx-Z~glYxgWAMlwEy#NrOJQ9erNfDhC)TF7R`cf0
zx;%2X@#W{Kai)>Tim{%GG$vGke|b_N$Bho566LrtT^wQa#k@2_X(z1R#b$SHib-Pi
zl0{>l83&ZeC_mF>=Ro5I8QSfBJ=}o0LpN5N4Bs0C06t&Uzm?auo>9t-+c;cYr5aZK
z;b>sIFf_X8t#fcVPpss`=`RsUu|37gpAK0fJbH2(Saqua(`WpVH3rH@XUUHdpvrGc
z3ORXc3^8^^Zf;h6!+Z5RJ0~GhF1Q8x^B+u&n-uX_yi?Be+h{i1ovydZ+;5}rkK^gg
ztDo=3R9D;Yi>q9p_lMl?$Hm;8&&TK9-`(-7?d~VKyQAOpb&@ny#`kJwcW?7{8@l2*
zzsXM*J85ssN$yz2h*$rw<Ee7pyzAR7{s}X6!wrErHmq?^imx;t=KCrI)hI#=F@7r%
z>H`1;@_;d^V+TcX1TFqfA~a&7Oq7AlRWXDJb!YojmlII>F57%aa_^Nej%ua>C}jW?
zwQrN}CZzZw5#_h;Pkrcf3hQiPt}ye8X$BV^8{XxW6_}Q93o&c;_o<W_Lr+#5fs~Rr
z#PUY&ve%>))HPqS?eqj6Y&mks-o){qWNfp*b3|_yOL3e@(x`!lv}Kv`kM3>Q_yK98
z4vGtcv0^=(D*xv9&-1k0&u;E+*XG90?)Q-#AMD4EAqvmx_ueVYPU67fqSiseut}Bf
zm%mpV33{rd!?Qj&Iq`jDv}&E?A+zD(0$mDslt7WNTwYulH^He9Q;OIwoKpcHslD70
zXLti??2$sby$nNmhnO9ExD2c_f4FYBwp<juR?FmXo7xbma!4)J$zyt8G=sGoT_&`B
z=~^u4DQzQrJyS|G_;&K@Q>)5O8on~kVj``YmaIR$4VlQ4>+fV91kiYtDJy;y40VtX
z^%v6}yepG7Myt3`68)=A<765r8U+lqxGe(IreOI!1+Lmg<yx4`5=1kColR)cpw!&}
z=F)U>qbxo&4=U_JOUuJn4lbPE?7Sa#Jnh{0xhr>q(dg)cGM5wOZx0eqa`-L&RMk5J
z1(qf>;ujc3m9pDOm{Ii6MUH;hb5loWYpO=?)hm;mM1l<qn_?fKd{#(@TeWE#lP)tE
z?j^2Ncqdkc!Gg7gR7VT2WU)WXepO(wbES#vHtZ{5S=!TlS0nu!yFabRFYBL1J=n49
zD;g!nDR6KMv6TSiz{4|%^d!ohjU=V%t<aSM8DPFv;JN1Qgy_vPcP-DQ+C|M>r82*g
zCv}f}EUHZdhq2vz4wAEs_}wX*DoB9`x2Ec{r>692d!b!H{y6RV-0x5HS@tR3?9a!O
z-Z;JC0Il@u%0F`?BuawVQeJm@G>i>s`e@5KIP5G+c4dXi(kUz2TB;!3897?w0um8l
zJ?5H6b5OpuQi$8H*K97Sch$L0f@G+%(ZV5ow_^%K7v6PeZAvc?*KLjE`PXd^`oxRO
zx^kI+W><7w;dnP`Ep8`6&Q|KpF1o*GMUxNDIF|3pP)L6Wjiu-u0X}LzTu6&5)DLo5
z`Cw+2{yBkhXLoabo>fVHNTEZcrJ1Xce)-4<mk`ZZ;Ym1#cy>2$GN4|%qHUIC9xPDd
zpBcw+M%34ai!XPDXjedeQ!6%Ew=q0H*(oS_45SP(bX5o4;CbEOET_Lk_v8A})Hwqp
zYgPi#I0U^5reia8##hB?6gloWFB$k71lIJ2muVKLYyg>K30+&YI>~MxI`FW)!CLV0
zx~}It_SjqAcaYQ!$Zosj6X=WhhZ%M*kP9}2910ljH{soe8m3@bC{9`*5`-ftNR4dS
zC}NKLbV#O9!fO1snt`%7E5e7+O%v_m@z6rsJT3rUl9-AgmNalN)LEAk$q@W4^|Y-6
zNM)4k_N|3B#*(X@Fbu7QPF_S#zCA4;rk;(1LpWFo@68s-o0Kf_E!HBVg>wJx05Iz7
zyE!C$omgGp0F6nHvS|_JLe;@>*d~)-1Q4Kb$!c0Ibd|=dbmjBsD&JwL)0(n+m+pOD
z<8hB&TiKc0OBv2-8yGdCgeNY!qKgM?;9k1Sd-pb!iIh%1QZs_srm>tOVZgF{fCF%i
z&3e0-wv&DAC;L&%HO#C-*}Ohs!IdU2M`=RE(M*wM^5oAb5)9AtHl3ETeBSI+E`8xr
z%DwXzV9VUHMz&~F!){|#%gO-eHwRuk5qwn_OdLXh@lyq5U(`=&R5>lowhWM`t{i=8
zcktn)RBdim2t$ox<kD`=W?42L=5%;JN1!q(RC`}ze#Gb^9aXvOw5~W7e|&@z1s&hT
zlrkH-xz&5|;`yx&e$QUszu%aeCMG`IrT%erRm>#zY86M^((LXt2xMEt)eZyQ@L)(x
z#R!cyILn5wYozSdL+>#mnd*jTlivP=hMjvpCJtM*D((YpN!&m4Bl9$8vQHN49w;QQ
zd$iF%5U4`KoezFkFFto`dcbQj3dd@0jZBSw1UHkw7Ev4|Di!b0tl0|J#s-f;0gXWc
zjzOlf8YbQ&YeAn^5&I9VP$Gd4HFBApil=?`9%wA71ra=nk(R!1$~<#}v3!Qr_6#{X
zIQ{P&i?+t)L%R~8&D%e|WC@c%kkRo%<_mmGDSR^b95*}LeZF<`xegyNMs*!tf83&)
z=~D)F3~yx>+-fLfRa*XG{UvPGX24}E!D7Ot^*W-QvxvTuMPWF})N}tp|7xs15IRGm
zF1*U7e#;2Tj(d+_=RJ8C+>hpRkqwZmu536RB|=%VdgCM(MKrs%{lmoBF{;Xd)63Sf
zA{Eju(B399wc>Czm5SRj9VcG>QwlGP9VqsD#9Ep*v+L4qD5<2XWjnZvPn>0@>#&YU
zc0gQ|?=M|<X|;_{Nu!gPKYa4g^E0PjrE85JQzC8U5mDqpA^H;}`z?j0w)P}Iz>Ms@
z_ISa($-ZO7u!sY4?fCaj1UJ?uQu>LUwia7(73K8M6U6qWj<Lr-zWW6!ju`^uC<OG?
zY=9E&dan4H{g6Ir)nu~uUOsea<8UXI_k(xvB6AuL7c^RH3Wk5vwgYz1Arx5tiOLj9
zWo+u)F<gr@TqMao4pG;z=)h;{A*mB-kw-v_P?|8HGq#(0wJYkG(m0Hs-v-cw%CxKR
za*ScsJeEDQpC~z#`^Z*X1dh5ur*8H)7KUxtk8NqDw>@Wp`B!OFW_MA(yq^X1Wse38
zN0dr05BXl9f$#;<VkGw{m;^FCL2kq{$*dz`L>o-{Cll^~@ojDF;`ux#ZKd;RBVlc(
znWJU+DWw_u{1YUG28cu{C!&Ev?l;7?L5=__2dP-huuy3RNe2z%*gnex!o<2w)9Njh
z(-ddl3X}eYbY5*adSAQ`Gjh?x&&#1YP3>3w>>O>cw$Dp%D+i{`X+9bHTAw$Na~#{+
z!1p;3ci*wVt`CThCFGk+-IgAXy_`mivNd7^{hEONhBY?len&=xdLx07SKN<>)ml??
zstl!%<p?(g5Z2GP3$+1h&={*UdE`7jGZ$L4rP{!I`K#(SHC<1IPUfuunkTp_O9p?m
z?4j3SDi=BYXRNZ~>Oz;gF5)K4DN}CslMT4$&2O=ZLYk*dOmHM9EMmoI*ngI)T^d8d
zD3bg;e^L;z7Ec8nZUlg<pjI9&Ys$3oCQ8$<Eb)8|m=!C@lLg5T)l79!r3|r>kCj4`
z)rMEFH&Cqm?YyTnOtfn*+s8W}X~ugQ8y}-uE@C+lw=F`Z!G6v_nsmvCR8HQVQp9Tf
zgmhf^ae_Y-AO{ZOcJCMp<KF}=GXb74&nr+N-uqUh{QwZO-UI!e;uD<$gO<W}pkM@E
zHE4oBpx_0Rqd+LufPxd(0sxayZ1wU<-y+x8IJ0bC05aDC{IUo{8=!_ynQPVvG_*R}
zh&%Zeto(r$5xheOsMhY?yn{g+*MLHs2s+HQz={27Tb$JGKm4?<1o(A2p1{#=4JHp{
zh;TrT>x(ZyBI-ebqXl5B;|Cys;`+7I^75Fkag+G6oo?gb`&nA@2w3}`ll|G<q6642
zZ}YIVJOXys7Gxla^x0V)TK(-gDSLDrfnmn$kM5FS(25M9F)9L2dx-uT*!IQHzKZa3
z`ng*93%JRvBp~g9Lmt)_4_XkJ$;-Vdt#!KM^p$>+8WqBMCdRm7K>gGg14BT}abif1
zrJ$q#fdfK3f_GIw&;bx>A<z?P_oJ|jrxg!V_%5bHNdMf9u`BH1jSj+lx?87XDB|tu
z1Sc`?oxNck`|w8MY1`&owU&Re{Cm<rWGTuJL*NS->IXpew`<|5#7<!Xt=eo}(nZ~M
z`lh?gdG)9f7rg$XR6cO^>d&jd#ZH!NVDRE!@gp}k7?03Q4wTo4ly3rconkU^cGc*u
zZ2^rICmu3l08JLfn_p88DGv~%O3~LZKP^v)7~U~ge}{D-a1p``*ifJKg*&_!Y?!H(
zz^2W<5xY1Btq!-KyW6_^);Tq1jIuP^P=Ki9OuIfVMCPC=w9gU0z{GY}IKRNUVmam@
z+OSu9t&Xc|b*~^=hB3?y|9bzje}1MdPFrVoZO~fJ!3FI%E>021>@=|SiKmcR#}$J&
zquIKH{Hj(0ek)e}{HqMpI`-iJb%Yjw|FmzwkC;GXO&w!}?AX}#v1)-e|0VaxwZMh;
zX*@ziby!uJIXF$H1K`j?VBipLbOZy(SBFzDhE!d}WHN>J2)?wJ4}vFhDCq-mZs{8g
zVBG8Ygk>12c?AJ6OXY(J-CPgAq883I1aNEFd!#~(GL_<s<JO96?1JX56*c1%hi}{W
z;P+i$=tt_`SU0=Pp?!_3;sFurf3xcMf6v<~qLO_Ofwcjz+bs+ak7N=G1n@6}4u;wY
zP*!kT%cBj|HB~40XE@%B-!zAY(}%z=H-*`To|aGB=14psD=rL$A(LgT7Z|`;j@S2g
zhsZIO`PRo;TtPNtN@ARXQD+B7BOF13Zig})d^4_4{5Fc|E+#4WG#Ju?T2WF@mMFlJ
z#Ji|3AT#@I&ythlP2eT4LS*D&`FZuQ{CR%Z71G}ZpAWrb`$`LUkGy4-Mwz*Ne;7#!
z!h1^x`GS5%cl{Ihq|eRu_J)I&&P&vIcLMpU&xPs-A8Yz>cf_)fde}!s*;^Q~tVpn$
zT$+8xbgVPSif;G<SzV6fYEjcf^F#eOK>4THthv3wo<i*r&8;xn+ROyyTSEEx@d-6)
zwaD<EBCQo<MkXkK+U%#r^hM~#(<Y!PB6j_*uRK+u6Ng(3-o^C7x_D4T_{wn4;?7eo
z)QK+c3#vh>|K76Sg?z6EWGi0Y6Vc6X?_>60R;<q^aNBeXZeJy@3>R#NV5<gbOAdhx
z(h45X3MxlT^Jj}DC{(UZCs63V_w~i^nVa7G(8d2ss0@eBOmNqM6>T@^EO27ARz*Ku
zReoJX4^zdjvQ+6fi4LUuo0?BJ1f`7&<{YKpnC~n%p!EmM-!Ta%zydur5`<l?^9Y9n
zqWD?~j)vJ*{6|;x7(_tnP_@C+O*9YQK|3uRmJxfS!5JqA1ih(6Pm77{V`K-DZBGg}
zOXC1xsRftG?6G%iZ=JF3u$gW)xEGnzsNe5n=if_QC_#C!Ni#o=P~JK<0~<>n4XPfY
zKn&xJP!9NKIvJb*<0eq&lb;n&oF<0H9JEl#V61%}55g7(%pb79$ojMiIPoQ$TmWME
zyXAwp((NHJVp)6X(K3NPHP~}6?dDtA(a6Yit28u#KKCz&7AoX4B7f?5)5!^*spW>Y
zvUaEwP%u}f8cExefyzK<Dp_tj(|0v0z5b6?YNuwP?kaw6AAAh2wr=>rjhpD&QH)Ch
z9B<n-_h0*e5aL~Ex}M!aV7P~!KlYRZC($D1hUSv_ZjNPqAc53kZ4Y{{cRq{<-R|26
zZgy!20sB4id3`|IM_gl9z#t$x6$bl6`2@X#@<Bk18|+i?5bvwFzR|GlA&b7pY-0qB
z9R`(*i2ZHsG`qvx5Y*8n&sM@bp72c0ML9b0Ghu1?W<&5W!`u|*if4e{UH~eAF?MIx
z!~f(5)di<vzgHKj5Ry&6r|8Xc2w`>QlFEF&yxO*(^^h=l(SydH_U-i7v}}Le-$6nu
zpDcmdeOz>>Xnre_b@kwc)kA|M{+=j9Jpy}L`sgKNu|V~exZ)JLswaiFr92UPy^A~`
z<s^Fg1_=3I)6(o4jlH%mA`UM3p-yemvBmR%^=GZYJe|;SU=6lFW2%$DZq~p>o<SSq
z2oa;-W4Mefp5TIFPT~xwV=yH4LyE5g{{9%8BXGh|7*L{1l&0_-!*qm04CK<_6(Tep
zcqgZ4f>mq2es_jVC=!uwVSR>L9rA<)Cf~e|q2Q3>F4k_Ui-2NwZt5DG^Oyy|Y5AG3
zVFL&f(qa9-ztbdqum%Ey*fs;y`!O1U<=EDc=LuAY3C2O;5h1QXZX_w()<mL<;fF#b
z0^du(C-|-KWNBpf2nR}`#}SwOPPYKqIr+V23}HYC6koq>7x`laB);Jg{j4V&qsc((
zh4ncKI&LcoUi0HF<;88vY`8_U-SeN{a1xL!E=oIY1+EsWVzlLT)+o7PG*@Q{z$z!n
z>jIaWF>%4b3uF7b<Zj1QYa<5B*s3f%?Y*i8Biw>e{f`{}uRK1dKWAC?0faKG?F-_#
z_JA3pTtm*u@i`AAK)CwH9fwy0CySv*tfFlY_q79I@Ck=%H$QxPe7mmyp${^Oz-iEZ
z=a$6A%#=B#?Fu2u8vG8e5ORYd0#$6n1!5<M7t<4ggXNBfhutS<5af0<pg{A2za>Eb
zVLes78oL;adkmjglAhVZEQII~I&G>3qJx<k0pM5(T&W0?9iVKcdu)D=vc?{=hEdrp
zkZD^t-N1YXt_p^$#GH3*<3><FB$%WR=fP*Afr$Z7*;H+SX(;R3N!}j@)@@2Z$*2xz
z$PSAM1Q0XM14f7w?9y2t-+*Ey4+}<$dIdfogPYP79H~CAkJRdHf_9m(m~ALPcri#H
zh?X<lp9u5<p!POK9$r{46u%0tN%y}v(E);8R72H|sxQ$Q*QCX;yd92s*hg4fhaYFB
zcoqB&?a>KngWg+NYmNs=v=($`6>_4QeJ;F7m1`~>#)$|v7S@TV**Fi`z1)eYho0pc
zRmT-l_tg918$jFud<&U?-Q$&aZZIMc0%YmkuYw^14|LjQ_4>+VJJoxjbh2A>tFqTW
z1ADF?!TO86u|$Q<b!oz*zqO3ik2eGYZn^*O74$+UZ!|Q)--<WGLHwcus?CJ<`k30n
z&C8HtMkVPOhpm<WDJ4eB63O4v%;Iv^s8TzlEEkqcJrbd9%uHI({1jv&Cx3hK{d=~o
z(9_Fo`ly6xe1U_-ydmN~M3)hE?BRXDKJF{No*<<nto<n!;U>6z&cl%a2^}LDgNeK-
z%xmqlhPg@$>BBCAIh`H*tE(~Cx(9RA{}mOpO*^*vXCA+Y7yP+VqiH$ovI<S`q-thb
z+1y6N#3tAMU#glFTU+{Ah}iK6GRVlIG0w~gi|K8Ed;zK=nwpmIoxQT*Ohjn(r2mo=
z)2N3@IfxZT9p%z($lo*G|8GU{h=`sILVNp9XGShwe7HDMr`9g_nhBry@QRqxgc&=M
z{iB^QT?54eJ-V}~HkG?DZ)6f89{rFfat!e<K0bXrXU7-5`_Qoc|CHCP0dTy^ln7JB
z3b~9H7-rlm5bSep?{@fK+`?Oyn2Do)>ASu@@Zo}P7OJPilS`?l!x5@HgMXZKwz5gj
zx4MLYQ@517ZJ|L%%8?z=-<TxlW>&%QU{^xBSk{EQ^`~;=h0~#JTr(2FEMMrIn33yW
zoA35i8Bwtl{TUh4d~q5>If^Gywtml)8V<g``hT=C9h1LW8Js`P^b1;e^s!QY?Ftzp
zmuAH)3QxR^>m>%d$nh1w>*)R#ACZd;&~6_v<@?KExb^P$Pt2?`*~mo-SlA9-y{N-3
zH7N|XT0EOX*Ca=js)%1TQ#(eQ{ij?77reVBoBPl51}5{FUwaKwuk{g+YGXhSdr-!@
zm3bZJTU+-EC6on!SE8jrRT(jZWIm9^v+WUrrATQ#!AiW;U?NV|SiDq`R){m1F#GqS
zSWF|tiK=rJ?o9dj_`jl{e?R_v9Nqtl7+?I^wY?7`%!bPQ_Z#csyNgmA`hA?fKJ>pH
z8(}I^Do1n{FI_N2{*Cm!|99Ay0=VyYlxWv~z3lhROcaYDze6ecc#D)U7s{>vlfqg4
zf2X4On*rB<#uO=yPyWWsz4*?Q0kqp$bQXXOYiI#JV4RnsK)m%V$@l@nXutaTJH{kB
z1OzRFZ9zi_K55Vdfr3K`s6>HKto#Qgtor>VBiQQZ5<W#Pv2kTvJ^f^U=Tx!?#2Uc{
zPFQMIaaFWBTk$%16fJ##lwmzW`lwd!T|I&U8dm;7nh4uX)q(MSXj+_AZQlHJEd+UV
z+wZ{8Zoe}pGDJ9_hqVP~py9Ou{}F<a750sM0L-aiNGQpJ9f7w+32^*!d~HK$C<9<C
zUCgk+RSLI3IQWkGV)D~y+U+C)q!1-yS8R;Z#QjYcw!SzVEj+n#Jps-ZzkJTHYwCT{
zXRyn)09}wGV7E~;j396oQc6IdIDWj}OvnPjo|5>2yFEt%y(V-8S<ma(&cZ_TZ}GJ_
z{rmu`1N(!l-0c|;2oMy$?a)EzLFJ90fmD;A!+_A&1A;J)bkBj}$9JzF*v>B&#ZMLR
zbFYAe&JQ|0`4gT$KJfy(cFE@hH@_UW!JK=Ko$;i*Oh67G?$PZaAoBKyskd#Q(2K3+
zBhadiLY-GXcOo@ib$B=J5juULSlqUG1M!=#r_Y$x*{_0?V?sysT-(xx{A;bw-~*Ob
zECPZIm&dkolZ>TS4Vi%QREVFx8LGRB#Q0k*f_CBCnnU+a1HI5GQfckvQ3}@WPE%=d
zZ}dC+`>Z&`J7KM0z#$upBgHV_;i-M0y+s23Bi0=t`qbMY!Ml(JgvPA;ZDH8i(>+fB
z*desug@x7v!th&*H+Le2#nylVv+{8<u)}_}lO|H5*>Itqb;i0B86P%crR@HL3%5++
zIeq3eoS!~hZ!9oI!)PF8(`YbGu!~!$sSp6z1;;Fjm0x;REqVP`HTtJlVBl7b#_|`=
z1ux|*^?PhucnXBBJV)FyIcGp|ji7*uLd;yIcDMdV2r4Oh&e?>HEqQ8Vc;F(h1VpA#
zF!H9*+%y=#HIuslLYEP8{C+NPgLZA%v}N^zj~rlrrqHsr2K{a=kHF)Npd6E(eGe8v
z&w-DA)HUFbzn_B!u_`+n>}EXxetbiS0VQh|4W|tLT&7~5S$ApA1>l1xBdv|%4>JS;
zdxv~k9<4ZPa477C!>e-$C=zdq_J;tpbw41C|HDw0zo$RuMgSKZ(Ip6eY^NubF?JvO
z_GCf8!vV2FTx(<3W`M~ZXp?#53HrdR4fK5s%JBEKuuz7yI+>f6$HDG38FK`7&m#FP
z_g#zA4(Y#dA_&JW+B6}wC=p&?tRd1|J{Y3#S$xskiOm2Ub@tINS~;#oz^Vrp10eO7
zd~{h*bfzr-9W*N;d#lHmye=}_M6v!ZQac+W7;DjwR-R5>wdZ%$J4P-%_9rHb)WDPT
z{%fo5YNxiaGH)1dTA!QqxEas}T>%#=bsyTbYmlu}KQ1H-dLVc>uOIi%H;6TB&W1Bj
zR0@kwe>RBLN`M#SAz7eJA%M()llT=rHt2u<kZo4?;y&rWdGdH>rSRKz^ga-%LZLI}
zTC<{u*^J-w?w>4G)Jss6T~O6UQTNWzk~oT?1!{jL;NuBFui*kYMeNq)-b?qcdPVkd
zNJH~BhL4B<XO?X^#NY(WKazl<r?D4)QsX%U=1|&`FY$5^PXlq#O$>ylLRzeF!3q08
zt7+F#qQ-mbT}NPF6~Rqc*g=}DLt(JK=-J#{U})T{CmsLY1i@)A?De?5@*EP1TjXod
zB8(!KJwr{&z|u&8s*A@NPJP6k0Q#1M3&~Hl^x5zbXu%huh5V29?kcE`plcT}5+Jy{
zyA#~q-7Q#fC&0!%Nbun9?z*uMEE|HmvvGHK=kT3huFlQ5r)sKex@Kx_duGjgpC-BP
zj@vjlBeF*Q!~@$C4LUbvDgi=cG%eBo{jBMG!@F(6b1@mNK{U-~i*~LR%ulMr+&+D=
zS-?+N0t4Y>)Rk2|^r=L4U49!31faS!F|pXzbbAGYvZE`fmRipbjk6;$QJ2$SlM!^!
zUvCf$t3|&sqQ$Pk!IFMI>#4i-**ao_75FT(M(9rBQV0nexC@FpyW9WK(|)ID5P9xp
zrgo^Cp-#6-bchOCA3{GB#Pe_eHsa}M#Pf-SsH7<Gw<8r@9fZyU3g8I>QY^J1?YAu5
zz!@u6zGyTz$`y3bt6Tp!Gl`mw>)Z!qcG>8f1zSZ)Ru+_D4>r_p`NDD`LbdVLU`66`
zE1e<^id{H@3up;8RQU=`Z&6ZG(b+so18;q2-Wk>uRhQtmn??l5Vld<tVuqD$&pame
zAt@>8_ZFeFPod*5CV&oJ1H9Y0rGOmazzy4%MTnT(6<iL)G&WxQV=-CA3s$*x5}0~N
zw0rG^pY)f7qQ|yy7(=PE4|LBqu@v`buBc)R@VaSulGXtnm@&7<XPJiaS%&-M#4OWh
zHm;)fj}9i|r%*+K$C(ho*-HqcC5Qu(e0TPc&3X}lO!Uoa-~>7`1`<Czv>Z`AmcObo
zS!hf>G&*Hy5W3qCIM}^j;WOI^{B)o#dQ?q6pZ6a$##>V3XFO)9DGCyb^Mw=^&G54H
zF4UI|F{lJX!kk&xzvx6H+9}Geq5BY)`<BoJtdba*rspS4jtRM;=VTkB&1BlFeaC;N
zk#8kA!?oCC0U(J_;sT&H3<MH)HM0ZgdXuTV&VxX9w9GI}1x(NI^8<0fCoVF69*7te
zwA?E^3CM7)&bKAb2{YA%E{RXZOPBVA@M27Ax-n%e&kUda>8J#-5(p~@W7VvT%KU`G
zwnGjd%UOI?pExTiaW!$>hfsp&ZaBh0hnMijWNr@9VIa^xCF>ccAaJ&Fll2g}a?yzB
z+ff|_iHVePD^Yy#RI&HEv2kS|k~nUCd^YMVzA=|8-ZjBtCxjHoJSm9i);E+q`6xme
zC7@AUb>K#kBuoVzjyC!zp5fF9u9M}TlTg@@hqb8(fXDt^&<Tq2^NLdrk6;AhBK|M(
z?*gAJmc-h7t%JCuO?%^k#6c~kDt#o9%1VL?s4=;FtdP&md1Z6_an;5PzPHrcN7Ci6
zsF(fWQ;5F^GV(t^K+!ZX2C*O`fBNw-1H!U_MS-Yr`2yf{jkGfevO~gN%u~G6DbdYn
zfM)E8vB^LM-nOZxnUKS?_P6IYS0O1v%z~5akl0EEh&9P1ph;ZtsPUQL*s?;A#6)3>
zNP6O8Abp5u!tf&5%3yn@B5x$<U{!`z0ws^hoZ$8U02JJ050LB0COJ*gM5B~V^JGE%
ze;L~;XQ0s+HsC6uPv!$dg8IUVpkmZgu=5bk%?-oSPjqc-dSvTK(RFaq!aNRc#5!Sw
zvVYtvkj~<`#)eGV1zx!Y0T@wSDXM4R2k30s9<%qs0e@f8h#@=tOyQT0)VyIguJ_s>
z5r~8Z$h%LUV@Nttuj@9+pdg!s^BAH_WW*Ylnta-f?ksZ84*<0|cZZI7yRfdTlKLWJ
zRW`Gu#7#h>b7oukyjb!e3AZ|(r=aT^l`W|7RNL2ubGY)dp=R^%Ra-~<+-)W{BUp)r
zL@iuHn@hUO{e>`AYIH3)d&-75M_S(U4DnOcJ}Nkz38$sUG#0lEU1+25@~<zsI<?Y;
zlZ+YXUzn0DJ10VpFm;)b`49gqo#^5CZRL{JS4Ekl{GazB!}DJpSQDB}o&WpkF#De@
z1r{?X>eZ*W;3nRHcrPIu3FCF6YmLx;fN^tq>((ZN>MTN7AyTcI(j=3h%DQ5Cd^ZeR
zp_Sbs`-%>*SDGXhE#K@lCaH*yvlbBs6N{y=qc$?rA?x^_F=SUEcD|6OVVWTQRzjh$
zn)pY?-cVVx!<nfUHjo!^$q$w;CXi0<S}+ovzVzk1O#4R3GP~CD2FO`sp;AkkDqBPl
zXnbrWo@~4<)d?98-H$NE(G`c@DsFGsvfCzZ{oeZDd4QoHZ2f89(D0C6+Qf@gkA|Uf
zrA)WgfK2s{#fIt7x7<1Ql8D7n-E)f=EInXaIvxbzO0=(Jcre<*QNb>r9fMuUiwa)r
zOldpLH^4Uwb;_9z$}0;9qwtle&g?0EYt)!1Gll@1!~Y(Z)a-z@=a#b9!mJ3=%ATt*
z8t;t`pNY&|;299oVFb>-O=y9C1QM)C7tUSb%W=vTgn4aA87{F1Qfx(iq21d;{S_cW
zI==hfFE-r=Cmb`rXEl8^twQ@Nm5~zQ%>8x)c)YWFa@sP>-Mxx9OF!6|eLjA?zTDip
zPpv!{^z{WlgTHK*uR7L>7>;FJlKqa&&?6+}6Y9!n8g#vVdw*=h#m>*f$_r5LmoIw_
z57*{Xw#zN{_Lc-(zjn0^!gHJ`xCx|d>$fz`BeitaoY5?R)T`B8ud9S^XTO@l3ehg5
zuhr8J!lwZu*Xq?r!+ool^IHzIRTxfB#<NW=h)F;C<{;eFaa>Zt$UU9PWq=K`>Kv20
zLY#G*C9zguEvM@4ECs{@d})YbR!1unMtlWg9LIZE+hdnoE6wcbB@&J?6V&L($+MF)
zG`fmphqcep9U1z4iXy52?$Sq^vU9zU(InG4w7V}Fx&SD6ShGl!rZ2~SRy=lkpEf`A
z^+)utJZ_2k#E`tBV9|e(ehv=3?{99O?b@=pIiv_(YyOyuH8vN$+^+3mki;iO1vJ0<
zalbmbd$V_te0%owa+@^Y)y(Z^&v+tz-7)vSJ(64M7n4Xjda9{l3+S?1v98{p#@<=I
z=HQx2hB|kUdi>mP)@>$^81XdHna^xYl6H`~X9}`v;hjuowV^~yCQAro%6rw94MI+3
zpzcWXWFfYLnLVo2>~EU9^xzyy`}Gc#O2tnOtv{2s#L}I+OKhc{-0?T@tT}s>reNGc
ze6nqrtJ~F;PV&^IV{YgL!={()4ow%54Z{%o(>G+suA`G@Lm4^?iK9#~7MU&ErA}zB
zZ%we2fBU2<-x=*dSH5^1`}JQ(CBt7K<LaV@C}%Co6Klc=Ue`I<iKIjNU&Y$F*&Ln@
zjs#r}_(WYhyQ<^BU|OQbq=tr{xHNsE&>Qj@1W!WS*Z7wZB3w5FL5W41c1J?~9q28S
zWddQ4wnxW38H@t^OY%IN)8v-bHs1bUF2ZH<4aenldX_EmS8jga*q61P&#$JS>KQ89
zWrVL(`po0BG4Qj-u@n~LQjDrNs_s08EQZCkCC9BwK=pA3FOrs3&nUWG-?lb@7qAPl
z$y#K$1#&8o&{QfAIfKdOVv5%VtBT44Gu<5)<u~MXBM4E-W)Vj*lpvIo4jUYBsku~g
z{qR)AmC5DGA`syxW5214TP6-i;a^KwLzB8Nc)`m(w#QPf`xJT|gxjmkg-BBveK$z*
zzG#H<AUhiNN~2)ds2?s~xSARa>sJp@<aJv0fBjb(1>Qb(eRlSpJAD;s%?PlC4hPe|
zwydo2ilnzlt^A-dV#71^cBVd6U_sAZ&RJ$XQn9;xd};%}Sb~MG9_$|#mMBQ$6H!mN
z6vu_X`P<Z*`mzaRj@1STKY8-O2zg!BKLA@U*ZVITFHHGx9RdFDc}lGby37X7A+fg>
z@Q&1JmIsfPwon{l-&QfAvNf@3p7$ZzXviZ9nQ|q|0HclMtF{K}&i!f}Gs37T7W_ti
z8;{FyFuk0$UR4Z%TK0-~=E;z|uS%wx=a;D^*$JmU3LH8$GvnsU6+qgoJBaAH{pv>l
zSLM<(d&un0-k24-`kryoZmJS*_LCcJ5=-hb%Fa+WUDTH^XD6hQ_kS$Zo;aebE4^`W
z-rJJ?p)nbJr`F?Ub4#ZCQ(X*ZE*Wz}VaQVEW?(HNu+<V{KI{(_d=kG`M(C8orN|~-
zuwD!F;qfkT*J>cwpI}nAVu_dB^S;h+RRi<%ac8uAe#-c~x5iUX{ora{Hi|iqTo>ZY
zw&Jk&=a8&l@^=<TvNegocI}{FPIo}IoC7--LU!--T{JpDk+{5gAziM8Quexo1tA(X
z0C<`0P<eoK!&2{3S|oL@A4-xriyE?`=kCF|Ngg337zs{b@b3p`48XF35nccfS+?-&
zK&w01EEnLm%c{lDQE?@fQmW!Z5F}akRbfvCC1vx~-4T}>Y!DcxklDOqKz+HMlchR6
zg|UOM`Mt}I6NQ*A1T7l*6owg|p!o+aW6BtNOnh0=k!}0H9S%-s^O#LKwPj7EQgkxy
zbU1eR@z?5zYKS=L86|mvBy<#OSic!v8V#JwB$yvuo557I2lLN;xK4vJoW6X-F-DX>
zy`5l9j#TgcXs@ooH-od!Q+E@oE%S~L<Lxkl(<u%V0lO=mTfcXmNr}(c;gN||{t}--
zu0Q#}rt~5}w8Q;4{dISJN$@B~#!ot<#;VyF5L>@;p2?l&v*dUzji_jTAxY8gd>h+F
zzJjmnT7Kpmv7M{i{uQu9;C+*}N!%^=baMYR6q8F>vcCj6<GA;O?NTX6^3MgGP16mo
z-{C(C2d`P3Kh30o&NSX8qFhAYuVq`k-!w`YyjEKBK5OoW?HbSj_ayuxEb-b1$V(lT
z0huNPZkf6}EVT<7bc>hRzU_#deDc@QH-+=0eP$$mpm?sl#$kf3Iv!!SIa85Js@~c}
z6rfc+QZFBd0Zyxn|8H*a;JXO>m$oi2<df#3g$$;>-|M_!un)ZzQfemW@fdTRC7{?N
zDx`$LBTe&jrT?=p_mivNe-^~)s6>~SvIi4ilYo1(;Pd#;L*R(2=e=1{KP4wWNpTiv
zKTf~8CxbBxTY<a&sNtxFd75>9-$%XSyA9Jhs$?T;wPwnB*C(r7bCIl)kw){ec}0dl
z%1B{oYP}*Fy8u82Qg&um)_YOe@t4eyC)nWmRw(%~&0^{@uHJ+y;wQy$bP1>Sh_?&V
zH1-DD*Z&G?T1FS>5pEtY>+qqj!77o(4wTEKGX8f$Gn$A7Pw35cGIYv0x!?Tp;(Ddc
zBY^8-Ec7&*5D2V%I6zMir;56a4k!Vms@LD3r?V5pTsz<Y4^S}^Wk3=?PGJ$!k63@9
z_oa2n&EbC|n)N@wM*hEO3c%=7&#C7BxD?v|>r&(>&{=m@X*6%E7o)=cL37H*#}|tD
zgX8q6aCIc|3K_5NpMoBA*7wnZ8Eaw4Q=CJ^;-LOvN<VN|=f>-yjH{!+?2=ZtBf?@F
zwC)7&Uv7tEp8i7Zc^j|PW`Q;R<w8C%<$z2@sVN8rY?zf|<iuEc6-Q0s(7AlTZhEr1
z$Bzm`-(U^iNg0qsd*4KskX7M(B;E!4T8@uTEG)N&jm$sHr;4X`7Iga_A*(F?dYaS#
zdKu$hoSEb~$lgcoVr1L|;**`8;Y|J7Hmx~<S?MBEYMvJ%o(w{&a_k0^)-xkZuG+!n
z?X!R<$hFbUGpZNw#v2ykypL>G&h?7OE#PiHY|rbA2(>7OdyipU@h8!Nd*)i>{`F+-
zu9Xi?)k9BMl%Znt!_A*xQjNt+9W|4k*oma{hokR59VA<o%MPv~0gv|L6R=&=>mCHp
z%E4;~UXleU-%I83mz95~B!W&F8Q<$!iwwa_HckQ#3cSCwn}^=#%)v|La#^4g&fnRv
zEtq+v13bs>1QhEG=uUj7BQD{74ZyT-@+OYA^DE&zw5`NLO0xQDgTsT?yMKNbMZ+?B
z_l)8XT!I$n>=`2*JS24Bf-8x)^o)leUCyT0rJys)m@IPNahwyRe9|%D9D{70E2|jV
ztN#RvGT6b~_CG}r^wlcD`jeYY*zHD_^%&=6ytwiN;9U2F_s3#V*kVaF)K0EnJk^C?
z9ku1?QEz??Z1!RGuKnIULfjK6t0U%v#lEdBV~wXTq}-)9Wb$NXgM%IiHQ1W&_CK}L
z6xeJ1BVn(zQn7nd$^hp*BNk_$7XQMZ<YUDt*VU<+i&FUQr&!D_1U!**hH(F?_|I4U
zuo)}}Ww0oD%{<M}WoIX+j%o(D_~N;baI=bjPan7hJ23^7y5QJu|M%&EZt)y6s=pPk
zIPQ->zB?UY^vx)1UZX#HVDRB#r*>Xxh8==bqk2RF$Jdc~oR;b!{T~HVXYko{5Q#5b
z4N~Zxu_tP0@Jgs(Lx$ryF%rWF?V?9*H|!c{T>#G)F8C}@^Zgu6=hE7l8bwQ0l20i3
zJmHHr6)wEhYh46;`KvSSf_WvMdz!~3<B9`Zq2@OM#Zc;LF+HW-<p5axB$@sNp<ZGl
zrj2?%wm~K<j~ETGw4Ijqrz`T8;>SYN@?s0bbWOqL+Yn^7RU-Q=u6RceNuVxQcmpYk
z<Bw?MxcbuA3--e~SGcI;uYQ6?oiyyby&}!-5+y-~#$RO|t2HDGm+i&99DIUBw^bXE
zu?kM}&aKzO4Til4=A;Ja;J>Q3jl<ms&Q8RVwW>!rR`7BA;^4T9T{Frxgv+@AUO01A
zE^)5I+dfM&WR6X71?AXQ3;$7kP_Hz#iiihCmV_2BYfAbHc4Upc{*HYMmyZ7}!km!k
z6XUBU=}0jrucsV|eo0Ntll%J5T30~~NFST&IVXFQ{tle$i|DykwU(Qgj4gKB+X40Y
z-eH%~!Hy>UR?y0>>3ic=T_W0!=<s|BYb`&s74Ifbc0!$ICQh}|<W*+T@m=(6kRtca
z;2#)aIm;my!wM{gE8(w%2runA1|BEx)>Ol=)DtD814^@q=_0<!y)CfmfP9nQuDz^G
zc(ij$T1VwhFENSvetxx537pV0k5G#~<*MlLgT}1liU)g_kg5--@MHw583MQXrTM#k
ztyTu?lijjB@f&9RA-U=8$s}?zlk3ra|5Tu5@(K}*sb4#mDSrJ{(u=F_xZ}gcF}e1&
z-B!s;J~0Fw10(~t&)UT?_YT*KH*h(Xt9MC>JZb^>Q!4N7={Mq^)w)I9e*bhI##F1}
zp2jyrL;nGBc-z&o__<gAE>rp|0$yb1sZdnZqcQHX6fd|1gV&&{v)D(uZZpGV;Wb_#
z{Y*d~I?d(~TRvE|ZbT~Zq9;va&8YA3*WT1b+g0$b-$YF;SXyS+oSVb{*r?L5M9%4l
zZBwI2c5%6NXJe2KyuDyMziOfLloui5${i2z;Sv7>HvE7MKVZWT*zf~3{D2KVV8ajC
z@B=pdfDJ!j!w=Z-12+7C4L@MR57_VnHvE7MKVZWT*zf~3{D2KVV8ajC@B=pdfDJ!j
z!~b8{@GamrrkT%y1U&wXK>Xn3k&S1~(vdo{42ST2xDgU%+TA-_xnLpazPuiPP&p$Y
zpfK5dSlT#!qH$cPj6=zEcuKx)5%<IvTWU~9gHh#uyBWP7z!)rT_gE{1Ddmo1+4b^N
z;z7aT>e=F1rg<DqzjI5!iGVLhge{H>2y--}Uwf<rNW>k1?_t|-Xv;wun?G!e1YH*o
zkl7&NItE;tP^;oDWSD||Fr-k@Oxc^K6`YBT|1kb6WH8Nf-|p40NY!tqi*s8)oXQ@T
zh8{1t9eEjto6r1)OhekYlvPvm*n`^e>dT4GbN`R<#UpdR#b6~<xi7~~KR`ImNU7v>
zf!GL{W~*Lc-589N9l+};a&h}O;nIIqsgt``a{|ZVu^uD*N8%`Ub)+Pik;@~sX76T=
z^Fdj;;3iBdWjH1+q`;nv1AVAq;V@)9#615Rp7|-QHv#_ZX<Vyl@ExUx;2yUoPyT?5
z73oSkxwC82LJiI2vsQp$JBEXPfSKAPus0Nau!(1~#FMXFqf`>S2e_ocMb;;|#IzVz
z6Y0uhN?65+#6Y<9%+PI&P;K7jw!wvi?Dn-(ez>!NlCeJfj9?c7A89J1geJ^!v;0-a
z;j^?SADDo)Fjabwzv^<i;Lx=P4Aps_!0SEH@NI}FfsdkkSI~T4Pcej?W4*A?suk*1
zeK_~9Xn1mBrOZ`O^g^R1OqTvOU`RNLm3-H;)oo;yO5+!dt%;wWZjRDO4V@x<?<8oE
z^1@Iy(Nk)3#lBW9lOn{pzX;5!C8D|HZXasBq&+%uoK^s<3cb3I^Uaw8CzF9JY3D#x
zUlX9FERo!hZv2K*&s7r<Q>Qbw{qqy)$;?lo*c$G*WA4G%O0UctCct9j-c@tn;E?!R
zoL3H}WT#6^TBIsgds0pg?fjaf$K!<*TkjeCTUYv_t#$|<T4lk?g%gz^2ND0qpePgb
zNGTZ=;mX}!LWcP&vh_*FeL)_3sLnRliYWoFKSrErf?>6nyHhu?(U-em;qqWFZFnKk
z3{;?AsHM7;<7)3|M>IabpI@#9$9bLQc<IzgUePJU4{K-qn0!nfLKhQkzOymQkFd3q
zq?-E=P4LQ-v(G89JHM*&t>G`j{h6etc891ivhI9oAmyz##-i8X%5a@~L6SU`!Uz4v
zZs*@*OcsXWo~9Hu<ZpSEH9w8RP!=&J2`4fSqutj34AD)Q<y^~F%bO=7Ec}SWgiOy8
zh|~c3{ubS$qLETe&Ua%jkpGJ^mKyQta}MsLTCoQqy82H3XVFWtvMGg&@033n6z3is
z!(x*$jHr|Ee26#Fj*LCX8QqsFN^2QwVfrk0!rb8MWD@BwIpkZXM#_`%9-$~wMCARv
z9t*eB&dgXBZjI{*PQyvCzgU{TAcOsp!+4y|2uEZ=0c}`S5HdzsLA_Gsk@@3}phB41
zINz{yfZSk0K=i+UYo&b#bHyy_csPq02Dl)QHU4Tm-h*17x;P)_Lw?jVS)DBMd!H1&
zT)en$DHS=uWIdUM8%zV0b-7Q(7m|`Pqc@8+(<T&}ieqUlWptcnbk)xP*8DurFV+K3
zpt3ta9J3p+N#`YSIWZvNcfIO2P3kKh-0}h@>Tt7S@fJ$Y*LeZ8f!_B6$!$@d2s@|~
z@dyJd2Xrd2D7-SiA&BqNdV~mb23@0DBcS}q%VV>pVw<9(2*7HeAUyVv_pq|J{c5Uh
zDJR)nXcrK@?Lm-LhJ{5J9gwIKJ-iXg>KRrU>?DWVCi-oWH;ySZ!Qyj;E~MX6<*~f8
z?R9a-kopMqrBG|DQi5agf*y^?Z^~;}hA(o9!cq<_+4ti<S&uExxEnz`UDX?t^EjeL
zC^N}29{07thF}y)u7I@s0rU`g2S&Z1y><Ov?-65erg}HtczO8O(1h>?-(vOxb8<J)
zj9#`k3>mrh?cdn8(qFlrqi9YY8!}^Zt3EmJy){JFor1ewZ^s+Dpd{_cNWZT<O0JOZ
zY$=Kxr0cWg8DQ>ht@2inlH%x$rjqCYRrhO+clJ@aRn+Z4k};5?5s;wq4HFA0n$N>0
zlrC_v6+%)D`8JnpP#Ez^jgvHFW!2rI5x+N$G#_Cgj}Wk<=V1syUo&{$oi8KiYBmfA
zc(~T&0VKvr<L?=0RKEU)@pDD9i;1keBZSx18Rq4zybP@AkKbq^p(~W2x<4reH)5e)
z2@v0ZJJjaVpWuER2Q9OadeNdoOd4Z!d&)KW6huF(QP!Q14TS#7+adK2*%-{BbeyZD
z0Lfd8&&npZpmHvWy^U9?TD!-r$_D(M)%NU|G_3bNUJ!OVgrGa8kyB^!n<IuMq~^q~
zuQosW69*d=EZ@{)fu!+C8E>w+e5Ut^OX<|fTt|P*$BP7^56DKDP<`C(+pq!n@i`f-
z4564f)!hW-Jj+0#a4bTHSp(II=NprUs<<$Xp=Q%<7a9fUwyBfF!E*rw?k_5XCLnmm
z241)U6~RB3{O|4|y(GqwWVPBjK_K=zpWb>3eNSVqj$tdEblfr#V*Fi6{mC_Acz9YQ
zNdJCYkVs3)p-72~YtU}u#<uvddfdPLmgwUBRs+O+8ih$eJQ(4Uz(tv%#56qI$gD{=
z@<4O7N+x*;8+3Y11B1H`L8+sV`g0m@x_h2{dc4~#Cfszvn(v??$>AkWS2uM;_H8mF
z6u~B3vCb=yb0z$jh-jIz>l)Ouzdz8as^tU*6upO0tb1lb`PfQ}V`dy2_vf&Mi=ke}
z$_n2F4;xD5ensBaUK}G+=6PDFTSv7lDFzitgW2o$$eIuam1hx?tjlpzX2gmq)qyco
zGe0{`Ch$CJ2Wa#(I9!Y!p|{H$Z%Z|PAxn&Cb*LX<lpdqs^H=4Zb56a<c|Ae?d14!R
zpownf6#lN2K{d|E#wTI`L5-e{9^R~l1%#eTxqLmO0Ftn@au?-soEGBxmlE*w-}+s5
z44j6M@2lw#!AZ-X>$;{b<NHu-?q|`VYf{$!6BCqG-w~vD2u&RYG#!v41e7hWQ?Ad1
zr&eQP_0@%aX;~83$K(}?-wGFnq|HM`88!WffmNyGwYr!wjuh-`m!g*{=bl29#3|Bh
zZ=0Pr4-XT-W`BQI4AwcZYd|-&z}lsc#CXeGI73Z%N>hm|LO*uWNB@afC(lu0N)>8`
zS|!^^ajYE!X8oa&Il8?JRcR<MgKw*+rsQ>Hf-~oD@HB5Z&o1t(p?eB=#2&a$YkL%i
z&ta$I+i%{KaX*sPA^*3;DGI}&9%GYy$t0e%Y*@B%mtyX|W8T#Ytr;6AF%ULE$rdW;
zDXr*+{;3eP=z2oYq@arYPw9%*SIlB?b?J&*BORU4=9E})`ciINv5aZpZY(!9t}4B=
zi&xTNbs+5#vj2?fab)b`_|n4~Vdm%#1MNN+3S~Hr_}8q^cz${{H(^G;nLs?}LWPVL
zSQ|$eOzbQHr3tRHO@dE&p8GR6YfZ7=ES%Be?XU+@c$oAxLLDas+I81ihv?G9bJ`I(
z_4*jRfBl4X#zoYvV93M3J~D^pHW9YjSI{p>+C_Rhm3p!}0-v=G{LBmuOn|V#<Nd4D
z3F`c58jzKE43?>#KYDq2Ci1`a?l>G@jY|EJ+rca1<K^$~zAE5zQROjr^s@Dge@N_E
z)t69@HEq=)bEieTd{(p%6eG`aEecADf{B+f90>K`|JtZWZMl&rg@-<8n4pUw(WDO<
fv~Puas~fZPpX2hf3jzY-?M<UuUlD={8RGu{OQn=o

diff --git a/assets/universal-crossplane/universal-crossplane-1.2.200100.tgz b/assets/universal-crossplane/universal-crossplane-1.2.200100.tgz
deleted file mode 100644
index e0f4ceb701bcf5a4c29e6511338c0e73f81eff94..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11597
zcmV-TEwa)diwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDJa^p7gVE$b`MgQcaCX+L1$)8!(X6rm2?`A3<+h==nNzJ7u
z5D7_GlLQ9<Z7a!K-E&-B)%|<Vbx&}QaD@+&;D<y>wq?&o_+!Q*zPcOeMx)UUq%pa{
zjHA%?8Ra|)QH-~a#)t`Tf}-$?he+LSx4XZ)tN!nHyVd`<y9Wnf^me=Z+q?TayS?5Q
z-QM2L-oY2peURQ;QpyElUv%%?R~5O>B%wH_0trH6-gf|eBv434o{xkGu}A2ZkC`At
zf`dLJh=~}p#$o}Hb7$hlD8hYsmkekc2k<VNU2v4ouEy#NhZu2esy9ta2PNc3%s8QO
zA8vXMN|O9%&)fF4yWO4>VD2-L2=(>FEGXdXcR!uK1i~{|U%cQzheP5M6atO~W(gx4
zyCa4I33EWWU}TWWwt)_<raX8fWbI)Zh7<5<lpsL{A%<Hb#*ijlFpMIr!Y0rJ#|{9e
zDf96r_$WcL0v&=+;~4vb#3K+ir{hsb(*TB)0mCSC1&J^Oh>r&pu>fueCj$}^G1+tg
zP#i#nNGuSEaR7r!)=CDa7-PVQ6U+tNqKRsDK*bnH9FQ9lq$reFL}^UK1R@*_Fyp4-
zf-qddH%Lhs$OZ|6gwY`N6?uFb3r0gw*m4hEIAbcubu2`}`&(P70f<nC_;RSS42EvK
z5fS5bkaEmqGdLEWPou2LR-?Sy-}muf@nGBELtTFd4Zp>~LD2i_-d+!F`@6xx?#|$^
zJ3E8FZUxlmTM-Tj+6w82dPzKTuJPoSvViv;7ko))#|07(8RCMazDOB%T;Q195Fc~L
z1(YNq@fFKBE(A!R0phZZkNmOxe~|juSY)l}8jcGzk+ms`92Z8u{DOYdjiX!DZb$}b
zfHElf$Ix+s1u~28WTma{5Kj<8!9X^5tv+1KviO=i`S3G^6^;-I`w|@bpDoe@l$rHS
z?0e1(2E3`VTes^xwfI`6d!|Nyx<O%z`GY9{E$jbYw_98P_j|qd`oD@K`Tgt$Ge!d3
zhfXmGI*!Azl61TeJ;w=f64FV8V{s`M5_mM}!vzgP5|7>`0TS48NQ6dMY7q=4loLVO
zqz~4#@@*YJppjh1r6_R#k~9p@X-ND@AKna4sW@kt<5)OOOapw0L+lI6`tbWFN6-*6
zqp`@}XgDNtrBXkf5TgLIV_9CwD#23hAU4uvorKXF5@05wOpt$#Mws{E{V$H=(|AZm
zscyNRt#CU}!|)RO3=5?!xe!qQ8nbaaa2z&3{#z8Ik#1a*%k&SxuSs$^8ZkUV0tZK7
z$^~W@G?dMoA~v-FBGr^6cSe?1h!fudXv7d8#}S}LGJq=40Lo-b7@>@a$x(<nKUHf$
zN6i4OqVPg_k;sK4BANsMev<Z~*X>5?SA-)q>U+KIw?rZJF~xj#+3mgkx5RNc_EQCd
zT=nlnxkr}9hx{GKtPlHpdpq0Nr++e<CdD@thV=HFksA`?5kBTV3iWux5QSV*83ku?
zIJuxy{DXv;Pq@I5p`v5P{7A0kvRkPtq>-Wp04KlU6Nz~r_7rl-jb9<t#jC?3YZ9!2
zPL(cKL?{#{V<h{dDAF+FSgNo=)_@aX!HBOAs%CA#3E@I&yZBBp1USASjK*@Z!wq6Y
zmR9N|#{x*K6xKp^Kp}}dX9JFZI(&P6a_nsA#*T}&ene9J*#H2Jq9nxLHJ*H@mbRYy
zdU$$v_5JaM_rvke`t!E40T;)Y?@q2%zH9U&UHii|o~X|Ns&F4Vx~)#Buxa$e563?@
zmEP_+8JH40YmzHAyeDO(3^I~~{X3D#p5vNM8yj#ql2rLosVa_R^jbOHP(t2aob;iS
z?J7`0yh87ltZa5!-%~E+qNjh=%g9a4c_xAY63imPwGNB}BGgAguW_sw1uZvCE3T>U
zs-baJv7&;O8+W6Rp=>%|ILk|Cw&#(>bXB!xcD<grqXC+>YRYzuNHXHyV#gXoDqM$T
zq%#9NNJnp}R0p!`Y;}<fA(CXD1L%wls=NigTJha9@p_A*umF&9e!QYoaKTWLV3tpl
zf%S17B<>Q|uCi)821F@XYF6L!w}@S1k%Y*{Q^pa1ph&6}hZm=PKrHT~Tiz!q>i7S4
zcyx63?)2)zo7aEuGaBNpzg?W29Dg`He0%)&^*-*;ni}_i0!K-R1m;_(XIICUp12eD
z>7!-;*V{YTt?d5}y8GMf{og9ms|h5G`WOc!9&N&erhpg*<oh_utdKs9l5nEUnF6zj
zD^s9P<AA6gh15i{wKgO^jydMmVwx`noDRh;V%Rl>ys?Nv$N9hi>;J&j7{%AB_aS9K
zVlI%9e2uo-|8Rc)-32lP%HV7K5j-v3^Dga`+bb4r=-d!|+j+TI9l6kVUc#qO&j0)0
z|MP#q&ol)e#SqimOpB0UGw}7Eu4c9U563yaQ>u|Nsv@bQ{QkRyeqksi5MM%?XaixU
zplH<(34#1E{H<hqRm#@i;Scz4PMSb^m*gP3S|M?{Qe2eT9e)3PHarzg2R?lQSJmVR
z@^$qKZN~Rb^RKdy8ZI1iyeQUcyyn2#b!ADH#^K~SQy>l`F2$cu&HG=p%l{8!9444?
zPbABm0$b#N_h5IwD*q4mcGmKL73ufix4wZJ67|)Va!5ifCJFv7l4SA6xDVfKefs1$
zvY2y3qlm^3q5%%MqcY@V4)Bn~7&`iU2i#AeoG}g~kB_(fF=C=GIfKN0m<AX+>Qe_i
z%?rhMZY)+OrWr3|7BU1+pGY6(XMQpdC5d;P4ls+cz+5gg`3Z&O#9Ea<;A2V!F7seR
zD|!PRxPwW*#L}1g45(6HlO{8_O(jkhJGZfGy*ak2BEJ|~)QhWiGWK!5CVDDBP9Ogk
z{<k+jOACWG{@>r<Df9pK_U^&nn*Udk=H~xmD%*3y)$`Le)2)-KdUly2Th2x|=NZik
z;6iDKJw>d%YG|<FlF*hJbv}^_ERAt2`sKdb*tiw8GFQ)ru~EJ)1M7p1|04WvR9r?w
zywKTT+x~C6SLOemorCrMZzak0s$m1<dngrS%E)i(IKaF9RxhkQ=bFSpAFPurC&B^+
zNT_3geBsKbPNSGmQyvU+X%m)O;LB`WW+M;&fSAMqjs@(>`Ya8xs$4Pg#TW<5Hcn(&
zGMs4ZxY?GaG5MI{aH6)ZL_k0>2Qfwh1`|j*iASo%cW+(;9fD*@SD$!5uHSp=$PXn%
zouwG~U41rWTlviQydE#*tBpZk*Xl?&bA#ES$R1(QQE(mUZAgfj%hFi+|1kV9B@A=8
zMZzB|yh6f-Wu>-Ubco<N1gb&htRhjBM3Q5xiGkt?_#u(R{+MDm0m30d0hZhH`{7?k
zOhVepekcSwYa8TKq$TD5fW!fbNAoQMt@_{Yc18a09_*~;|4P#G^8b~d0#CLK&=6nX
zp*ip~$J<jeZ~*EH*h28~bnq|iXO17bF|#8)^nIF|L#~A=0ELjOZ{afQ(c_N)BK&Wi
zC@<t1*24cgySsZ;{cn4_yXOB@B%A+HlJJ7nU+1I!R4mRD?DuP)QQ1C9w;D;^;l%2u
z($TCPn%&{P1~@~?G;ZN7Q&{R}$)3K=ct1l={aunIr;7;@1IREpUYlcMuY6|gnd9Q3
zTE&&9Kx_lfm7|<G02&i6)xemFOy|_D=smCZS5SLpsbCxBfO}RWml)><Ljm=<1js`X
z`i;iQsT*JOEhT5fR?0COr6j;x1VyeC?%W+x<{HAdNK=Np0{i2b_$YMgjm*Qh`WPwe
zb(pz2^>%g+Eb^Frej~lA&V5C}Cbz$=0fyochA-u?-fhB{`XB-N-_6miTd+}9uLN5K
z*z#|m7S7!n)>(r!X9Ww5K6I=D4!fj=)GIt7;M1r6?6Lxl;M1p$)raz0uzpLRq-+(H
zZ`O%PC1=_SSZg5nElG%*vaq3<$|;U^32JJ}&o@?;ED>^ZHpH!*B^hmw{?ILVqoR#U
zpQQ=V1c*IC+QG!jeM{<abX-^EcIN5E%yYy>_T+BrQBHw+XL6Fu%C&}Tz2yv(dD6_D
zgN4scxtYpV)b3KypHUPxH=0+ogmrIww)y<CPmAb(3mg7SYP0|K4tf>+uXk{;KL1-u
zT5$jOEDV3P5enXSI=@s5Q1HHkZ*VNQ$<d}Kc;E3EMgn&>p_8hR1^HK^j8B`;32=x7
zR#oQcz$^{b9&WSNl!5DhZH=&K0`-^a=EU?aaeb8iupKbnBprmrcYVyvdR8qU!tDFq
z=wq1wTx!89+QzXUB2;k<jwSa0y=Cg>lopl$3mN`QYPJ7u@7B(LcGmm<m82!)|L1A=
zTU-1Z(<1zDT;(j8{xJ6conFoUzrVYV|6EC0czv&2!;rCsoEZ%gp;-^Op8yb(1oz=A
zK_656%)BW-zqA<tE8%BMar3JHZT!EtcTna3?%w{I|5uTwuybjZTY8~4!Ue^_yaJ}B
zSP|W%JE+`V1AwnH12eki%Em0!1sAcnY)oox-f|YL7_06jyq<cvYiSYw*V{|Cu#C<r
z0^0b$x4&QI|DE32|8pg2!R0(NFtjj1+p7K4Sg%u-7U6&6Ue8@^?vGINF#7*que$%=
z-QQi?e^-(k`Tt0b?^~2KiGYR)V<yDCHT$fmqU9g0h>ouXBhfj-Lvjb5n@;(d)e~s+
zQZLYVqmSV{^<=qPWn~PVr?x6suKv_xxlC%|f9vD&p}?*C|C;|_Z+m;q|0_wx{v@Y*
z$rknLljEoeD#)BsOhA>%)OoM%`xf&e*4MnG#Zsn}`I477Ebi57C|$&HNyvUk2e@1a
zB}iR?NHF(gZc+HDDg3<C{QSRsC}<o1?{};If7`v@djG$YG++Fe3XVFyOOT2a&{5S{
z@PLZv^y;xu<;buA4^bKlu%t-7l-hUD!5<)48vC%nqy8k(Wja)AuRAS{>`0yJYB)4x
z5=^740^*QzeGh65tyWVSU^cO-Sw9IQu^2+<EAD<J_cS)_B_RfXC?`eaW9a;+4s<?r
z7Q*8R$A5nQUpD%y-T$}StNMTJbl3a;)uhLZ|C)N_hmvGgQGg<7yeMKvjcfmhTyLpI
zKFb1Q%!p84k5gi}k-3hM(D)(^mB+7NV3$RLn$y1qH)BPuf<GjgvL>-BsKrlx=m?hL
zj`3iD_rEx<>pH6-ecxQ$HwCiiIWnrJ5@ESd6G=upQf_JbJCz_d6T(*V8gxN>5II)h
znhV;0$k7fiLH4I|%hA_?Di@-9`zRs!PT*KsPl|)-N{@cZ1&y+gYDv=f>y&}$eAAf^
zgTi~&sy)I&{T~vp|G3SepM~9=9opwZ^MG9@OldH6=hvg!*Gi|d-S&=(UQE9UuQyf1
zx3m#$&WTXax0!w}_>{7M#1)T)>cq&*Z5nvRFZYG;whHT0FGTC~Bxx!AZ$T%pw*B8h
zE&hLZXMO&=n)K-LpU+(le5^RqMn|%#Ze(qQo5O2tISD>L|1TT;*~<U>yL(mp@Am%g
zn*Udl9wPqpxwCjZj?{7m$v*1VT7yelQECO4XU`|-%Y@ajxCKxBorQTKQ!8$K=C<d0
zAX?2~My7<(2#YaJm8?&Y824ezG%>9ZmE+d=w)<_jGo=Xk8A^)1*OaiYYDn!I^qpf$
z*rBx*($ro$C>m~f1i>1Zdd0GnP$PP+alJL{<fiYaF~ZXXaatg?gl*c9nll15<pzV{
z(gz8|Tv348dm3K$T1L4m7hE?hQu^E}f&%XmgIIdAV+IJNa!bQ8D>`v@Kw>U4Z42_J
zPi}?G^T#bVyvtDwS}Yov8s<Hv^{Fp$OzEQ@ko-`SwLDcT6SW#%Jbj*2<5C-AQX9s6
z*%6;I-p<T{zUMH{y8-}6+1(I2UKRM(xSlI%FNOUqYR#Bt4=~99aC}o1TN>{3v)Aep
z`^)pgqvO)lR!>R%gVCrw;{k>Qhk;T08*<Lo3YaaiUQ@Vw*7?ct;p^jz5636RM^|so
zPV3#5gYL_3_mqT=HG8k|WD~wr)$Li_{BTHB+7%ZIT;qv-F6HTSsY-aZ0aBLN9oE(~
zJ7_PjMZ+}0Z<U#^JSLI+rU|&EAH=hJ)4&-)?b`XeMN5E8FIr#Htyg=z<i;;ecB$NQ
zfn)Kb>ftCvq%<FV`Jukp&uB8g&Dx%uQ6eU<3A0<y9uJz<tj@29>f()|Y1Q%~Glf@$
zMD~+VMWM<=QNLGtv{b9%29x%Ft#_x2GUdmpYQ5TZmg+Qn+R9RUi^r~N-Q}fQ`g-b}
z+T*18_y25weAhfK<f`|haF8o^u665R%{<U<|Eu_a?{xRq@t><n71ps{u`@eS$qFkw
zt(-Njo~Lc$u}_g_Q6%46=L_`W<G&>TFXRl;!vEX*J5~R$y`9~)|Hn$wT>QTZ-goW!
z^*nj~soV#e+ArO%+j8_i<;;J<)A-t<bfk9jxYc1{-tOl(?9Zei!#9L4-_wKoW6ay>
ztTUx*&xLf=!<+qee@7004Y(R(xOjDVls^?2p$Uu_iiLXjiSzt|?3fA|qZ@PeHP+9B
zHq6lFakDTQkT`g#rp*cU+^#dv$rEFxcjVlE{cm>$Xj%Vz-Cnn{{_pRv-+x<8dgS$g
zVJCslK@E6xkAX4~=5`;bkZvBIfqU#6*6H6NEh+yOat3LU|9kt}wf$dje|IhaSCJN$
z|MzziSyseX>pc(m5sP3C=t@$@b?sO3XnrM4#C|qTCd>JlG+@;1Sn^mW^%4Nvcg6N}
zc;I98vKz(1XX|n&Y&dx8(eu5Iw%a>codZQ>Sn3WGQ`Q1Km8A5j4~q+~nQGrn5sb5H
zH#ibZcjT}eUDm0?_DQn$vEMaGhxRjxN14)(JDWdqSCM&8oZ>68pu2`W-5$(!!v=r#
zz8f=md^sP1sVyvZbZ@t|jPJm-`u7HAF`t6Qnr$#V$=%pX?*Fnkl5K15)Sck${oi(X
zzjpuQL2rBQ|G$#7g7g2yZGb3<NW2O=o9@Uqur1P)D%k4N5Fzz0(#o7D3{ub1bo%Jt
z5)$=%Yq&Cs<A7AJHU5(jTw=a@dfyOy`{$&$#C-Mi9x!^#pXp^0k4<rnd&$*`4AsGS
z)0)YzNphG~4=if))%wxZgkojz789h;Xt<3J&IVW>@CsO>?4Oiz<*<-BG6)KiWsEzH
z=QO>>W530t%l+aM&+v?}*i?u4oBE{wmzjM>DHrC%KX+D<ztxlED9rBU*i=_kMQGw|
zsCUaHoD8D?C<7|SnB5YNfy4qc<O{eZVl21VvDti@Ry?>G<B9U#Kq059C1*pnWgws|
zGt6SkVW^!7Ig~{un<SlYI<u+JGy-CbwHu3mXk28F4=|uXh&9~W2}Mv%1jrP#D#TOy
zrizHYJ=xUVFF&>wtPHH<;+sTC70M8BHXam(%&A3VlKonIWQJ)NT8Io%5(*%(T}@1q
z>O@({Ma+OwfowsSFL<A^5Z{DS3?JXDyMk4U<lpZ-bB``wb4eb`Br^*N>gh!I>Ed;5
zRGS>jY6CjWt!(zpe44eRL9<;*C4A;9hlF+IOGeh|qH9IAQaBsStQGSL{n_l2!;U7v
zF^1bQ@yFIO0r*bgJxGPpkz{!(7^C+7o7b8-X}OkbPbDE5_F@ZdVxGB#kg(!aONgw~
z*<AKWELFl-3L2Nj;bhf()vy3QHIqG;HMwy&zTh_YnRA_ncGYZG?zL&^XF(6@Oi3=w
zN(qFkG2zYzsFPx~4~UeSNVrdLFjED!HxQs$lAY0n5p`#A(H`86ajew=5|03>RbC^b
zW0W74yB0kAmor}n5)5!iZ=q!AKnz1Z`PAMvyE9q|qd*5A=*^(ke*zfDt*|U+jYla)
zL6L_DARJg4$C5@QE<6to!w@1GVDAYSGUiL!Sh8v*rfjG*KpeYt*j)Y@GjTrPdXu$c
zX0G*aY0z!@bB*^NPobWRNYia6QtAvs{1~>AMXe=mn5@WNGSf8jGz)gjm)S>~S_?>r
z&uQmf%$6tFgV(!%HsayQ=I9bTIa6zaIr=&6{fbGls$F2+8>sT<gZqCh>Ho9PQ?PCK
zf9!Uv??3K$d+Ya~SCSTv|Cs-g*ykU~w~l^Wfd7|${dtb}9}lYUKkn>x*YUqANe}S;
z^K-xcw<6+lSAG4;t#Zt$e(O7yPdAAJe76Z-YK6^q>uzew_Tn}*s;l{<E#^z47XHuP
z?^mx~F8c&rJO9_-f7@HX|G1ho-}`T+N7B?>aLdoTbxIRu+DmQP^9o%3%4+@jH7z_2
z?IxODmR1@`;$5c$%wjCC+6*aEYK&viH?3PNr+d#M6T%iSvdGPoS>TilEeF<95B{S3
zzvL5eE&RW|Q@j6bXLoxY|GkoA7Dvk9Yy2@^*vzndK8*#V;knw#7jbXUkvrec%f;&8
zfQZh^$GuO?mQ4*BNyC%WhP`WVQ5%DRIcBNs>nn#V#W`ywSKYNCOGu&Mn%B#8k=*7p
z!s5}bK2@@~B$Demjgg?$z1bttDCL;(D((dscpBw03FL<~4N7pU8kL?U#c(XlJHm!!
z)4)+td4-H4K^u5;pgB^xjmW4^8<4%oS3rsbb*hCwri9@DhLnMi!jRjCh!Z$Gf8)U=
zjWGO>uP~-bKO{I7971x9K~6PagphI!L>&mIb8QSX6@c%MFT#oOD8O-$P$Fvzs=74o
zNeD*d2FHNdD2=pz3-pEgP2hL3Ohd}P5)YZ;y|9ePG<&N-_1&oi>`fV`fA=eUA2cny
z{%1!lStQ^reV}Fi@5#K1{cmq)9sjqI^d#&5s^bY8PBs=<<sLr{Q2|(lA=)d=?5?Vz
zh*?LrAikFzUiDBl9F#t<p;7=o#!#t-8&7>6lmG84|L55Uw#)ze{a@?*pI4JUv;E(k
z0_6d>fsZ6nY7j2>NMr+|^IZG55~==Jo6Z%DNEzI+#Gf)i^A6EMcXK}O0<f(7pG)yK
zsYU+p?j2O$|J~c}9<1g6D$<k4f8{yMuyPcRD8pb~sRbm4G~t3_6xm+HB@bgUMlsyt
z7lAT)=-AOQy1|>k=_cG_?WjXj2J|*AS5@&*%B@?B%N^fh<pAb=#(^};*zPvqT_yt-
z4Sbo$B38IP&2oHd1*0t#W*$(=;V=&Zj)@KB0)-(C<lL3B%E-w&RMX-^7l;tO7ud_h
z^ptThw<fg39yCTD%m%%&m!=q>$BFWpBRJv-HqcKQxBGy?WF8;i6$q1iM6a$$zEmOn
zOytXwVYrVWTFi%MBTW=MD>v)RofgyowX}0pDOb>I9J|`bY344V&Hrb2xBCA7{`SuL
z{C_2>;vCnwuBm~Z;Rh@yK=VS?-mI=&`17?G1sc{Kebf0_f<C6$$skZ|&j|wj0fYTr
z9Q*eDsn3i}A1y7!{|mkPP^1?A-{0M>?*DhT*Y@Alq$jukF8iLu!<l&N?>qG7dA_04
zL!--}-P1nI@!CT5(SpUg$Zr+4A0}ve9H8AiS-T3k$<tXEth-JZ4J_qAohfTgZq!B7
zm3y1Zzw7tu7Y%AJOvsbDXWzc|TNP=$Zr?7XFWv80t(NcIhuqiH{^GhK<gSmIaEBx;
zzb?Opg})`Usv=l~QX_6^=o(KJZ08zJD(&2jK8CK3+(8-#Azq+4A2mP~Bf;Iw$EcJi
zbNX9b&C7F)eepfzqC)UWiF3*X`~d+TqBIoH+1=ggRPR%F-5kn<G(*zR0ZPcbi<5d=
z2@MpVls<p?_4(QB52uH3k6%`bHz~^r65~2SRUR*E*ZQMXw))1ontpl%;;9SC-qHY9
zf$q4j%Ij1bs$9oE>&b;uN7XkMro6f^rIRU_@@E9JvdrD~|6sKAR=-R`g2TX^|1{*B
zt5;?+!Rl4UYt}OjHbXZ*)=+y7VY*bQy@(){oKk+msGvR#`*3x1Zsjz-_|W()f(AG*
zUwaE-1Fp_qpM4#rH)!~>53dQ=?>k7@PZ?q)oB$`Wj|)qBcE?GG1y+^@V|q{<TxUbs
zYUC_bMhHD!!R+XjCQbB{p<;{~-ZbWw2wf|SJ?83~vjOJ7ut=F~Z-_#UJ!iv49|a`F
zoS)00eLD+aEJX58EGl0CxIe~n6u!T@I=`%Dns<j}!;{}?nZ@9ga+E~`g|BglCYRW!
zalreqS1uz+glQ_KWha;s8cfR_A`+$yUyT{&V;Tm1C_xaC8~hklknP@&2)*uosIb#*
zBg39G?Qdw9M)<9I(zwhHE=2OH=Jsi;Qbj^&PF3Y9IdX2C#o?q6f~B~nqb6zH*i-Jg
zTwe(0>0cw?putoz(CSf{K4w{zYeFA(x4WfGp6|H}AhjAOLSE}`J~ZwH#8Q@mBGE*O
zClode9}zgJO`U5jDcvv*nn`rdpTq#L(EfkXz#o%Z_WwKkJH2ZBUw3;Q|GSd(Wd6S!
z@LzF$;flEgI=_3RX;!*g2QA*<&Q3$}V;5%wZk1obyPwXbDx%F*x(8#uhZ}8o*eaRs
zfy6_~B7GXS=xN<j@i*yRV(?i_^iA<_`P4X@=_G%!h^6~Dk39s%o~4KN<9QG-=_$8>
zi<~tml_ReE9G6cM4cg-jGFwrV{hOKJ*#J)Uy=hrRWd%@o4#K%P)H~9$h3feMK8j_>
z#pQ(h-ZHh}T8Vtn+R<ucgSm*R=^S;%JbquSAI&ZQ@j1z$zH+T|A^p!7lNVJ1+s=RM
z{{QRyA6Au~{QReS>CEcSeaa_2i=DabY6vX5plh2`^tMtUHo~H22W+wcYJ|r^B>Wlr
ze=m6jRIC3-uNwck+dWwC|5lQo9skdH>D0rCfj^0%XG&U#|3%2>@%O5xR{rnS?tkg+
zuK9l@={fQL6hE>i6ZMk3Uh)<Db2Gk4E&P8s`WP;I?OUGO_<wJ&%KzPi_5Dw)NlV=S
zrkq47*T2bct+&3(LenmN`^joxnLFQ9+jCs`)(k^g&u@lh@eAK-Fg^8PH>7#^e@VB`
zJhh$w>~yR8e{XkpegE@H(nGjnS^{A{Ra`UJoE!4RTrcZQKeXp%y@%x-FY8o;XW)1F
z;GUORb4nQI$MSWjOPSy1b7_^Sx?Ilk?6RsgJ9ahtTs3%HsfMOIT;*;A)4asAUB~t~
zsCbEeJD-<WWs)ecA}kp3xrbxz<yG<0(*T%4GePKn+bwleapS9dw&w1q-&u}0YT;;h
zGR?eR8;h5{NShE{fzPAe&wX4TTO1xQ&kv6t&FfL0i02JY@uZsOM^)lhnBhG2gsw|U
zfXeOQQ?H?)bDBs0Tk_Z^Pp$T!TKrG<VD102nslF|n8(%o7E-~cpTjgC!`Lfv+d0fr
z57DEh1^9o7mp^oB<NxhmmH)T5*XKX0Ne^%o^H5^osY&stO!M&nlE*%IYUBT2?fswL
z&R%!T|Eoxg9mV7-_p&@*I)Hg<+}CLe|9fK`Mr0IIh99Dj*7KiU<@~3&x3{;x|8FH}
z1J02Un8oU@9zEvzt?fZd!hpmhNRWSxMwol*-af*Cr-@Rufsb(*!YHHzZKWmgXcHI?
zksvo%MblW{Q5-lM5aW?{x&Jz0cu4MWpl{^+kCz^t#o+{KtZGV-Ai)em5@XNtUSEE=
z6qI3S1CD4E(HMR_x`co*?sy|2w$#5Ge8(I7#<tYI*@y9HOa7Dn<TvqF(a-?-*J+~8
zzPR&^$8Qto8*hNFoo_r5CC)eh-PwR25hFC^@aFX~cf5qre_>xZ9tkko(&ZTa*XJnE
z8u=e3iOVnwBJ4%M{rhM;|LN}USNZ>7e|`V|O40_r)9w|`7khpE?x*vYj?-QS2#5Ek
z*bDy4*J|tB-^v__JVIXr9S(_4PzX2{m?eyG?2Z@;Fa(4PMh2;p40H(Zi{^`_N;h}C
z^x%zn!PRAB6BV<J1Q~=_OOyNp(W0GAcux}?gErn5t&WHorvuNYQ3mT)6HmO{1Ro_T
z5`hl$_nzaCl$sgda1_!sumF}nJ(~hU%79@Mx`IR)0>sAyidX<Qgp&aYiI^xk2@xXN
zD6e7<O!Ed~F~)!qCzuPkMHAKLfQm7YI3PD9NKq*15v4H^6Nqp$z>KR_3$o`Ivjws_
z!XRNZNc98OrMPbHInIWZls3L4bRFksnyP?_EDTePhbj*fnzH6eqXNrgAJ^LRoPW?T
zr25f&E^xwOfYon0N3-T;JXu&5vYVD@a2jIIae5xS(V^`{k&`!$^B0NCEeXRs{v<-z
z7<kICY|uPcKgM<~>wdlg9#T_Ml99wI_TbG>eNYXm+itCBGoUeyHFBnvYU`W2H5BW}
zIGOw2fG&r_hT}E$)nh%X<>}LKE1*8#@<Z~{bDY2Y`s=UGU;LDX;PMkF>JY02`~iHd
zi#ppLoY0X9zNyUw-B_A{>JmaaA~Cpb!l+zazhfx&$C!cZ8dK7DU%oqkb@uM`^@qcw
zqqBFXSEi4@oUu*We5gB0xx^I3d3Wy*&)?`U-5FS#KDIa(a^i9mxc##K0C0k<1E9bA
z^6>o4hpV$6j!zBfJ02XVs3AabiNm4$J>}~9V#8I+Ev^QE;W<5rkr2oq!<R>Ar&kwe
zCm+sF4o{EOfl(bs)9bF6MKY-gqAz2h10zCApj5)}jZ$JHR{`Si>-1pjUm=YH%;4A3
z2>%LPzjFW7tJXR_RBF`!KBkzfTQ8SB@+qa+`d@G7V80Uo-P_;UTibtElJcSMI~$eN
zvJ@iixNw6QkqS`mk=r0QGQ&_yne45*zP<s*0nmn_1aW>#S>ON!nEQ+<m7)(<N}#1&
zFUgr2P+oliMmjF9Q~KU%hrDo7ZUMhka2gIcP9rBj#_k)xXD7R+!UQMgUtQx&T}9bk
z0$sYHUaER?BE12x5GQ^~H<~)0+0Aza`qq~cRHvy_C#4FUl~6JJX{=zgI!kE4bCT#w
zw{nW~O4Kuc0~sDg8xo1b;6`eR!F+fiQ@SX8R4Q9R=0}2W^E%~bA=4TPlFTTbBRZfo
z#3;6r%_avQ)7uX`9b^pmfedHj4qz2FlcvBl#3;b*IMmCrGQt`#8*)lWcaD{VkSPb)
z6s(TlTNP`~xEx6BNmIqp!ZCOKsPn`$<ZNUL|I$mrkiesfjnI_bGE!G#Y!w7<N-C_R
z?qgvlcS0Ah4v#Vv;cGGk<2ChC&08B^!_787Ur?obze@rn%vI?YYb%a!C?daN9Z=q>
z&?+ZiJE;;zC?jHW6e7+~v&+p4rJ6I#ggQ56z?X%TS-(2;ixEg}+~d(bM!({?W+T*;
zRhi6p3FWhg*EEtpb~<e~&kKEnWG(eKL(C44Z%TQ3vRVSSDX)yHcE~Mt)|n-F%(R+A
z(pK7>26MwQ(VSc7&3NXzAvv@}!)%h>XZffg)x4I>IdYlUm&Hx#&vj*~&7WDzj6J^7
zmz<VTb1y$OWD71lbKp4*FMX?sTsE|0@HEUC%aw3bJx19SF7!4JUL1zu3nN206fG&V
zv3lOQtl&tUGsH|uvy@{7>gp|cp+rw(OaDr_s7i9HA@ydLYEIqVSX}Xgf{4VM_7|y{
zYBQwuQ9ad>Lt>tTp1MRTFq@Y~E6at>VHhs38qPhY{F)?(`P)(U`%lwGx1~mT4xc4L
zy{1ivM(I%Ysphw;9&iq4E6=$;keeZ|vbQR{?Cj35l!SU#3A+=*6=vDhIQjXXZKPCI
z_5x53bfgu$I1Y#a#Np?|w<j-h;Xc4zzosGyh3^u~2#$U1IW;Y!z6xh#F<A5R`c$Gp
z1G-c58*wfP_2-AUwT89NfowrBB|oqAs=#^n0%eBi2>D~|aq=5JArTQJrFeRYGE-lY
z-!OzSQ;lAd5m;4(H$#YUK+*^ZhqpMQOx+0;Lxk=~ltz$pS^AcyVE_YdhK)$9vgi=R
zm~idgug^8~S2>{~-InT@gE@cEAvBrcw!E#LqI?&^ckeCflmv=R%&ElF*iEIJm0cm5
zpiE+JsMA0?L#+s-n48c5eZ(@r>g?TIuoWdkp4}O2?%zr|9;TscGr%`Eq={VWrVwBu
zY?B**Dymst8BcZbDAiXVpJT=e7dRF_Ds+xQL?UxpnKDu#eN0y&gqEmktuS*zk-<kP
z*V7`q%p6CFn7k$|qn4oRTIB)O(HeN#9B7glddc|dpa11#hOB4|tSK0NT6UvmrwTws
z1HG}7J<r^xRK=aHu&n7v*8aRiT}Gf;Vy-E|%bvee^BZ@|YBD^;wm2IqJ;&6g3$uo(
z@yhyw)>HH6nP!>!Q{Vis$b75R%&>Vyso;X4B$>H099YF>;MP`b9u#ee7Q(Ppv10#k
zJpZ}TVQ>=^g`S9(yY#_IE&e}y-QC^l`On_|`u(4kq!>l`>;^MN0^Em=ZyCBA`#~J1
zZiZF&8y03x$I(%}`XwC`z}vU>kd_0FoV{q&hp)amx;VSM)F<3mhyVQQD+eI4qIlm7
zPpLR(nB!PDPD}%wUFpz=-#<BmhS)sNr+%ZMddqO4emG@Ygb}<depO{>J0S^irt0_M
z{V$GFV)uG>Q|Pq|0rjsj8>a)uu{M@{#h8+Gx!|9^)wFDO_ESVv%R^s_C@Ec<Ff=i`
z5=Vd<$pETE11OWNW=8HqN6iKk_gt*U5;?87>g~Osq<!dhyOD{pkJJp<>utX!W`~3M
z?6TW?`)`TkaO|fF1R4u`C(1ptG(P0-IA(p=-`m^S&OVuIIkRsl4C(DTBR3?(BYez#
zq@S@U<YN}QdO@l92MIBsaDgL3MaR|&Ww%<vRkQ%eHxhl=Q^+MZeuYeyt#DOzs&u&`
zLZL7js~7=_Ox&{3K(YoLqie{_YSu=+_r`aEA;9qsVKi1It!$N58*q+A{`_g75L#E0
zI2&;M)8X6mlVfK?H+EdK^&?_jKbXN$l!Vy3#*^>VGS^dI4^PjozCXV3emMSFf8KUB
z;Ntl5-N}{8&jOfr?GM*@V&1V(h5OLaZFNe8O`{)vIR3e*^mfO|z?9%wlU%XkJt-q)
zP;QL;HzJcg$2FZcHjL`2qxT&rySi83*8A?_qz|3UO$;TrW1D1U>%}R#0P0`$GPxIk
zp5ldhw-4sAW%KIfWy9+l)85W7&s0jeAys(UbiRm|m(k2OH4n@;>!(z~^ObYP+F82u
zSqXiMDQj#AM&s?9O@vWY?LB~AW8`wE^!7PGufNS=a5((u@#)oaNGt%RoF^rvKASGK
zZaxnhcZq9Pu`zjdc6N1nb#Zupethxh2n~qRzSK0o<!=$Y#v%!kkEaYN06~$|GY&6K
z`+!*7N4LCBP}J}L&G<Ebc=P)2eMUpP^|y<&6YX^P_s=n`VV%}#oz`icTGIay00960
L8yt7<0A>LIql_g4

diff --git a/assets/universal-crossplane/universal-crossplane-1.2.300200.tgz b/assets/universal-crossplane/universal-crossplane-1.2.300200.tgz
deleted file mode 100644
index 0f126e5b5e40f6be594ef11de859898156c13452..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11573
zcmai)RZtyK_vImYa0{-%o#4UULU1Pm0)(I!hhUfB68z%9T`v;c-QC?GxI5hb^L;fn
zQ#JE2UH#Ax{m{MZoW0Ik`$rXlN&xqt3t)z0HC52yGE-3D|MXLc?;DQ}m$@dNm4T)Z
zzp9Q7zlyG{wW+=NPc3zjsDg#99o(_ci_;4K<p!+TI~*2Sy(?&`!Sm?kW?kbNUbfmm
zYxq%djDA;Hh!~G2fKYJ)j>#(S{xD<vu;g^ztHR6QE0EPY2C+Su=e-pj2pPOUiig-l
z_759wHIkQMKG~6=Ni6pdBTe|l?IZ#B=BOG0>_AMZef^B;_@o$kdhxvh(mTgGGm*Ul
zB*9?!${O)|O>kv<bNv<Lzjfs^3i{nQRpK{iE4qY@<9S(v1#i%#%*0&ayy?^w7&D>+
zQLE(t)kUXJoB0RO(1nH(*YsJ#$2wc?^)YoxdnEn-L5gzDk@m#_GG5U)PJ+d~wcx$R
z%S-`@q2k&O?2~Sw6l7Ao%tQe7FQ44G|ABMPjFl-W9N&|KH*R~nI2OXm=zKgTLHS6D
zpP7Z@z{aIayt$ChMWB$3(1r9qSE~-w#g=ck(}t#<vd~lzAyW<w&z#^}1I@R$R$WNl
zOx0o@@VuQ>2pv{K-p_BmA=D4>6alK+#83V`_&B_U+v*C_aD5Q?ZYCF`FfPPURe6Fc
zxC%7J_jq{RUYl@Pf_|v6denH^aB?+e2^gQbd;M@3lhGR_d1jA8!<l0Qspshw)S0S6
zr;<ZSWCTe~`&7D-OdA40kT|XwOgv<?T**V$%X{8;zk{<XcPT}j3$&t+v_b>1>+3ZU
zaI&#3cGWC6iJLAMWIj!+4{^tjZs>W4MOLfUk?qcQ{)z^|<%MBlhfmEvp82r8A_uge
zo?%Z!wG*|hEK|I=y1QS`pZGm`3wOawF4Lr|afUID5oWBay*tm|_UAk}ZjjjGmNu%K
zA!6>1LMN}W*)ltA@Qb6PYx_ph9|VWSD`hly5i6bmL~8(VBgzP0g0|nN?93C$Mxo;y
zi%GU0_Dx1w3(&pil_DW{Hv8Am@#Z1??0aqbDUK?Rbf*Hpdp@PnVAFlLu<ils{>a7g
z*?LC@*|E6urG6(twV)Ioxf0U>xK0i+Yor@$w(h)lzU!KR{^YY?mA_QLW<dIIKpMon
zclRC6<sb0k3s`6aRM#kEFYQsZBv03*JaTVD0>5&jc}8_t#<_T-BJ`s<;7#cVnmN)C
z<9U1_>k`70##3FRhsRrRR0w3yGr+}Qgy2gq+M>?=y|g2f$O@a;*7z<6r$`!X$x8>b
zMTPc*iUrM*xAg=+e?sv7C4G!O6nwtSC_jP2V^%e={zHU8L$jFbbEvxCVpSP5FwTV8
z4JYki)90>#d}v(pY77JIQurew=P=9u3o8+Zc&&OPaJhr9a`*Y0Ck%88wniK^;BAf7
zM<;TADHs_+ZkWAM{O~n)2UNjHFojD*@(qf-=@8QQeO}0D8Vi3dJnbxm&Rs4Mgv;25
zFcC^45%pdo(i~1Z2Oct*$R$OBTa%092-87(%1DJ@lGzNppp8XWl;K5#d#0o4%36<}
zfuhP=&)lI1gF>Ya&B7m^n}nZGK%v_X$AxbZi*G=(jq-_oA<q>3wx}piPtC%Mx!@0}
z481%A!Pk4gV{P!Z(8Tt{-rjh05eFG*k{}g23JMo$JqH9Pk2iG0X6KmoJu6r{Etc~V
zPAN>j@ryUU2<!1ieR|utvjmMfcwX*)Z-ZAB@Hv5FUWSQ)L6hz&muZS?TQ9Xza?TIm
zv@;ZnQ_{BNkKYya*X^R*1l7S?g*bB8JjA9aw5)tYISMI8kEAT<*iQ=Y=h!=Pz~g@J
zcxPd8Dw2Z8?!_-Jy#@)6Tvjo(l~v?PuDI@(r|13c^=0$6^V!pO=Jhs(CHh!2=UTc^
z$z26^;PpIJ#rY>uWVM8liD|nVr395+sy1<0aq;cv@xczrhJL(J)g}e=dyAM@^5gZe
zPq*arE=x=P-C=n{*h5;5<Ypa12f=ukr_bi7t+v{~@U{q%E6gowh90AwXc97D+R*nz
z+?FY*Zxpy9Q0MzNutL?aky^W|blw`+r|KA8wU!3=Y0rjZ|6OTF_r|c8Zroxk9kU&M
zUwWXLFm~*P08&MmDd4jZmZKwa1XY<u(hyddeVF7#5K&?T74f1}&!@P>hT|w!bHcgE
zA#1Puf3@-!P-#iGP}h5-ASB+FujSCG7H5*E8XtS(fJ<kOKMyls_4pn7p>n3IZ4-pk
z+(nBP8*SK!>zAdFN*J;a3h~nukrD7#P~#<sot*#scfGnij14t@@fr9LS`WDSdOAIC
zo@}OVw}al<f@h{0VEBScQgmGFzFwX`y*I-Q9h1a9&Vd77lDrab)`wxR?|?h|?lKA8
z??+-3x{MY-5*2uEjDb7HxD%;IUZt*-wK0NZStC27M_#N@19b&uy6IY)3&#=edWcoU
zTS1BlvYtvCmY<rqK~Yy=U>^82%p4BYIx`#c>oKCHe;~cH2f80l1c(NRnF2U3<j?=Q
zj5q(~tJh_+`}YOkd)ljQML=WnE~C3pbqsh~2d=;!s=P>4y*SfpBjGV7Jm)v56?HaG
zR8h{}rJvr{7Ki6WUM_?19`mzfB)s9Ras*I$5M<MQ6;O9nH$nO3x)!!C6uu$AULIOr
zy&_h1DJEVLYqzXjb2q4cG^Fs`K}VtLMhWLnfA5!v#<jk?wLMh}dOjn;9S{AoSr2x<
z+M}UVj>zss%>oH>1*33rs<b;`h8+<9<d|&ICmLJUMz}x&JaOKY?1MRtPfzT3fR96<
zb~`ZAJRNBX{cdug-U!~a3f<tA>IF{Q66|`=(VTBTR1P<iM&>=alYDDTyikW3p4q>H
zeNhK-AEyGr-y&kGw}qi$**h3`Po|_M|BB^B&v`is#v2!_K5~zGkkrI*dpycKa*1EX
zpQ*)pyf)$*V)T*xoWW>XI>tG%2MVzQt&I=Z{C{(ZCVmO0Vk)!wWRLr?tlLbPFWZ&(
z6o1?2cPl6A=hxoBmyYms&1W>D!nVmNd}ID}?|$Cidatif>~aBgcG{-^?ryhOw*t@Y
zQPo@kk>+9senm!RMT&jv$V|-<0d&{a#W`cL42}b$v%vmscR3gtodeA-MSUONs$+_{
z|C`=vX+)&3DXa61H!<1nGE3#!(LHB3(AQ(Z+oPP0=~fQ7A#20dS49`ffH@6YC@H^G
zTZjgC{_p3KD1??$Xze!&L0vkmV3TwsA>4ON5>gZhJK?NpA0xj>sr=*`$*-@3_;c1c
zrbLR|Q+&fi5qww4*luYRI@_PX-bTDFaT1BIpY+?((|v_)cq-ZZlcS)fvMw!kR&qcx
zEqpFX-k%=)*{$Yzs9%(1bzZ5e2zC9LsOwG$Ue1^X#&d-jS+)Da$kns(S5N3W<cE44
z`KA<`5xL$Yw0ELN^RZup1CtxsA`<}YZYs?#t`IW1=i)9_IwQU2nZyVzT#*n7zM?<c
zbR}^LPPTm9Y9a{Yba4w*nj_yO1Z9{yob-JKo`*vf6}%R)gCsyTC=bLIvJc|4juKmg
z->kEyVav<K13+t%Fxf+UVs+CqpriUrUK4@0XWzpX>v`nDjTIS7;>#~~Bu-U%pv!mf
zKAVh(wM%-vuvlovApDIQ>fj?D$FivB!i8}#P>#QwZ`A$q9t>@-F|GyN9@AbjYYEZ-
z^|*8YS>xT@7d^Hy{9|mJ4E4p2O7*0Q%bPui1yhqPgsH2WzmNr`hj{Hb*_HJUEqgQC
z#yrHORbRfu(SefiX^~?b+kV<bMYdk1R9QwvM2xdk$RK?)bSNO-oq?Z#I9MU~X_@mE
zy2(;`1ho4buqq=g6QiuukT!M*iW9#r8mE__44;7V>U>_k4+pUdy|2@ZTBM_gUt?f$
z%6Hg5P5v;C(<htyVTEuZv#&=!TN%15?427OTm7{^rF7cF{VrdYvStjFr#ssSEn3*Q
zP2%fN6X`q;BA;6(Iu8<4@Y@tX=RJC73-QtQFMnhEP_K&4d5UpV)|p!4AJm8AIR_u|
zMN|5akP_$oVA{d=%P)rW1I_V6>7VR+?euCIb>TxiM?HC$1u6)0qys+6cv}T*wm%A-
z!gIg)@9|ksA-mSkJF;jU$qIEg;D!$pUj^Sf)8w!!4Q2)P{WHPt_tlK|ZKEw~DG^>{
zyG}uEl*}{)=@77?Ux(N?kP+HxJ+i6XGe{hh6jNBYtRxj+$&b6vF0aw961U0Oe&cc0
zjCLBD7mokLE?&WBbi_`Cld?bIox$q;duUWEam_8s9~PKX**N*kqb!8!wns%|JJhbP
z-v=}H+@6P2ysWpb9zKH4FHOt<Xg*sb42(zCe#=1Da(3feVJp$~MA_C?wXqku<{5Y=
znrTYsaE5fPL0C--D9!9`qyIw^?0HkF`tDyx(U3K^fWD1&z?Hq7O689?H~Y6IJJ<Y<
zK9HBn6F31yd76taR6M!srGzrcqV2C@Sf0t6D$c5pg`_6<P9~5AuCMC4utb-p*r<*_
zwsxUH?+2|`$Z3_3v#5psL;Fl0lsWyWUD&Jksy!Vh2ZQF8Q3K-Rk?W&TAT#}7AhI-%
zKJ{$>+0tE27!X=m?ExzC*~$x8tpq>RsXZ~chE0@>oiV`muyslcs!a3~h;xIM#-VKe
zfYN<R`9iOX9|vrG9jw0#z}7m0fq8X<g~q&H9i3~rhAcrntqvD0)|_P*l!RkhxO*01
z6A1yMbZ!ObPFXe%P=zZ$NC;h*|Ll~mh0?3R#)1SkKdfB8!2DGW@wGQ@Y-9}q%`cI_
znZZ!pp~$kyKNEkB@|OiYkdjW~CK&%~=NF%6-0U6SV*vRDTsa8TXG{$M^48w#S$T?x
zyq}19XijYxEkz000TbD4Z)W1KF=EPi!+&4yhWd{)B;xlCB-cNS1xI)@9?gpBq-95V
zm$S@?se<CE4kZ<2C#KA>-OF9h+ix6h)Xv9lz@va>5Tflp7_;|Sd~nfVDdO=}WoCAQ
zMo0!nEUq-#y)5>ZM@scnuTtOXLQ-g<j(R)VwnblhE))maROK6t(C8KNJLr<V)`<?V
z1ws}nEF59Rq67^Q0QRFcFrF?6u7MdV>$AaBk@_jt85DZM{uMp4dC2r$dEP8EIGLOH
z^)q22>1ojE=DT4@-BTbcn^9r8&1TXyDfBDdHQ6}^${%v6c4yPXn~<6j;)FnsL>h$t
zE`74{TkK)5e4+c@^9`f5-QkYYNyV)D>)dfWE2H*~*}s=U%4@Of#I9}Je(>uD@jXK0
z0r#f>$(v_ryFLId6ft@>K8mGMiu<VzAD#y<ODJsPCw4G?lIXe9T*lS=8+G?)39mc)
z)5p(J+gH3=l<U5~zPv-T{S1(<j1bnog~gZ;rS?>0y%WdGX4DJ!>I*<x1CARij>-bA
zrQ_?Wkg5xXK9m&VnKr88E6NFLI9WUjCs51bcj;Z`xJY{82<dF(pfB0=O!~4&-WECy
zPac>gpsTm~KybWS9m?EP!vhYKqJ4*uBCA7`=ntNiET}z=Z{Brho$uAQWiZ`+*9{6U
z5w~~xw{Kc+5_0=6L2HtPrb+r~^<g&e_U}}&ZGCfY4$(BI>qtc(OPWH)(1DiV+O8lI
zT`ZrC+OgLx`y+St2|s4bR#LN+hi1@C72#xoh?4#w%y0^=%;x2;IuS4hxjVy}GcGqS
z+ErIEyo&_4<m9V$1gbf@*f;p<QW1^+0J@Q|lN}(S_2m$DHr9Fix=A!n-^1>TYdl1w
z7Mzd<DG%p921E#}A0j4O&RhO7pE}fA@h|ip@1u<!Boq*fKWU~+)^$#fr8nj6`WCK9
ze}qq0Aicn^@>e^@X~om{uKo1Rpu{0FJ5SH6Hn3A$x`Zg}?2Tp@R(VBCf!nm~q(e77
z@m$A@IGZpUU(P(q{Fm;}9FI|?@4Z!Uphz0>3l$W_!i;LV99+a4qA?O|1cWK8g<BT&
z`H*I(PS+Zi{Qg#2g-a~%lzd^sJwLUQ`VZt+IehylKlVOMuSve1waR0DUI>l_d+A$C
z{*gr}H-)j6*RS<VP05Q=zqB#f{4CL7u;y!N@yXEIb|Eu!A?x#=#RZXoEKeoY9g~S>
z;ovmf1oE(o-g?^@jYIw>b@@`(?tQB9N;ZcRY~zSv$GlrSV08`a>|NZPbhNTAEtP?F
z{?N*}fHU*&?jU}_1dTzEN3_ab8#49L^UnSG?8QUKcKmkk@O&ZYXf-LG19E21f<|F;
z`*m{>{a(t)etc^$!mMPfLV?XO$nv%kQaGN^vU!NCpl|H1H*K}MAbdrLIgQ$`zU;lr
z9k#=x(qZRAle3zJJcepL?+Z2ji>Tl=+oV))Z+97Yq|p>8Lt1aNq4%8SDfkwbc@)K1
ztcdkVNM&zv<fM^={@ZOhSM%=iWl`Pto2T$1j?-l8CpPE@T@P&qb7M3etr8=GTf+o-
zWn(_`%7fGSCik);&9>iVbEPk%O6lKq)AYZC92fP=n_JxEjiXyNyppT$A2TCk&Qgc-
zja<RRSWeqxwbh^J>QI{Q02bJK^Gkrr^S-B2kZYMC#;B53b=T5o)_s-I!p8dZiNb*^
zrZ{N1Gg9mGJ#+w277B1V2gW+>X8{|qyZbg!l~|1fKm+c+c=?K|d<C=J{VKRsUQ7^<
zS~DDbP7;ZPQYgt=(?<(aynA=z`>PxF>Foz^mHR`{)l%`kob)ka&5~Oq1zpjWMPqmO
z9k>PmVdmf~5O(xssnmPk05s_;wL4$O3`T|MVn604{^IefHikOW;EJfUpvlmlP9HwI
z&qYLT=|7b+h<ly9FfW1A$M$8CEa}(&7~m@lP?6i70*0zTO<vmn#&_(SAd58gOQfKp
zH)Crl)Q66DQ0QQ#U7o4wK>qt*1Hemw0qpLj6Snpr#baX!UPY$5Boyj<$GalW=D(WD
zsz@;(X*?M4kid)kG$@!-wr4iwr(R<=D4jl|3}?GexIDd?5j{I>PoSJxKAcdwxiOc!
zFHB+Q?p`T|5<XNpL&0R=@+(70!*eF27is=eEyw_Iy9G){j<!T0bS$UqdRXZbckFsB
zpfZ*H^l3}7;JSNkZ+u1D9GAe*TQ<>UzOrz+wb6cI1G?^Rh7}Fndq1(%r6hmnW>b2P
z_16b%X_9!w{NuSAJ-GJt$-<)d#@J21t~G7B3GYukZ25p{=2E<s9D^SQ*f84&0>-}B
zI7ql*^Ht*o!qox`i3f_>$JbV&F-=4^cAp85iy0eTA2-(U@NT@V8u-Jv{j{b@0ZCL2
zZe#IQC|cWt*_7e8Heb(Z;?_-7Ui}_vO{49vPPMdVu3T$*JP(A5ST*Aa5lh~!zAk*(
zdL%8ohzIzj_S*q9NQo#dZxV}MREHXz^ajXD5RnEy^ilLXr`m5<aYjzw__~ERe`C;V
zQ44wCyjFY}cYcb};1~%5pO(>rOIZ)plXrJKvNg11f9%;7dmYjL!N`SULSQLKUd4&}
z)$@jD2mLi`WJy}6()Ui)5o!3dm2$ZzK~q>lZ>d~oL7m06oZOq(ttLR|#1s*28+YAy
zI9ez*jT*{4XV3PS^D|abtjkZ1X3oKekwB6Umzrm!1gHK|g%H>4=cSZ;`{RO6<%i18
z5texL+RV}&i%q%&9}3?^D&E>W#F7-6{-F7wq{!sgb8Go6QHya%gX0@A<gK}KlXvIS
z@1T2hrrz@lB3Io?rG)2)bj#Dp2Ud<j=@j$tl9FHO(Zn;_OCqh~&GhXgmRE-M#z*=m
zDKHaHG#EDV=gINrYD<5YO<TCi7BK%Q*LLa6kphb~?^NcJIQ-uHuJl}-&j7d1(js51
z#vfP4iDWjj3a+Wpk4YqJyw$_YF=eltq1_8pMnz-&S|2#@F@4+uyGMimcYc<m75UiQ
zs4nK)^Qx5N;(t4Rv-fes3yfo~q)V<fUmE8NiZhW!i+JdZ6BBSzlQg^1+0__(ttoJr
zd14(hznT@WSc9k~s_2As(cZIII!;oqd~z%sg~wBcV`hiOPI3=n4}Ve4co|NCBB03$
z<_V}R9Y|nEi#^ON@eh-f2dZZUU|)YzTNa1^y`!P0Q`47Akef9ijfjKA7HOvV9*-yk
zCBzgJ7qjvX6@%m|;a0DDT<O!|`6R02@sy+U3*$)7gWr+tTxv?=T(gCw`{Fp?nwMaJ
zCk<`wS-L_o&)W;><8-!W!>ORb)LZ2}`$&<fuBZo=qaRnZcvG9s20w{vcGc%LZca0Q
zdwBd6YU)xN^RDe7fB7@#+e@cE&r*4csr7KR_9Cux4d@@TEL1#GdA%IIM5DaG_F((9
zko;}&ckOhy2lAJ8IqQiVfHnyHbpzI)<Td+beEZdY3;ZhCo3Q=D3|KwwmXofJ&v3cZ
zNRb%X$3#_uFa+<XH*FKhX(w~5Gmw*ByS5_hD-_K=RtOes{Paw>{);`B$$!8o!vx$}
zy7B4|&rH-JffX`x+e>hH{z83bv7`<{DU^xz4JAqx#i-s@4$JCw>g)_5mPOib>DPq2
zW(qewtdDH+r|k3BS)gw;R}(E`h$Ey2;U)$W=6)16@e!CzApvZRA4?>ugYJKX>M-@7
z{*{S22qy5|70h>viSUWFvvJVhty|W(SLW+0TggSQXyRV$|I}cHxAfpuUv*x;8&Q&l
zOLOO~1KN2zo@l-Oc3jDB<@In}5xt^LibC_XfthMHD=c<{BPt*;4zK$1!NF^pHr;B7
z#|v>?or9&Pd`2+$Q^(muWLRr!>*`lNKlTt#8WlBO-l+cufS-wzDZlw(>@gE13GjC8
zMtN0~u3hV(ud}*VSwDYe{#%-gxDXy~JqTM)e5z-^0+pBMPS+>x7cx?fea2d+1UHDh
z!0zqbp{WV&{WZZE+txUhd{l_Jn<-0jxYuv{4fM1E5M3L)YG{fKEbKvHO0O$Gh`);d
z9y+pCJJBA{+WO_luB#|Z3^T;xr%R%^F>jeVLdtv{{mWOOPk2aleSb2!KX$q0YSP4k
zx0J@5PgSdAcAJNXYa*t|@bfs9(_RdGrvuZSR;4ys$#WKwZmr1AX^ssE5yQAtWVf3U
zd87jRbj@VCAe+O?-QG&wCaAJdn#R7n&=OmF?N2B#vudj+<Gr=_PE{h)?BALLAsNjj
zItPv92h)O(vTlvhWA@^r;dSfaI@1rA25(1cj!zbtF8|ntsJ&5V;oDc&#Nf09pl(Pm
zcaQCEz}4%Dy}N<*o`T&DhXXHf##*OjteT7UmrokQ^qPHz{+@WQ%9uVMCG{!DD{g(s
ze?Rh#t@0y=dIbS@lx#sZ+qC3ehCD+Eg$XYQPss*^wH$fQ3>#Mc+`dIPLGj#PV>k>n
zHw!H6fDM$nBjAQMl%E~jkPLQO{nq$81zPuqeF6|@J;zJ;(eAuj7AsS+m-$(`>b?Yu
z9!X3z=xdMNu#9O3Wm@c(57jc-C}eM>E=RZ~Jde2h_XcD>>I`nhDI7YIzLzYu<iVE7
zg_!k~HV~O?@DEww4PaZ5LN;`awLB9Ex~r($RI2$Mv~;4R`eL)tTaYIH6xBx#6v-RL
ztPXsU2uIkR4Hhp5+<cuc{fh32S^gZzBPil^(uoww<(+9mJe@~{M~;p~)7V8_n93=o
zAcUMl?hi3$MNWO&Q9nSmIpRTJDU7mIj~kS2r7Fc0JB%S=8z=YZZMfXk%5d(rs4P8{
zjfcJ1_cZk(X90bfOlv%S$X;St@TJ*!(GhB){gT<JXOSYYw}?RT2&P`w9s};&`5(mR
zG$>^OsBor2faUZDgVW8c7$&#~Ub?!1lyz-BLdCgQ_RurBka<xp%&0h3n<4@~Y;LWR
zO*tquWCv&-0%YfYtzNcg0PfDfu;-9v9n4TIYi0Yx`7b&p%&u9EFpz{x?B6q+*hB2v
ze@4@xkWO~x=R|k|m(awaQK0gziS|Q#%qB=F2^fbBuckhOADrI5`f*BGSm}Uduy&S-
z3<)x8K1U4kR3Lh=y16`VA}vNQL9atVCX)5A^nO%Ij?MEMK_7SlJ>kP?2z+bUaAwIf
zDodH>r(ue96GFHxpT1w$rN^swoz0(+*~sqO2BP$EZ@D<nv+;jdsNKs-Fo$%nqYE+!
zU=T53I8yId{Lz;CJeO@fj9nuWoGkpSRp}F$B;;Am+xOVf?E1ocg3QY*`~sZJ1R(k6
zQklZPB>(g}RZnKa+pb48bqYD=vx(!>Mis|@sQyNp5rV_M*BKwn@HV3sbi`(qSOe7l
zb=GFreIRXGs<%32$r=VML7>7WpuMI>2ryPI7KE>F&KL_rfZ%88tFxa?E>$s4WO-ey
z$QPnLCVyiLkf?2?Mm-n)jdkmAynM$f!p-kfSxo?N9^IQMp#W!;$5<sW@JlBH48*=W
zIR?~iv~P)Q`YXOk+yD9_HKAgzu9u=Eg%6VUW$fKbkx!7jcn17tR_?3|ww#x8EnD^?
zN3lKiMRK)*;r6h>5$nTxUVT`nrRbVKZ*On8FaHT$yFhe)vn}O1N^iyv+EI5pbwz__
zThF^jJ|;r^JC5O9{>d!&KQs}^rPW}bD`CTq;;}S{Pmy<q))==SkK9XaBD>Z&_PIKn
zFh^YcL5nO4sRjF`q~YvQEG7f4%JfI;Q4wF=GOA-e*rw26R-0RmGxO6p;xvcNo7X`2
za34s!k9JLv7YCpW>3ZvvzVGP1wiUTI`Z?nV{RmQOy15tnwSX95;9;)$BTvqQMW(u-
zp;G%Eyhy;6{v;ky0_=YUOln|;%0Hc++fAlYp70UCko1hb*8)bwa8|DyvZp_<LwmuP
zZm+R+;w9w1-GZu-lDqW-H0d@RSojTkE%AS{m(pOL{rm{v?ymHC9o!fO7^&*hzzpdp
zivz*Kmg(y2)f$EqchRrv*yCMVM}+!dADnHwFVJ1>-QkW|&`)_BT#X74>96YuKI?Bh
zTh_nkt|(s3Y0pp_<~kNR#jc3R7Tt#;_r<M53B3`5d5pRZ|CY_MF(I34&uJ7=I^j(t
zzFi}}gOxbZo%u#0tNnKhBD#g7Y#Bc**zZ;-YQ{TPFkB)9_L9K$``NGY^HDAhX1e!!
zLeN-=rizpR=WN1_zH>pT?6i7uFlmkY$%x_~?FosqBR_4H!J0M>#xK^&nc69IZ_7~8
z<-AWfi6f=RAy)wwaLG!}lK;S~oUU4m?K)$(x=N#WkqKdn%u&{F+no42`VQSPTEENe
zTNK%hsn3V@w}`m9iO=%7vWFcuY0l2Z&wlwsK}nI+mqYJm<TclH+v55tBLeamlrf;U
z58A!7oc-{lc6Y*hD2GoVT1O~85iiS0=zihjwKGS=0+^NZX(!(qu!NEV)8NJnKwq_S
zSbd~>$wxWG<Yb>~w4bYv;q+t3&tn?TiE2au8uMVB^cwJyXgz=}EuCRC8BW;p+;{ZI
zlxYOuf!FFoJ&xmFU!a;f1&EJN?JoZlgt`;Nr>&G;dK|#*RXMIh-ofr(=Pd(t1sLn{
zRO$QTvrpp4PfuQH_dqR#T~J!e<Xx$rsOa8f#j3hemtPOQLJT;FA=!(?KGR{tDhI=E
zLz6t13++JRY%0#<@(nRoEcLt|J#l?TuAoC5bszqT6JXJGp1iUpA-@CkJ7a&|c0lIU
zF;<G9?!=J7GaJA7`o+5e2V!c89`%D@lGs<U$<L4L)B~TkZnmA&yPxc3==EVS;K1Av
z7XPv{f8jPcf%>3pl{41XaFx&x!rNyB1y=llir~_Z=>n^Z{!}>cd3VnrXSv;50w=+y
z#)6b+TuXB|#4q#vOcSIJRP<rPTyJTQWjj}&{(S@vsK~V*fL#~^ux>E)u4Vd^aP(K}
zf8mS9ZI^lYuFcls+uy)*zQITAdL9(o=!t!aezPrnf;Uk}-_hQaH{%Dt!GPcNk5w<B
zL!jt>%6Z5s*4R09#{L>%X@o>JJ|lXl5ThPi%R7i4N^sKRcgNew{crRsXBG{2+GXc~
zcgSSbek*LBvqL^CTqbM#xozHqHvfCD0C^BECY#@`>Ucp%@&^;*pbBc-V7QBeP}+AL
ze4FMnQncTdK1&6Lu0eFGPzrtqR3(4w2*n>kTFFYWc9!WSP#}-7!OLTUT>o!4qkyxN
zb07odJ4&@s7quy`!VOYg9~gyTX~p>uJ2SJLxAMP_W2(H`@c6v3>+eM=OT<Qg45czg
zhFeAZ7}<<F!z8<74wa#e9cTi&Bc(@o&8d8`7uD4j<^t@K8@xRk+ZZAq<++CuER0Z!
z{c*e$GQ8lQ&x(N+T;~we#jM5(&+rpy+5IyvrKYB4Tx<{X?Z%Css2XO8t$@y7k_qAh
zQlV+3+8d%KK7ykG!H3&c_%B!?nEkAWrRJ?AySG*i6l$5ECz_w9LSvcWhh3umao-^+
zhX*u*b(|ygdy0E4T~{{|!R*7+m&Z>Nk@;vv95i|OuCm~+BCU#bE`le`kq*~Uohbq1
z7U8Gc*TJwZ6;^cA=k?ZBUZ3X&NNdb!NK-CE`IGt|_dD46aV^$GdO-exS(+IQBgeW9
z)%kw6mmj_n#S3hdD8v#vN+Cgd{RKNpYX*n9p<{F5CCVwGZNMSHDWX);#N+e0DIMZv
z;koQXPIi3=DC&qS_3K>=Tb!Z_4#nIjdAY!3iQ>Rb8;c%=iZ?x*Nw>-WjHx3LMmCbB
zP=Pl_>rO8V1~!_frMyev*EyN?Ttq^&w~|HMi@<`<Pqi?BlKgcO-@dw?%WTSzhJ<$d
zZ)4qz8svT}ATZqx*u{`7_NmFIv(3NY^fB!$z)z4#qisD0S9idpa@~=rGxXwcBuFSX
z>I|lksLhGN;Zr2dvx=U%N`Dn(cK0(bSqMgmnjRR8t_tZpTZA{GO4;anF1GnoT*{P2
zr<RZ5IyGa6bHIN8&T%WrHh1n~gyWHIqCNwX<(a1BtdZKGk4adQ+4q*ev?dT)gfXn`
z4_DzpmW=4OK+LB4Uz%7!jEejOVzywE5490P^7&1K=DyVT3_!sOo4Jm(WSmf~vy40>
zn7Eg}dU0n%)AQ<AVeaouv6u^^75K8D?^6WH!Nf?(6d?u_r7C&|-@DWBrdrK*sm%}J
z`3Xz6EjfPeJ5kp%st`(}_pjXKj^W!4EDjLB@`?OuelhZpWhd5K<Z%=(l%TH6Xz3{~
z_ji4&2pnq{6&X?s<QydaJwM~j2eR|V6j*-t{+w{|!hsgURXoKur$fG~CM(waF{?#4
zTl;gH{i~B#lj}KVlKIm<T2aUgvG&zxm`N!{Xe-OByD61!C;zq6C7Q8fdd(VT!!M-*
zWr=^_&-R9$r^;Ope_r~2l`|orFsA`_?m0$%C`c@1ETwlyTT5`9#cIqS^Sq*qPSHVE
zSW-%};}R$e+pBk7`@MgNIhajP`aS-b<1p7>tA<10Vdp~?XKC6}X6g6h(afLLeU$5N
z3DfE}rZ;BNb$MI*aO3<fE;_iy{C~|H$i7G3C^ZyQ=Gwj`a!W%Q$Lc;$iOnVtPb65<
z`*Nnm?~pf2@~t3Ge~23)!4o}$d2)JTs$GMlByPo8VfR>Pv=}i?Hk^t;hR)YiJT|d-
zE%+~GiB`H0-QLF{9m3)cTb;-`RwB=kSL%!3$m7$0f~c#NNjKPj-Q>xAj!1|qezyH|
zj+vQD(M$23(d?aI2+yc<0rt+`Kq;GUep33XP-3haSi9>q&>=`ak(5y!s1abE<?w<p
zLisrLHiH6125#$odNVEFveALcw4$b1NosQ$k;mVR%IouJc#+NKZ#HC`uXC#Oq`X<n
zk8Qa7acW@CP{WU9URdUDduN_ouC;$%c_Uc_|3iJyJa)Wf6{Eq$rO$0>l}jn+9Dou_
zJ!nLJjl<RRc}1jfHvRH&aj-xRGATo7gwlcbiV(RNC;g}30#ms6t(au7daXHTIGSCx
z?(Jgp6RNv`;Vy<HW>|aAvLO@ZWc9lit`QesP}g4s@^tZ-__+<k3af1L|J*c5@k^%k
ztf&?KatSuTmE#u3hJOsT2%KGPR;(nXH-mNMne#u?Yee;16)j<$^I=)hYJWk8Pwe7v
zyfsuGT}!yoVpf_}_$Ju>8=u30%~$Ooc~GbfgMP|Vp44M<g%m2gdO`)4vt(?iJoEf?
z*Ke8)Cfpj`K#LhXt^8a{Q;PCm%X<>>JrgY3{a{#9yij!xcV&UeecgOyVtNT2F6MQY
z#;u5ZiUy(kV}N$O@6LQ?QqeFfuj&Y&tjFS2{f*DIwZ2O5lioW^>HPg<r6w*=sMcf4
zt^VAjZ>&|K9r$nrdw8UND2arBU4x~;gh_F)0z+P>R;a;M+YnKfEGM6f%|~w$0EqyN
zbEXbF1VI_0I?9hG30OepD|rbU@9c!V+U5FM2(j$_|03TqKz1%di#nq?$WfZ>!P*a)
z5q6*ZC)Hbr5=Y;7gv^mnIc>z&5UB*8C$*EOXMQ#MhkrWU4TkM<Vo7|Hy=bFs&)@oO
z8fCUA$c^ccIAx03?&E}rS*17u_06qn8a65L72It_eea?DT;iEt9!S@dQY;>LCocRs
zZ1o75CI$V1S_BSS<fRabs;wkv>4W4ABY~eZrk841nXuJXe-c~c(&sDV2Q$d&ZlS8Z
zCy_|_0cTM?TNfKLp;^<}BTDqBM_Y)g+uCv$?}8fOEB=A|HZ~RhDIi^-r_6yX)7ae-
z*uZook9yJiC1LjK|Ap1w$0zc51$V`){o!^}krL_bUy;wI95)jCURAme2?xjEq?MNQ
z5mGEOKvu00bSK|X8!KR#8q*{hJrRD;_X;}7(aay_!+jexsMU+AX1<jei4@1TL2M}9
zR@SyOG{1Jp@78g_XUeN%XpoYqjqVU7>-(Z;iepf$_=jB(c5yzsI9OGaPbSQ<^a#)G
z+J)Jn4hdXn?y3PnQpt)6LqMvW?ZRSruaudh_?lzg#`FEw>R`TSCKA^XRNQDY#nYCy
z?*9X$skM<jfMgiFqHI3e*^x|Z%AW~;PHfV(Jo0h({Sf$dk0BUuxk{zF`hwv;%Bj(V
zzx~kFi4#t=H{xWKCV4n<q#U0}C)6{sscdr#vW37dkcY;ZHkR;1Kk|E9@lTVs$;>Il
zalU=>RsErdvcR@p2wxqd*#*`pZ5MILEvdv2aWPiHY8%|Yd=YzotPnuN*Q=2fPuY)o
zUvaQ#ydc6Zjnlu+ZfhxXA=%r@)AOg}PhSr=H*eSmYGi12+YE2}{~^zU30}#wC6fP(
zJR7~|^YwT+Jd>7_Zh5J{n#MnIxxX9dE;H5SxA@QfaR|VEC8Pl*)G9?db9lJ_0pY4H
AIRF3v

diff --git a/assets/universal-crossplane/universal-crossplane-1.3.100101.tgz b/assets/universal-crossplane/universal-crossplane-1.3.100101.tgz
deleted file mode 100644
index 02e1667f52303525a8710e31a98ceda3a64396fe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11431
zcmaKyRZyKxw5IXkZo%CN5L|-0y99T4*NwZoySoGr>;w&v0Kwhe-PzyCKR2glE~cw5
z`=YD6s@Ll0eaPbwaiRVj03#H$sjND?xvUb8qAx$U8K*Y8g$B3nR}Fq16>V)EB^?Jl
zQzr{wO*Q8)vX%~xP-lVfZo51;Taey>SjgD2JRNU2EyzkMufbht<Bz70dC~b8ZH9sp
z1$JsP9TGa!igs#u&tX?j?dxOVY2g;xHZnQQPd2qw$K^CUNOp@X=8;pe2$To!O!k_|
zh}zLhyjx*7!^rBW#!xt~gxXV86vKNE7}VTZ1-X2Dod-Vne-H!_ouPSoA-qQQhOLX-
ze|YVE6$FJs!tOTI)IVXqY5*I7S}CuR$g$>3$rM}%5+8oZz(jcLJj+I7`iDEcW+Q#3
z<0BLg&5q`<ugAya_qKA1rxFVH9*eGYg}Q8Ah97-CvwO?m#-vXCbEuRyBZl-$#;I&0
z6rL9nmP!NgUwQS3fkj+keg{fpmlRII!u0z*4nCt$2-V&5e-I$UDJsTvVPRJw++HeR
z$CZtS9e}4U)9gU?aA@D-*I+U&L{7Qde(<VYy+!nlX8ZZeh~48<DLT8dEZzKIR(DI+
zM>wHXrGwb_dh5q1Xt<0NM1KEn$OS?E5cPAb>Gc)%+wLWNlz(p-_~IfF(nG3R<SfHS
zVIx?Mb3%JP)IHLsKMo`8VQ?jpi;##yL&iA-uMn8>`K;>)M=z!DK_Uu+ocK=N@m3cm
zMTm6tgn;l()eWF_Vr-t$UJ7<GD2{o{E&b(cx-&t4q_fV~qjer>5iZRT779WnCD5fX
zzFx2Im?zyqGGibdJ7}B_v)3aqc0Uv#-456i0bUo`uMl2~1hJ@EL}^A8DdVUm2TH<I
zA=dViP~*3^o@f4(`TX7*1*Y#Iw{s+~%@wYb>&5KDZ$EKGquw?zA2I4~fMQTr3UJEc
zc2l%&G9nusHO)*XHswmFJrj&!y2S^rEG`h|!tx1T0!GD3qN~_cc4w@YMifR6J!TqC
zfpx$|oF6OwPo#+w^X39Hj8ZvCR=_?KjV)o}Z1PhZ<##f0#ZJCyqWLx-2ig@adJ7u^
z@qjZqshGs?_>olbUmry?Dyx$y95Y-KFRD}K5j>V*bTb^oMLEJgN@y$Wak%G2o6u*>
zpqFLW0HUNZnt9emW9GHVS@!Qk!h_<B3Is6!&XGq+CUH>u7bwh(>u-X+TMh*JiCZp_
z4kwacc591IvHQnaXk@Fe#&9K%XnAhx-sG<vw4EVuC?XEHU#@V~DX7KrT*050v85TP
z&AdpcCO4TvmNYnnXVagv30{<`2vVbMu%Vvh1j5C@<Tb`viF4JL7+xEg5pz+vx6hv5
z4;UMmquWa=c!=tp8!>K4ED1?Zf{DwR=ns$H-mNl#1(#B+H3RDLIX^Wo%@9t&Kp^hP
zbvOrdcjaf~$sHFjv6`n3NE}73A=DC5qw&uzb6&0bHOjNHe_?{tjIV2k0uW!3yZ1(#
zl8<-t%FOMt>%){YJ}pWz;L>T(yp}P{u<sHkh}+VhAmk&WNC!ly-p}LbV}C0D7;y<F
z5xh%0V8cQ$xJDsu;fNjzGYTV%Y8K1N0TV%Ulh4ZcynXcN`8cMnf>@Ao<%LX6-vkAU
zFE$m^f6?cmUELA({_f~}dA^gLV8feU<YZKE65k--pkJ_0{nF5!<)~@XcsIunwU`N`
zq-ymfgDFpX6Xbnku5n&am=?nLvyHCXY|vj_dYpoqe~COs@quK~V`U|@ET(+?aa_}t
z#C&h;I1>BjV#foq@Ar)~(ls)*YHO>?F5&Br{&<9@--}LPq6wGKlq9BTsGejO52CAR
zxF5q2cVfHxwA<{ro!m=9Zmz~!?SSI_k@Y<ZhP+8UYdue^Qy4uZP_2j6Cb5q{Q87;g
z<0=Q$ShRl}sXc0q3u#(R(8nz`0bhv<{^Y*NZ*iL8vZ;a4#hjn3U-0kbcYAG1=OF3~
zEYRio<eREYT_y~2>=RXEzx=uovAtvLL9I?g(vlx_?X)*<c%u!?Q^J3ZvhE^^s?z+4
zEsN`v5M?1N)fc8=AVLScJOTn9F3#s)7n>l$7F<KCpk6+~FTTLT(VwwRz$7kLNw15m
z5r9if#YFnuxmjpfVBoi-yjGRe_zr#_>>Gc%Yz9ql)&mP_{W)R-)k&_RJ7Wsje{nGf
zg9FIvLx*r|9iF)42R^Q0bHIn_4M7iw;F?3LF(cc?SoHAF2q*F%WPbjm1zlzC8b|1*
zMC;5{I_(O%1YSg3xTUV!PXZM`CTF9R(-`j_tb_Q#?*}j+VJ)xVAy9>x7rt2?2M@><
zXnn+?&i-tfuhL8}8z@gtf1g3XD+q$|lv24>Mrh`jr-y~@fY5I=E9Ym~t1wEb6b88D
zrwLjT$q7iyt}uY#=}L@=kdcP0lj;0$SUFX{9Y=+WLU18gWT8P!2@T-E%d5?Nu8_M=
zV`5(IVmoe@UDb{{Pv@P_SDGxOPfu6|_p~a>O(Njw)vk@zx0?F$NR%iNwzzhpCirGA
zL%rDwS3dtq+-TSsh3i9&TS!sQKJdzjj`O>VK6SnmMsN=VxLg)90T_=Th@ZiUH>=L8
z#sg?Ek#=(Ybd>mQa3E5-)+Y_2aJEj7AP*9~Km3(ylIDni5u?`B*!C>Yud;^-{a$=A
z){@8z7}2SdR65@o&CD41!-j&g5eWTG)G&nppbWb^dDSZ`aT<-VSfCaPrwENt1?&l?
z(`<MO46uyAxYyX+ocoQ%w5tR~VKCx#{SHHGID+@sO0*ipRxmzsPaS{E<y!XAXLhY!
z>P|2`9d1#=dmfrDH8MONTN)kAJ*t6P7KV_%IkN?6<0BZpfn1vP4}gM#zQJ`gps9@I
zH!!T(aTs2ASY=<S&&GLwCNONzPrROQ&BYvyQi10cr~6!4@-tLHT;FQ$S(2!kYovuR
z^Yz4RS9xjN;0yVP^m7MtJ%#{e;tI^+`Vs9~-8#(h6kH&d0eE|3@ScL(aaZd?6Ou1W
zG!+@C!L_?kmoLl>x*sOFW5OtP>2;LD;gOS7N1?iR#w(S}vQ;(6P~DGNSt_<B91N_e
zF@mD9hoBST&&DqGh|KO?E#ufm_*DIOB^PLSb2dnMCtA7a$kj<E=Vmex5g86BDrJAz
zATZKjOSV5<+%p%OC$k)%;9&eZ_g5i(E(x!0!-WOcO+}s=3f~F=iCG(U5n_;r`4p!E
zgf_KnzfdWapPuzul$2JV6wJk_>J#G;2T7b#uBwoml3h&C)tT+$)v@K{ebGbgRQWw*
zHEC1!mh8-meGr0VX<9_ev;PFUM5_kxx4s2EWnrZyKeUn~hiq73+%S&E-hd=`f``(E
z=R~XCJ9Vysw1Z7)NK-}qCjk6cV{2><3hf%6EDu)1{rh@s2&}4(iNeo`*}vfCBL1MG
zk>9abzaDMv(7Q8Bp>V}p`@<)^lE}Q@vbI5|lD>?K&FGNL)5|lRb8x{=E5Mp{_yCkn
z^WEfL=h;RCFYXrZbuiajvm<e)L3+lEuf3<ngUdO>%G;+HdNTQQg1*lLcIJy-OI6e7
zjj3r3P!`SD>V9}Mv_-zNQJ%SZQ-IZ3&hE}mTP(9$$P#`&vkbo{6c?>QZU_fn&YzFf
z8o437Pt4Wrtz69su0Ouir6|PThLr@r7{Kh6Aim3+??1&iJ$IyXnhEY_E2(2|Ifhc{
zAbVdVGP<Lg8k92*8iu^vDhA;8+)4KjcD@iYo_gkY3!r&<W3b+2dj?VW)lLRV4bydk
z>!BlekRqq{nm78wr|!gHP{BsUdYvX^XT8`CcqS9zz^^_6*1Fbc3;B2~T#?gl=zM3n
zMCwgf!NE!7QMaeaTp>y1{@Uc@_CH@(LsDC{Gz<0U=`wg7iJBKgFZ5F}c`Z#PI5RXz
z&at_g7+=||d;1bKO1`p<BaI}eDvo6Hek(%3GE|dCVC9nj;LrDvmwR`MXS%Poer;7U
zCHV{OWzDax)I_gX#A9N;+NNyA+ID~!+H6YpTy=N9pUacaud#090sna9irWk)FDK70
zU88>^$HMN}wPE|Kb9eABp{RpfgKcw7r^?p5j$Yh58Qh3J2?s@b<F?J5K$nRI#KiLB
zE9f}ESfl3w^ypQ03jEyO9)TDu=()WEEIdKyO0rKii?7|S&`2WpS7?dwyv}zE)NgaQ
zAEjX)jl|isD4B1XBprqO!;OL^SejofLeS%D>mOY5+ADeZE*BTz;^<UCPMgZgm)MIk
z%NVQZE@>XP*qiqpoG*P}#ln|wd&i=tU%E@5+fw&cp(4!1B&%UeNEAS|et4<lmi9P$
zap$oSbmE>zg}I!I8kre@g5z86OgGTmrXvWf@-O`YJk#;^fU556-sNjYmVZx$YsNRp
z+rfO`4BhTf<U?=X(`I{m#k>bCn#2gc-DdeGtlatMcevneS|3Dfq?hC!>jS0N<Ba_$
zV<eF_yxuOP>0#jYHA)L|d3ovh1R|}7C{Xz7WGUqwjuIOt1+OU6PSvC2tvY4|8{E_e
zi{LRa|1pe<z+h<S=HRRKZDyN`<?V&hz-diXuXg4(sPDT+T)_^!lqdm!fsS7L#s;ij
z0Yu}eCqk<xM<$`48s6u0o#p>qiDUHBFz^klWY6>rKzIi=gRg<F3buQIId{La>I@AG
z5nX%^=3~cMTVZS_xRc7SA2VL^5H)Fx^v=m|-`q>3cnqbX_>zu%K&n6O-j2NP&$Lv(
zHlBS^mG{`=Jw-W{&GCO*5_sD5>+)mpIeY;h0F1!K6(A713`%Wl|3+|sUA9|2hLXdX
znlo`w5%f4d*_o}=Qh314+Q`5uWwcxU>&udAZ}e_ja$r`XOE<Rsbac2R=I_4CSlp1j
z!L!6xKA?#Vd2JZ@@LmfXPMS390ZkPw_&`<YuJQ$T`HrNAW+1*$>5gxopMwGaXZ9cF
z>5(ujjHz|%f*&Z~&_gR)Fh2C2s9+mbnpgO*ckm6EduCT{PbbT<C$u0(ON_fhmFYn@
z@MsX3@U)ESi6Bw85K3IKt-Z$?%q}%&alc-U%i%o}`T;c``X2i#u6zcrjq?GW1jy+g
zunsX%{Q{giF94^ENd&;6-(FOzg^^Y;m941S@FY>O%8Pq%1=;f_W<?Haao@g<p)2aN
z#I)%rDzuEzPGgfSDVV%jFaoc;R70o;O-?Ia3v>0bio_98=1$?YNk~zUm%*avg4j!m
z-0Bj{@-4~7d5xInwW=7JGE&Cw&+i5Dm}N+&EWT<z#b2UHm|gzDpY!b4h-6T_YIN@(
zc{GnlRBs5&BlhF)Y4_3(|MaMk5!nxwUY4jx^$4o?jM>NLA7`rSbNkg;CEdTRPF!l9
zyp#X#wpqVf;x)hqt9c@v5v}s#%}?F`>#=6X>blzBxMSY!`%0Fm67*75J}l%Hp4ln*
zB6a-auALUu0>WjlJOrcbi9pKl4FfN8u{Iio<@FW->oMFyJ4CR4AGEZ(o)0uu3HiNU
zy7R)4GbeWaO{t$xsE>0&@kwZ)`$=#JXqABkp8*qRa1YQ+UFZA+Lffa@0Tl_xE$&9M
z>Lj0)I5lu~b>UPf2m5*jMk>=aBo4FsoIE<PVCNXP?s6{opN9ByM}5@8mZoN@<kM;u
z7BdqFcbt{fr)3&#c+>*wf|@FjA3w^+w(BSm8gQ5ULBD)rr#+iKLAJHyHN-{ZH3&6D
zQ+yw6O;e@zD{x)sKHDq3?BW<$guDJq;Te9ulG5W2<GBwLwmk!jG$gK;vK+`{<fSj)
z%}ijxTc_@~#vDp>iIt|;(`Jc|SmDP!$iep2Jt)}f6X!YUUK05_at=Y#u0vN=1^$p8
z*EG?==8WH|5({hK9PA9aU2A5Qon@)^;Kb^o9Jg{OhjgduZynO>%xkX$^t&%nzG`St
z6qeo+C&9HpI!Epe<op@W4%O@@x%`9W5Q2B}T9;;Aii-Nwvj`0e$w`aSD?57R_sHX=
z_djB=)A6Ck|J}SgFtGihIP9l%jNCe@qLOG-VDMdp{|kS=U*JQ>Mj-#O`13_&>U4|M
zC3oS!nl*R$z~a=;SIKl9JA}RHV^yT!`(jXw-RKmYe(xE@U7(%V$7%eRJ>iPD{f`b=
znym0F+}c7G!b+d*R(!G7`D2fiLhv`8hB}Ya1v<8F#tH@5a@Ps?#No%<s9nsInSiVP
zu%6bUS&PCyYlV4gR8~!hZTgd+lI-lY!A;R8JBc+NQ#VZR5jqi)4;dy>72{H-U@hNo
zcUlq%c^5$q{-d!1`xC$H`c^jU=WM;&b1Wb5vkK;WChWcM?&p}>M;YUqfMvwz#%_ag
zt;eWs3f>C?=2Htt|6+fjX$R<A6<HbrHCAcrj`j>s*Gtke*PnlL+xX^J=#P>V7%P-S
z^}HgWGd+<6#J+*kIb}Zpmn3J}@8AdTM;-{dJtN9BAmFpvez<tMcVFd3Zes^dH|*X$
z>f8Sf8k>DuDe)-RzUi7ZHT`=*z;`xPPBF+E-n20r_F~Sma{QgM!fq<UV}3C2-4i5(
z9?aU6Yu5F2aKr~@;u7b~X2(VGyd*gE4ZX`o&MqZRdm%ZsHzT$>I_c6QOpqlJ(wsdA
z_cLA0Ioyj;W9eL^04|$=-U4WWJD^zPNaqgt`SSn*zE77~02Bm~0+6kKl=-8k$22#;
zibi<EJ)y3d?>94o!dpw<jK@EgOF%Bk=Wf8480cO+Hy~0=+h-7nK1E9^;J){8Ti6Wi
z4BAlcq|50|p6pLkdCbz($e0B;c^X1|E~x_9X}J-M$!p_MAv#7ty^&X$?u&zAV>sG}
zPO>kXr#8L4VfXy1nvoS3qJK+K?le<p%7j@yby?L0u2T^n2Ci?(PG9^o<?X4}h&oTR
zXfg*orJ}D}V<&yCAou10?KD!w6)){Dx0d%tepx5`?Ky}5dhaK8_X*%84_Uz17U=2J
z*B|ySK7aLxZOc~?+s!g$ulL+!V`gpyS_NCr*Vh&@w%+bHm4V_+;Mk?P?Hc&kdJH}T
zH~zs4(X!tY19{d{`hIpOs??fQsYry+_37HXm$J)#nP`}mdCW|%K2#WNS0njQp1bh0
z8NP*mdq4XcxwQ&X@l*J{sB(!_*7=r07w6*;Yrm$@sBKY?K9c7_2c{cSd+;?;%WGOp
zYNW$u4(rUP2$UXl3~=fAaTBcb1G^oN`>2DCl0zL<OrbZ@wd<oi>nQY4!O^oZrR=Kn
z8!j&EgdM05t^s_VHr2)>_^+o5wDz1mX}=)1<&&^!#nvMJ$!GO+?h8*d#f7pI9mZ|b
zAK*yVHHi#>?vzyA#}?#?Q<;tZprawAu|dqRr`f*eFxG(zmu^Yiw&X^5QYnsZd7Yw^
zx{=lQtZ738%`v=^AZ5(O_W73#;WWb#k<)oNRW%)qMWi0yj&^?yl^L6g(aD7l`6{wD
z!h-F!Vre;(B_f|bMy&Y3Tq(y`5Ua@NT`p8sNohtT_~a#s;_uWGNxgBY-@)o34suy+
zPmJc25NvslfH%u^yn1z7P|#(Lf53ID!i_3jj-INjj@$qSL6cqC%AT$^@ib3o>oe!A
zt%ppQWpBFN({JvmaL;ol>QfIr!xUR&YkNGymg?!EsZac8HV7o<T?N=6yBee)-pH3~
zOz8<UrwTs_Js&sg?eWX^r5nFwgxl!Gv9?G19$<?P#4fT@wkjXGFH^T@BAGMV7!XCZ
zdERP;!35aR`F|4VcIEEh`}~mOUJ&WE?x1tgZhK-ahH;`OS8HhrH!z>>VvRB<*Yfp)
z<hUZuS`}}0P3#IWqAJVSq|HF|xSqkc51kq$_U^$$IHK|s_7)!TH@j|&sn&qo!Kr8{
z7Wy%3x|aavV6uvEd&eI)X=YR0qb=Az!np?(DC%z9%=!9jhG7PV8%*eMScP5PndqU2
z!=Gw|;*zjuU!WyM0xG^_p0#0X@C0y)lk|G582}$SU4^&&QrfMo8t<L-rVSt56CTN?
zijAUW&;9AuPvXVj2>t0NE;2n#TPxpFyY;D6%9_pl#|2gb+QU7b(zQ2+9eh){efnOl
zsmTf*5*wRSIgMF4WJD_3jXC5N+L7!1VYMIuE<h6AJ1DaUxq}%PH3ItqyJBE)H{i=^
zdHj?#%oY;}NeRe1>ZE-F&94>_bOF~cO@6>c5C{k8&Afqn6cKs61LI+3^`4ySJ7t(l
z-!D(M1oX&}Z1rYc<?t*ybY4_eI<Pt2N@?YZ<bF0T@wftcfxtcIZm)q@k_R_%uP8?F
zi$4MX4`Ft1hZ|caX@EWJaR0j^S}T!mpp+ig6`#wQ%}6eR)^X)xePyEy%_@uWeeL(n
z^X5UfX;XeT=kCf6fjB5RQ3sxMCJVAUaI-K}uxHgp1`eY9Bo_RC)zDxVhh!waiBn1!
z(}pVYmR~WCGG>GsoW(ilhfOebu4fJy*K%0xlNq|qCtM3#4UncyPj2=mM1Wb1HQ^Hw
zyARv^s26=YG>I2|wC#4CZYVth_Y!CL5U&T6o~sd*;^DkqNodm3lQX8GR#)+l6*UT%
zsh=|4)F_=QM))mZf~K4m&(6=!A8Mf;_ydq^LrY6s)04dks@w;D++m)Yv#WG>eJ_Fj
z<h|x@cwgE1^~tCvPHXp3zQk~z=7)BGrozK!#~Ro%2V`$ZTGZFq!zUOB3i7*q*n6K}
z_NI64^`EbQBQ4~<Bhd*9Zg{33M4OuDi7j5_TNo%MqN$$XE<_WXXL9#f&@BD)_fJa<
z>ras7Lt_Ml^xvMoI^#&g-`nzq*X`cEJ(rp$5dHez!Fv2SZkozK!Ex}G{}-!+xBxlj
z4M)eV&>a*@%d}}^SYVvFkxk*bym7X8lSg-!eu|H5yp8$iQ;W*(KbF2(OCcL>%S5zE
zn~g=p)lWo?U5RR}^zlH02tk6u4{Z!BNL16(z0OSFs44Qq3G}IPI4f>H#|dkdw)}2Q
zt6hF-U$$tt#DX-_&dOO%$`GQ>`3)^CWl`M*-PCzhI_1zoFdREty@p>U*UX3i71YjL
z+`9<0zZO06K7yO7SiFEX4P(0WChv<3I{8(lKPygCN<%C66D5v|r*z1>#$YaK0eS38
z0a8<Z^N@MdXt#=JSC-FcmO1D>k3ygM&!Ea&bJXCg3~afZ3;nLL_5r-6;EOGwVErp(
zbG@%X2~yRL+lE+-+W&+6K)+aO1LbHPGho%fWsR4QqV%!UukfmQG!L!rx!JLd%3)P%
zsSO=2Ax~@HplQcI>q$?0qt?K`H4+!OvAa)KXKX5fURUU)#yNxKQ%pHo6$kb=Kb~7z
zE_r^d@3H>S2u@`NbRloam10Ov_fi$savUTmJF7JIurikW3>G9vJwNoJ{>1pLM#uYo
zgI`WqgD>Y(HFA8CkS9bpQT+JCfZBa7$ro03yGUj*gE;8j9m%2eLiw|03p3Ro)vflK
zDm>ksVw_U;x!tU|1}Y#b0BbT{#<jz}IFMM4F!zB54yXG!)DWF*`BY~+>zX|bIIEAV
zoP_B*+3`CYD|KvN^LMfPwVE@8Z}GF_@8gLdSnE!J-@{B3aG$5hj-~<F=SDXO7~DGs
zv}E4UynxpKu{oi<%)f3)MNyK_y5*ED+<)F0Yind%6CK0?*!aI+l-RkX2N+3IKn28?
zsH5@v1%9CeHgzCut>|Z&!2KII@6~ugL%8LBGZbbYIx8fJM$Hbh(Mv7>wluCh&^S&L
zR4;XyD_xH2q_@+FI$bL9P16Z7ss&Xy4n&}WG<x1Z4;bEcH=rso_`e`Xg$mHxqZnjT
zWiLey%TOnfMYSD(A7p4PLsY<uG>bLs8ZP=^Hz9GDm{UsphRqj<)Tt|YGMf(FmoQOO
z`-aF=uc0_Wx@m?7wG%iHa#we@?)bA;5rKvHssC4^F4hA(+f@lpe52}<lqh4=pa>!#
z9WN>Y1F9><VPn3QwDLlU-2_IPWMsB~NT0kS=wsBIYCzDLtNGn^z%;SHZR|BDp8<dm
zEh{pCeoy!HCsWO4!QSmeFm+2h<F-#_(?S%%dTuo%DjdaRJ^0y{LWf+~?tIE(kl6;b
ze{<Jj)p;iBS?RRBU@D#fteu^!dH`@+FaN)$sD=-^v$t?E1~wh1SWk`h^6yFu<8-nA
zos!Id6vK=@Otig^0`W>P9{s`PZ1s^|h?6JqTPrTWcKT#4|F113J43I9fZhv~-ZsCE
zrxgH>KS9I31Mq2ZJX3wsT+D_Ij&XuMoc0X7z4@$NTCd2LL3|$u#AND@$>JX}?exUk
z4As{~cQ`ClI!3bE7j$mGa+la)Q-0r_W8>oV-yK%uASPrAkIO<qh_PQLa27@d#SC1l
z0%BO*>{XfQE&?+r981M6`6Tc;bSwd@1MiMtjRIcASJh{sntXE?r}!6hR{iQi@~tvm
zF9RC-S>HHKuJNyXVI8%L)WnKZxs{%CxxR1xx*{trZ@ccPVu9yYhw2YSNR@^QaA#kE
z`6+<+n*5YWB?w}yB+$}d_Rb>vJwWZ!4f>D{`7d&Y$LX~@ObZfz`_-??Y1xD;&1efH
zSJS#Hpq0@?;1PtN1x)opwyoYfGjGnGKtIblG3XH>hF*TT6Y6hl;{CsZoZCHaKwx};
zd+8s)`8w{t17rs7`3>ETe>YlThCEsYXb3z3|LThY_n9D@;TsriybnOO=^*Z3EF+$r
zGbF39A*@B7(t#85j$)f4x@h&-w+$;s6nniNBU=kLQ73MoH@UM5{hEo#sosn&0`<4A
ztV3>#)`R9D<Y(tjH{iyKrCLH-BsQKKqy4fC%Q$@)Qw|LS&ZSV4n@B;y!}`CcO5`@l
zXW{Pi>F)F8?g|gd#)n4b1^N`%1_gG_J_p?$YwnM~g+I7+PIGT$8$;F$qm+>b>ysk6
zJZ=JY@CE9WxsletYw9dm|H)~@SCXk9vimLF&Png8Ee6}y1gl*`GxbuN?@_}VsBM|b
z&`iZbc-<Xk&V}r%I*E}9ZNl^iz68($&#BSAf8}2_X5`*n)TX1W;HzbP8efJYu3Pne
z$i*tiDrw}GF{CEDy_s8n*PNYer>Q+v*3wbY_Vx|(2v8@A%RF;E*E?OgT{y<M{=Q9%
zW1G>1mpM_SHBmgDDN)B5x3DJkbzkwTeDL`Gmd5F{N;iuc(BN~HmNofa)Mxjm0=Vn~
zZG~<{W!a<cubH2Ju1uNcCYd@Yt$Cu~&Pm)=TOvV>DR04_{#_7f^$jpNdGKcaWgj}x
zj7%O?h?^0@IzjaY-f2-W>UjdG_5$Y3y`5tKIJ0$4P0`7%X?(W=HoIyhP~+><X5J1v
zRa*AvH_SkfLO}BpAUwOgblw3L)jPIGkV5q8&F=5APkX&&7?EJHRVc(D+_@$fHC_MS
zo2r=4-$GPe2?uD(srwWZ{)J{He3GGSCK)Dceu+CjmO}|uzD>LnAPt(kMZuD$0OV{!
zd~t&xr*#7v#X{jY5#{2)jQV>%L)29x3t0L7%Y>dFPuMU6UAs!rOWJ_l6{+(b^Qtyr
zg;AO2_^k4fwmGyaB|*JsToohmx-*$Y23E>v>%;2t>c5jr=QD<QTch;L#80OWp6bxA
zU1LiF5rNx2G(T+g7tQaCi%Lc9_x>UOPlF86%>?j|mu07KRUjADePA$52?B0UXZ5LC
zXU>K72mc@4Vf45WHhfT}a^>*tkZo?px2u33(>J^y>i-oWOb`(X;^Wn6KOPYVG3B!5
zGD%(ZUv0HN<=2_)=Jd#rB7H_~$)xjzNhvMJy24R%LG`=sxA7Do;v)4GPWY_bndh@J
ztZ=1PN`>|BFa8gL$kya+qx}o`U{Oq-XWJOrD^UrhOPFQDDMbSWN~7UjB=|n2BuD3@
zreRW+^6qP$h1hPGuv8MV@4&f3ciL30kf?FMV}IC-gkwae{Zh(BXNG{4D4l&gae~r%
z7_uDVkjO4eh^8JG(r~>A9l`TRVyz%APrQlUlXy$5r1b+%Y41@sDXJEOGq?3XuFP!3
zoP2TRHXk(2Uj8y;|H)<G58my`%X_1hlEwG>dgf&%1uj0cmP0;R45QQPm(uZL`_bn%
z$%D*rQ!)^Ci9M>2r7n+6V_l)yD>Jh&D13BoF5QC0HTH|o7i|p9Fs9W6JVyks$QtR%
zZ|aWk6;5cw0-u%p-^YSKMGZ#o;@xYt8qK@Ca;>3PPj$X0f4?F*oC3ey#NAqpSW<Sq
z;l?^g-^0J52h`RH2$JQidp-sQ(jAS=z-eY-&cyVTikNCLEjE3OeP^`V>ak)zKAqYq
z0J;AQit8R_Mn|nLH;i(GAps*s;|CJ!YU8w(43oXD$477N=+^~d702dz=9KiGHnqvG
z2nIg{;~0>>L+-6*4x9dviW1!!VkBzKVN!GrZ7;oNx@GkLa>;Ous}nQvQJylTfxD@?
z(t9o~>6CF+K4H%_di>6kDyM`=x}Yc{9iA;(6TVGsIV9T%Gqj!ckbPuKkpTO9D{BT3
zfHBx~d!PGiuR&JJwE`kn|E;wUmyr}8Z`uFOyYxk<dI<E7m^|{ng6$cfRWS-0VmnwO
zWCcI{^9{<O)BX2&ekC}VSC=Vgo(3VB<GP(e9VL{&xdtidZ9&0hzs579nIY=P7gre6
z?fph&uqO|WNt`&%D17XpWXn$%{K2N>FbF+rySF#GB(eK=7Tl7g=wb$$<DQ(;N>{?J
zR*w|0Jz<T$!w(4KyH@B>JN2<52*f|qSCLokQ>x%+RNAVKj9peShtHeW6NfEKlQdS&
z*04}5ExacFb;YofEK35<J0p*ZKM0$%BDKG(zK;BP6DJ@Kq~V1Bxvqp_EPsW+lv-XQ
z-i&zJ!R?B%FK}vBZN%kr%;(bul(r?OEwZ9SJj`!p@rJ~Cx_aogZ6&1RfBpyN=X<EU
z*!gSDtRL?D$t!7<u_Y1a7cXjuF+6(?7RbPi!q4O%X*mh16RV%qbu=8b;GFE3>dVi~
zP3d&R2{uVctr-RgEKo=6Pa<+VdHN&s9E19c$M1r&;AFEkZSn1y6P>E5ip)q=H|nOD
z=#6=6{?}WvTGSwt=LWOjoUF}38*8htzRZ^xCyKgllc`*Ayx@&;6PHx#WQ+x5sS1O9
zl&GIA=^fjA)sBd1>}$aMW?ta|8WXc=^VnTVm*ZV_QETefeZHxqigoZbjun4+vWe#;
zZ&wAJN8Ilt_olJY+T^^*@72U=^|Dy_+;Wz(=9SJ>wA$tlri8f7lbn0UkE`38Us@>j
z)vsBCt%;2U>Y_D?S2()R+D80n*EEyVcp^}G|Ab8?4P3cXOYq~eGJb36*{E^YlFj2B
zQj}{;H%DN)#}8<fR54co<h!fo-RdYa+Vr`rux0TXgH$n7o+{oYzgGGY&-hiVdmbcb
zpB8`BDu-#)<Nn%Ya6}rhjlJTs&9T2o!$0mWv-(`LD&4socS9nq5Z<E{mzeOk<e@6p
zT}xz(WRh#DTR1t7x~bJ5!^q3)P*+;~T??sKV*t-e&o2M%ZEB-jv-b?XnCwWF`RR>@
z0tPdRJZU38s1W55>p&o{mIk+9ft{M~q2+L{KDq~g@|Rijf#thqsTgce!zHonC#3ts
zsIH2^o<q?}RmDFl3dVSRQ#z_v(TOP{!({Z}9Sv+Owa>Au_USn<sc*5A>1^{yv>!v}
zqpti=vCw6Sptr9OWYTN$RXHS&5+!Zn7_-`)ZHW-rXI7iBV&<6z5IATJ{2x!<(cU$c
zt7SVY1P)9ljXe;RI$ZUQv^xnmBd*p#5`MHHW;ksbK199R<9bcZ7C7m0ztKF2WUZ_5
zOmW?Dh>DYRrF9GX^5FE<J|D0t$y=p?nD>41BWwRaZEhvgsn54#nlL(~5rgsO&kR4R
zWRz+q&_ufb=G%rD-SLl@bd8p^NX@8GVk%EMW(uFi);dP!B*6U`knZ+{^*13*A~uJ=
zl&&<Zn3li^*1}(+E=P1OIn;*FK~IMu{sL-dB3OImNN4|bo8=m0%)g>+ES6L5S&Uk)
zRU*2cr!qnBwlO{NqPIf^8sS-AK>C}!jhXWnKGBx0Jeq!qHRUL`k+Kz2_C=NrmjpRh
z%MVqPZ_U30>H>01Z_z43Q6f_<F2-FfwDQ9Ab=sv=zfpcg9-N8Fcn3yqi-<`P{^^cK
zF*fbx7~02I!1ATeB|t)QM(%I{(pQL43!idgH>dd_arC?(ot5S|kNQuCyLZ&h*lb=p
z@E{?buX9*t3HG*Wpk)0(#_#{v0ul5)aXq}eUm?8RFYt0`4B3IA(Z;<zz1C-%{CL2J
zpNKOHWz9$$d9^AdGmV)C_kO}lRM(68&wta{h+_}c8E&dwT$Yy=&(C?0csjNoWo+?(
z_tZFQM}fX?;>fF{9&N$Tlo-xV_2}MmHn#if?*+dPT`Pzo!CG4GVLLEAbR<s#ZASxJ
zjg3~U*s;QMgXw3-lihVFPOh-`ZM!z>F(?(?box?;ZbVp}(*)Ff8<~xVesFtwaYp`~
zGI6k_hzZk%<*I<;@z=~#G<Y`~ZQBF{@}~E<m~pe3QYD;Ob(eOMji!GJe`T24&6yZw
z@wyLHzsA5eb8m02EHz&ZZ`F6)V)_cThY~}1#=MtG3>K%eZ*np8sP*Wk6E9)UsU?Jt
zRa|Rr5pDfPF71D1&FkntujsFjp!4-p#*f%3FweHyK~J{)Y7${Y6=&v-X@jR1A?f26
z`QqB)VNNflze!!G+y(u=f|~pPM^I~nvU<ONwHMMzQW|=|^y_Ibs%f>od;jOL@yu@=
z^MB077P3!e=J`%<S&ll+OAUxxv>tX<&MstfeDS>N-?gam_w3mCN1`N-ES=04T1Z!E
zn2DW3of)&@tZ(a#=pSLGHNG!xkcM_UjI9Z{+D24c*Gv$7Qf3sMc9Y1xYCSfH$(*-2
z$jkk3K>W_AbY<W^`M01Ve@gyHUs2CofgS&HnuRL9#I6bYTVl$I>hd{Cu+jLg)vn9k
zR9dG_9c2q#wp(F({EI`+QpYou%^GdvdrZO@ueG&KmJWf;;UPUiQsQ(p!>NMOtv&>y
z#hxV<^SR4X78)_Oyuj7t+6ysySi)l>3QlTpdo$j6_y4lc=9QyB0PY|WkEO<cv!d(`
R_|HiOxT|2fpv<75{s#*K(Cz>L

diff --git a/assets/universal-crossplane/universal-crossplane-1.3.300101.tgz b/assets/universal-crossplane/universal-crossplane-1.3.300101.tgz
deleted file mode 100644
index 13dd78a4c9fcfe385b6a3f091e120cea934fd45d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11623
zcmZ{qMOd9p)2;Df!CeyE-7Pr5Ex5adpuuh9?ruSYI|L1|aSssO-CcrhU_U?aH#>vV
zlb-aXuexeg)m`gj3^E?fe+OWMVK$Td!eJq&%%|in$ZO86&0(p*Yp1Uv$fv5U&8MvM
z?W>uirMITK(<eErZw@eL{->_1Lo-`XzE^m!>hiRcBzP5QY5hX-H7uvOZBz#O@{@G?
z%7Rj+a+BDBK{iOqM8gKpWCjM!pojK*lzZ%!12|J>YB`0XJ+etmgMqaU-_qZQGwUhR
zdnDZPaElhHw*unW8=~1%bRFDyNTBwFxzjtJkgiX6pt?n7U~`l7?4<;}xOsVb_uwNe
z3_8Ah@O-!j;JSQ|yJ%?*Def~iempZ#KV;G1$!JnY*bYQs1V$jB9{oI}q=Z|ebzALM
zO62T?Vwn#}hw3?S=8v><f2YRVq3n#4<%#n1%9&&n7_-)Ka1V!%72umcr7H<BzrnT6
zowh|@^nW+#a^JMMetvQ9<3BvSW<f)6aw<Zxb=oSH{|UZt_KS&2!7k@DGAfKLTvH}?
z{5pzMcjywmAqSU&<+%8;wxW@Z0_}tbrMc+ZhKif7ktF$!JjV=rxMK${Rp}_hcBVHE
zjsT8PLbzSpxxO(Oy2uN^$jbG-`qZk-u2TbO>j7v1Z^{a9<bmp2g(0gK7e`L3qIZuT
zk^aFg@Ir;_0@(sOULI0eQxWlK#^Sh}E<w^3;ccc-^f=+<gaX!!1O00*u!An*BD~~e
zgnl&B$S!(AQX863F@;WMmKklg_rr)J<12V!@o2cJ0TSTTp}%oo`6;M*BpLBuq_*06
z{IUi;XJ@oMBZng?K{PqPzkIB<)bktsQDqt06a<_+UlwehUxM~SBc<Vzkh#NHFtAa=
zaTFl=HQ2BWlT$iLi|z*#?WZ^Br*}Vw50;*lo4;R>Afg;Rl)~um0jBl*4C8<V$cY+Q
zOxoKM>l%v1{)kzaq8c2(%TfIk_M_yciyzrLH-a5GL*#ITyoqpUm5@N`l-7m>1P?Nt
zB9wIf(CtiDDu$f*z1iA%HSh@8a)NA6W3Z7a6avMt*Va;Aya7^!#QkKleJ)fdyJ%#l
zs%m_p3Hf9a@Ds5^$>6_UN>o(VClR=&dlnun<IF?&EWH@!xJC<6#9efv);MEC-a59y
zPgonTCjuYhhAfkh(yNwHTbpQ*+3JVu)y8HJ^L=zOl~a;->#=W)i;<PxcC!sjK`;R_
zJN=`f+bB3oVyHN59KvNm-!||XD&AvNmeRCqG<J&TdSQsOhQkoY!{8^wrbZ#D(HKl1
zTS-sE!wo!<(qajJMRLyOz`Qlwl;4BH!BK{TVOI&CzPyvXV;(3ZxqF39+7~545=}+H
zXOqw^UKg_XF6kf&-rX98`;p|MMDTv*d$W2l_;*SGguYll7bGPi?lei%P6wN}WpPm`
zo<JX~-ou-g1R_Cf`mQi2CKvb=i$+GmBxF62@UtalUBNv&G@1Y=_a$DH=0IvmXJl~E
zI7;b|9V4Myz8*s;t-}zvP?Ck{8m~=2vRIrA(_PsHO$C|IH7V2yQ7W+5zR#AXjLVSv
zv!xwIFx)Vl9D;c?D<y1u?y-=8^ULk_X;X@YjUvBCZtERxa&`b3i~#B`jAz}|H)MtH
zck_q+{AC$pWci*T5$K@brc2A#%j3@ZXbIC+_F!Nw07adevzZQynEo5*jvA(1b@}$J
zr1qc6usm!UjDCu4!!o%YwN-2q`q`8WgD-)7ko0TJ=b&k|qM4C}1p+b^8W+$PW|Cn}
zdkH}&b)}8GeDuN;wrO>xjwgL}*G}1DWZ#{4V_|b~5S`{&Qyu|DT72<XJ-Iexe)D|f
zJN0R1GQ0J{!795!-aDhPtg7gJ{9j(}Km3p_XR`uWzb?5wQ^XusDm34Byk2x8mCLt}
zdBpB<>G$rOqS`PU4qFy+`->>h)m0es{#>rW@p-7Ks10BEg<e0lmmz>}-Qmda;~b*1
zlJuk}{CBpxW3={mB2*P^K?%ZBC3HQWb~d`HW?!}|AUF93@iX5K=E_dqfv<OabS|yn
zGl4n~4gMKuqcFAT0I?((EqsTlNogmxIw1!A&f#oDOLX>ci~8d&1|+ilHDQL1|Ap6F
zM|S}B#yR8#fr25m3fh0mFD1@GQba0B!$5`s1bDf*LGJ(TKkKlAKXQ?5orCl9^T@!U
z?~jnj=XWCC%hv%kvLRTUOee5lmq_<fw1G>8=*lGM0rOtr83@^cURVR*_<!a|oW&o8
zM5E}Y%s%6aqr=~bkfGry)0p`3#D);BVR0e`>5ah3bmK9JstYTO{yU~(qWBOmaInC{
zs9};DKlt8!i8ri60~;y+76dE;LF0_kwVIa}V}a6!6odNB5v{<s-^&pkF}&3kFBHaz
z)xL@CoK}zDBu?Tmdn;$MY5!yd-|&#w53=_H242O0cQ2B-S852@UGf<bINy-+Hf9xl
zO3GqnVU=G1=iFTb+7KFYDH_83k75c(8R3#}*N8L?qSDGbc|P`mq2e2OP)E^VC{xMu
z!_~VNe)=fN_BifDqplgZcKxJE3(v<#7g3QCS{6SDLT%-!#oqDBA%qD0O!v%$R<Yd&
zJ3MY)Gh`22ZKRX#W`{SC$Aw5`vXcxvEp-AJ9#23(bO;gm2LAPlY%l8#*i%gq_$08j
znhVs@`oFZjzBf#9F4uOlz%k{Fx%MoiiQylVdbEC?r5{cj%%vs?=Lv?1bM7Heqoi+2
z7^dl){<|r>6#&^&a>4R=a$C)zq6<&vmfJ&&N+>KAbuXy$rUWMcMD0h}mF94v5liW8
z%6+u<4B)~Xba`MRHX|?#YS-jhc8}W|P)HNol9EJZyD?Q}h6E0J$~Kt=m9YQ&q*u{R
zr|h$~BA3hM;pnjFb7!X^6TtbaoIuBi>*lJS%11$*F9C!Gte!rmg-MVCm`J~6pqtCf
zr09Gv;P_u0z@f%+9&T-3er=ZH54Q@NjM1k3Z*JUqf2&~}&6<{Iw2kL@GQZ24j>j_P
zk07$dIn#s>cCRe8;kQufOhq(kch|t3cEtl+FHY%guAUup>&~lCr!tcRV12#U8fZ<o
zG?;(W<PHXGjj@r-6QOe7yBh6k|HEi$C{}fjBK-i|lU#wBwf6Nj^-qm5ZKZNX%<%Sq
z#8F?aWcb(`)d``2k<y~^2xp@Z7L@u*Lm}rFj{A8|yd<kpuTm$~i58ZqkqCr$+|BN^
zaDLH(k&HMT*%E#7JnF37{&zS>L^O&WkRi0jJAWOcr=raA-#qZ(s!ODEZvNX(Rl{gc
zUo8^nn}ufn7+Ua+HPP$3;Tg*Mkm8sgG}7SE44jN5a!hO^p*U4up&}D5+=UbkF;E5#
zWZGbrBc(|sNNeH9$JfvyMO$wnO5;3B1uvr`M_@haI*wn4gRnVK?C4($v5sCw(d|W3
zeiglZOd6s8Ystww-2q)?UIty9k)M6r1N3K3Zh){nxP($9+rX*orL{eh+wjlmWPz1%
z2B^k)vCy!txhq+IYmd-~JXzfDoUM3>6okq1tcE^5|LS+a=zzh4fMOO>%N4M3aZ%6-
zT|Iu_e+#SStyr{0UK3>e+pmu?gWj=SW`kU8>$1n%QtciB4IPZ`JWdhTo&wV_WpY_V
ztesY<sIS#av#pGmWk(fYwB)@%u95>VT$31ef4VGNy%?8yACkPAlNt5mmk4qhrR3dV
zd1wvU;HjBrc+2V>?I7#WP4V-zeYjN?46ntndvLpF<|AbvGGN@*BLm8kxcr87{0v5k
z8-6%X(4kyk^GOskhY5QQr?!W4u+5}y*Y<4iP<=o(^kKcditGNY;7eXs>iD|84j&_8
zoo}L8*XUwnTt9in?GRXK8@!DsSlv3cjpm;O(|<`|yYOe3p++aL2I1RvtL%5h2fWi?
zz0t>kVMAC#3y2X$U!+$4oMUgzmTkW@!YRMq@$(Ull=T6M1wX&xmpCoN$upM8!)ud_
zoSB*L(6N-;mAb_gJ9HiJTA3g<w=TLeYaYuGgWD*hM~H5-@3|?9&=f`s!iH??BdF_Y
z<=I!U(;F*?B+;~RVfl}~Guz1YHj0Ce!hf4>e6E=43$246$V*!3EXmPp(cC_2s~tOM
znTgxBAE4voUc6%{^K0fFoojS0*;a58==iYU84zak_Ax8l8KlsLyo$c0m`rAo5V2H}
zH1zpnkAmB7joQTJ))A5po7176!SdS%bjM#pem?b4^BXbo83{?%`{Mm0#6!A^vz}*R
zUERzAT{g%Iu{J?XAX|$+TW&YI)^DI-5XaKmn~<@#10bAt;Co7%&QrGlR&w#a-x%FP
zNn3QXA3yc|jvwa0X}cv8igMLU1`VEET?@MTk(mZ*r6CG&R5q^lE3ae=ZFL$L;If>E
zzcxP!2)4%=VU~!Uxd)Qc7YBOPMr8fH+=ru*18=H`A}mbdXNWP^khvB((?lYt!l!C1
z2+<~wIoOly-R?$*(MftAeaPWnOi51z6v<z*=X{{Qn{?WN)#Y5Enzn`l5St3w{1fHm
zpdSvzRs5vQzC485w3@U7#Ag@Z9zo=GcDzQY{Yi~sLi`m9p+4>b{IC?(oFDq^Vnt~l
zqx5D20_+5#I(<`QgKXUhw!6UVYX}$caF6ky_|5f9BC@tN7V-BX%0P?YN=tMvL`#Gj
zWZ2<)bdC|>JGM{aCD;fJ2a0yGH0^K0itGBe*MEdAT3~w8vi1W$zQ+gjgJ{u#e9%kG
zu?Mj4@2<GlOZ}PT6Om7*wr0V6HLpv$PG7Rqw?Vtcy+;1GSVfNk3ji<VZGvb3^c5@j
z0czgvI(0*OxUY1vSy-ON%VnSTSpiG$e}1e)C{siqQVfm^J);-TjDqN<eg${GbvFbR
z^y6AgRsGX4U#o)CPDUMGH0DtlJ@tLgwrhV9KwCv?FHko+fVw5ny(i!G=0eKEQ%Y`4
zSW~%bKAEhtv0Plzgdty+&}9j^6F0ND{~rZ?Lv_pO>H)J4zKx}B7sK?F&z!{D=9GBF
z*eH<{nVz5tDQU-xK!cf`7jOr&^IP@sdA0(;0ZvVTiK6}lpei^_zBwfK6lGfnne&!@
zy7j2)c9EG9|CpeTgIxbpu2kWiDD~<ca=P>fbdULbnohYPg@+F1fKb^JF4g`*$`sS=
zK_&_elwr|WYr$VWSzq9ru9a1uqllvhh=fdB9~9fm8qC<gdW?4*h}oTHTU~h#T$|(q
zI(Ja}ePG=fY|;&!I@|-N@|cIfqSt=Jj+e1|pop!w@jyIDffJ<3U2*=_h#=Gab7-TF
z!_~Gd9T{`sUvC_S7$^2&wmSsARuHfCLA1UgNRF#S*<430CO>={o28fBq8IKmz};}s
zeL(_Jh_bp2vph>iJg*T{zgFBpQ+&?Y&h`2u8MoNQjD_f9M*(Xj*|^JJL<hbdTVZ^$
zSB<RwBj=v6(DD`0Xq0YzfiGqBPlIk1vh3Tz;m5Ki$!>lnR9HWpgksDR4Q}<D>Bl;k
zwQ7q_5^~TX-b<`Yh5ll{ke6io@Q^e-19&U^SlyXc9WEIz2mg`Ye$`0tRYUtrkc%wn
ze|mfvEX#N+ui2=}pc?zHO&PxKalaO8Bh}3Ro6Ilygk)`ffYlCRp#=~w9{??_uD>Nd
z{iinIQo{sEH1(rP4W(W&u^#C*K|P6qaxnWOP~`)#T|s5RI-+mM<#+*FNWSO?9x9r=
z<`b5<5aq>A7W99_7^r_m%q*KKE8l_WuLYMuCda7qMrpZ4afiB2GIcmJlNhae2F#;z
zX-_R^N~M<glzH%rT-Ss)@4L_4Nur$-3I#TO@pFe=1IO6r(WX6v7}ecs9GzWjU6^wo
zPQ-tpd4^r3d1~Gy^Qu<s_8Zse-gQ@D)y>;?N(#4^h*aKv<YVh2kYiQpZTWab#&6p0
zZ`O7t0oRZ?Wd+e!<@b*%TS`N#%^_g)yVzsP^t^gx=|tvv7b@AFww-w>DY$9Rl`?Yw
z^sh|SF=`@4SZARVqH$e4L2A2K7rsEc`DAxgd~y+BlF}@orHI>n*0~{~I%eF{{Go@}
zqWdJ0Kem<Iv*1!-BIbk;rh@n@9B%4-6mPAKLWZ0cSAzcc(&bM|jnV8Ls1M7>iufVG
z&e_#b8%J|m%s(-r_Yt)GC!D=OPAz!6f;I}^Qq)cZLUhXWm%YcU{p+Xa-IU$pah)=!
z%5_31Av_Z#X5=3pi#HIPn6Vj0`TQFhk+CZ1-Xf2j<cmHz6~Qn~>Lw3t>s?B!hZBha
zb-9tSNvkbN;z5yCnqwErLR=kMFOhk>+X0;H4*h(;dZ3({sMn2@*7B4cS4^7Y)E^Fl
zri{>K)-u%;Uf!x(#Ude4Z*_&fwq@-VQ_@I)GaI|6PxysJmMmH`38Bs{q}jN6d>k*o
zqw3$+MZJpIf7>GV>OaIvbdK4W*Jl<j&H;i=pb7iN@b)pYY9paPpykE2raUEWH|YKr
zoc#LW=v03V7^*TUJD%bzHsPkFxI46_-ImVJiWqnu8SHuEjovS0p&A9e=<ER{u@d@^
zAe(xF7GPy_eSHa3P0Km}oNoCq=9#FbEPfpKE2w>yblXp_dI%Q=Xq|SMGiC}`?02<8
z!eoA%Y&D9d1*4nbcKfJ4d`)PuExWx)9s6`RqlM`NSzLcF2-C9V8om88xUGJl`YqC$
z!;AsvWSxDo3Fa6ZpF?Jm?w{bo6vE=f^t?+G2T9ThxUTfi`@6nUZq-p7>P@UV3FxK~
z&`Jvb>j(&_a|QT`zHI;osy?Q#;9p5ShxO=Q&M`q$*aUnZ8Il~abAp7=$oP(@617tS
zMdFZOBfx8jgdlV=08}ps=qc*!LpRsuEVZyrY9DweWLbjOiy7td7vqdZLzdI#uzhPj
z)46h6)BWwJQPSq-s-V>EvKo~#npcGRwu`?yx1D!6ALD_iXi~eF;BbBMq~f`HPF_6~
zT*Skog%*vZRa};gr!sHm(#xxH{u`-XxXvSvR-%bEV*RL6o4iFmxl0*ZtMd5E#9L$}
zHDGD^C2KXBCD=TqVI=vU<lgN!|LS|vmpf9YiS6t8SOgLS-Q$Z5M+f}fpi+n@lC@xQ
z@JhA=$J|He+BQIObEHM}JE>>z?E^@-OM(_UD**;y|M$WESK!7ba0FBSSNwOr^(6nE
z7A4h6(<)`D$hqIT_S{7ra-T+vXWzA^Czjh7^f#-MJ^v(Ic-#!#!nwVheSVu7L8?BA
z6N{>s*v0%WQAjafw$b)$Xr<bg)oeqjZggO(Ycu`z*784#_Od$I(IveGDv6?n+kAWi
z2Byp9%%)L7z|UCbkg&N#3AIEPiwTzwm34cO`(n<HwK^53_5?!A;RzSe-dzE>J8qiw
zg|%N##cJ(2-O+qPoyjDd(u%Ca`jg9g=hzjRVzviwB|eDPMB2xhC}$cj0?RM0wEsbX
z>$lXb0wG(OS7|lBT2IB-(dA?ZVq^wIOzQ?KjyaVu^s&xl<>X2JA5WU)q_CWWE3q<S
zJnUaaWQnF3dPp1{LaEB>;C`YtaSg=zX?z~o$P-yyuM=&dtwyh&eaVrQ$5+61Zn?k@
zn=6;GNQUYMSPsc!=|;xl;2={Z87WWf+(_$<NlyfR3H~OZ!tRyPhy}txWEX~Zenr)0
zO7;iePJ9vqjnaBEq)f0dl$X(LAKqr9sn>9`RH56Z=)J}KNuZ<H+UoaQ@>P^Q2FmG*
z*5{Su#ty1^yvYTo4s-QFv3w)0rN8I`L(bf^8*^W91D)_UilxhWlUdjiEtWPwUA20N
z>7?!Vx;RDF>@9P22T_X1D9pyKp>o1MrmQdrz97by6u7(%*b9Gjcu}t!vd$`w_Ey#(
zlUJAMC*4U_+?$LV7CS2Pg+7%leym8Jr@~?@3l%mfsCAterO+Ig?)&5um&H_G69glZ
zd=@(tTb?=S?d!}vm}HERXbUH2=N%V&PZgkhp?~9QJn45X$I%Dd71SsH&YY-mwCujc
zZo-x}*6-Y}fIr0Nb+=#6G0ck7UIbMXHCjX(X1gbuA(@9t-I2tZ2m$NMN6(Kzl+@ib
z#ESYgJ*m8DpCc_Y;!nrL%;+YO44oPmCMME0YVh4wA?<y>n5_lIk#c`*=)auA!o6VG
z(2wV(|1xVVy-jYHrA{cWr|upTU76FD6!KFMzVvGm8T-(=@|uE;nZPHjvoxBeuQ>5{
z%I-2lHQD_fuIfOjMC@`MY9aHSUy>K>5Cb$UGJ^quqdUG!u{v7TbD-gox<Pd_#cB7o
z1p%moKyKkK#Xh9If;}EE_@H2W`G+g$tp+Awfa8+I+7+;`O>CVCeosDrlr1gV?T=w{
zgqY*tX|$N?VD0cVwfQN8@fQCJ8c=rmP_@X`x_PK#$(GR2x~1Xl0L|};1`dru)2mm2
zQ1UAzi^P(*9un2Kw%u^Kv=NKXT-m2sXD4s8rPiY7ccPV5w(1xmQ`TQ}xZ$e&;5$Uf
z_5F|i`=sh5Hk49CX{04b!K|ggBJhxFQSn(xQcMDgXRu+cct}i!qujQR8x50B;S%OD
zpARU__&4igS?Z6T=uaJ6m4v&WCPIbjg2>H0Nzt4PtWy!=ki8Zy=0De7eXHQBy{eub
zI^UDp@);qgP5QVMmUE+qn2n5bu``mu$VkBq#%yh6oyjWgIEdYPHzpI+R)S-bit<S9
z%h}M>+Pcc<n`w15_!A>Kd+2|>apHP*Myk55w_|KzpZCtCVK@G?GI#PT)IE$%+r6Io
z(KxODpFW1t`)lu<qFcVfgBmw?H^{-w%fG$X<<ae&-G_`au@7LoORc7x1TXE`@0#~B
z%?BZGs8VB?A=r3Z4lSmUFkeN-iw{BTE6P+uU!>`|gf>}fN$!w#%!BaM@4o~hccSs{
zRYGMLHC-sl&d$&E+c}GaeRzoa_W$bL`>Q|5y|>g}(U$X-@l@PPLH-^vbcDPbrxF$k
zL@D;pw(}3-q<v&#pJGE59Lg|m;eYPR)QI@e$RX9MNLH|ncyGIROL=C1h=9VWEbU+%
zORWCkbiSICN}}&-Kh;dMBuFf@b1~3x*H>DLua&9vb>nOK#r?rf_M#z+se6bABSpz!
zEtA$Gn=FI}l_sJ|di-a2=E7iy{>2gpaWj?GGuFMwH#~1Tqi{7C^%LX6YYTj*nb)%Y
zdr;LU*o^?FhBx2~x`hHhGv=2d;dux1Ywt@Hvm&0Zxta%uWrD(+7Z20RQ#ahF167-B
zWs>OK3oWibmOi+uaSkg5+-<p^m7DrPCmY<0*9C~ND-PDgx#orQJw9i>Ch35VA6#b`
z;OW79o$vVoc_xLL$a3X~k8Rn%m_adUFqPnb*atfaO{G_b_)`f@jXlUe_;wk6&&K5;
z*F;n<lk;5&tLJQDUO!EbJ#`gc{Zbp<%%CV&xRt$F<(_ml2?`zz*@R?_?j)<7xR6jv
zjC+2^lr9dn7#eRoG~J>bE5R8-v)v)w(&kn8q!_&|hc!i~hbzGJO@VDUauaC-&Q?X!
zk(KLYmf$CQ<6)w?i5~9`CW_fo1gF(jA;ne;_Axrfl(GBUEI<@6!4qpYgN7WB5D{o-
zmZ<Ru7nX($ULDD7td<yF8DYy{FUr)KWo$Nu+F><1xaSu=W#-5$DFvUrq{C(bKk*Nt
zD`C4*%6+w{h<`g)cEm~fVb<>}FIA3t%FS~5NYiL%Dj{OL4T{vg69$-XJxlk*8+SUp
z{I&zGru`HRHSrY5A{lS7`nA?ST&NCnU}pPGnHyZ?%8>nw+5l@)9;42;{42Uu{(>4K
z%t!Nb&HiR>5auZ0nFhq1!LROv_Fwa%2e0{eKc~I{tp(!k!wy^U@~NnyXtGaEQf^80
zfPK;lX7jP(Y$RSUtHMh-tiD@hx=+rw8GcXY4X7{-EYEraaso_SSpZKT(&xJ7pR!57
z*!NVkeFl;*;l0t`=rqAJ2f=1|E5<(&F*P`4u-CTg{M`2nE#4{r<qg2d6^$URCg-*7
z3*3+%tYi`mcRj_QH6P~J6@+mY+Z9Kx%3XKpUDZTlA$>GW!fjYPx60d9WF~Sb#3Fz#
zA;Q=;?%`|*Y7>_T^cVEpujX=XMAg#pE1;!9SVuY2G8e*g8L57M@SL~klRx#Yt0kj@
z2on=`-wgKfQFcjO%zCZV7mqIH(W_P>bB)sHZ}y%dao?15cQsM?F{O0O)0O4Vs9>A(
zVIj1#{RKdOrM)t>>YK8W0}r1k;j}gIrbim0z#D~K1L|ngVtaCw6AmAP#!%Gi%F|nI
z9R=~q|9*m$RLv6k%hjhy7OWU!Aw0r=4*5jp-O_x6YccyyQSlmR3>Twoz5*^xTTNPk
z(>s1>zP)^c2hfTL;M>6RD`9Q1+<#uLc580=vuUcLBemQ(z8p;IUVC+a$W1}^tF`E&
z*Vd^bot9@6asE9Gi3Y*R{9|L)UD}z`TY=tc`f!@_vVHPdILA79GiPwd2qWP##9Z|z
z{BGM3OGkv!WG8ZsBy|Sofo*l4?r(u=F6CV&OB3kRt*}8)MSM=0wkDq{(*ap-mdtBX
zI;-Xs=9L<a@MOsBahulI9~;&iiMq-~YEmVNq7MJLZ10y^U9qL+m;Ud`68`7olO+qF
zp)8+eTGLf%oe%KVPU`CT{Cfsmr<3lC&dVg=qA_{d37vb|JoQD(9p^dKDfoJec0BbD
zzgJ@Cp<>sKZad;bP52PhPM=i4I6yJ~(iyOjoJR(*6S*Bh2YSHc@~Zy&(SS@3q2MKJ
znKtxN>jez?{iY*|J_;|J&hdusGA3DzXf}huMy%6Yz5I`3Rdx8=RKx)f592SJ!b^{!
zTKbwTpeC3hZ4JENs$J)#S3Y|DY*Q7a<=3sXiq_`0*so@IxY*y=+3$&1I{e`*`xi2B
zs19hiz36R0Z9rf$pcUNO`WLX5Z(;iEGI1NynXz2nS~JKRRKN7akb5bZ^d_6%;PC8k
zl`<xeoJUWu>qxKbbT6&%$j0haKL#6?SG@wSuE>q4##yiM=Z~T7*vR&M4fw@alQB}|
zp=K+x%0!Y`n*?FgOd1%H0_@?LS~a4fOGPf-no`YX-5v+hG~;#!Q|>(qCFPcz1jTy1
zgS5=bIEdPjh}0i0caY=Y&IorKOJFi3ze^nXuQI!7qJni|?{$&?JpRDnQDBUBMIJKe
z8Clu!$Q|^NK9pgoPEgm48SWGa^AOwT2zwudx+;aQ9fEJ1Oa6hJaHxpV$MpML-$7d#
z<Z~y|Vz^u&-z0AkOa=yG+gFYrD~k&JJyaG#$r>E#8pc?CBZ}ts!nx?)xzzFu(#7G0
z`}toZ5T`-=e3s@s;4JMG<nxa7`AvC#8xD$`bvRYf>fU}*dgYC+iCVpQLs^j@cvyP@
z=FXP_4N~Cp-}no-si_^%Q|*YT%6!IwPf(5qjlV^s&g(p-<PF~GY=Dk0FYf;1=D*go
zlv)yv(uUCpITGTY>3FX|p3xzRN>pQ4{{Q~^0JH4tz`uuw2Y%>V+zgz<Lwi`hbo=;B
z+!>4)ha$Xf*RZHBQI$C^nZW*iLG%s!w($8o6oK;MvXInt>6F7B=Rkz^Atu+~cjPkN
zO^Dcewkgkb7U9Et1kWqffLNZp#KmOL=gLw96!QrR3hWD^^$fyGb_A=X<>3Eqmh$7-
zdgx<?*HN%nPfXr-&yv4Rw#<W%BaST%peb*B;IGHVG_tpjeDy_l+pTiO=D;NXI(CO^
z_i;3bNB7g^B*9B4Q6Wl%4tqlTY#i|`;eF^Vt?1{~4zgkZLWZc%3KR=?5PuGc{9Ooo
z5M8+d`GiPh0hssv*Kg_5vQ@)ZSMGWC3OS#$nIbFeLdU|mRBEVutTU;qxpfxir8vQX
zpdWcDi3G#-B=xXZhgx{{B_{O#&w`O^SzzIn!Jp5sb+zWd5T>)kT$>wbb3*P<Gs4iL
zpKS>%edCeWFHEwF{BPTT<0LfFj_bsSN6Boxb~nmqs#mJvM!I14tZUPjs>C{)pA3=b
znl*5Ls#ZCO)2fF9)lfnbU36y_TV^7{zHc-VL3$!JHxvuopP|kVQ|T7Tf^#qsn?4h*
zO@e#=ATpXUafE(xKvj+67@H0on;Y3hpf9#c`+K8J{BrlVc#cToJKWd6hK5bpFuqHn
z$@J7zzHUS}@<YOGh6ografn<(1QRBAc0EMC*l&dzQ)lH=2q=&czbig8+{)}nuG(}9
zvW~OqWT{45R#xN@c<;RE0x|L`={mWkqOT)6ti#D7#X-md<Rfc2u0qY03%qOnqR;iy
zK~Us`3P#3JxgrG5?Ri~)wfB{_{OPU4)5xVHg0l+kcZVIkcy?0)S<jP!Y!Ut8yR>(j
z^~UqAw>)e26~nDvfg-0ulO~|&bN<6R<32d&CzL(+NG*6MjOe_~j~{Hg(^0P76%z>S
zx;P;xIB-Ig*lmsz<(jpdoOs?E6Fu&K)Mq?RIzRckysetYA0lLB%bYe1vqhmkV|n8T
z@ayV*w51GV9loAk_X@usCwpi9HT-Ev#LaN3LVa1j`mlwd;|m5o3~nzo-y)?V`M09U
zj@ct)8E%=LLB-oqO)T3KvIey%I7G@0IdI^-H6Du|r{{9|7l*Zol<R!g=ThXAvCbEi
zWIu-z$yQ`;+c!rh86rmZJN*&;3zoon%ItLt!-l?Z3)p{YXkMUO*QqoD{N*@w)Y-MW
zZy0|*or0kky#;%~`o}ZJGtfdxW8nuO16l_?=Ohoqw$HI6h-%hJ2GsmBA%*E&cGb_6
zZ>Ea|_yWvu^MR-LR^9M#Rt(OfbUdjxO*qzVecH0|z@mHDOj~fL%C>JA`OTVKJK~FE
zFCCe4YN(2bpa_r06h`J<l8eejcgIj>M{FYsoK~b7eTEMjRTm;V7QL~V!<<0gu~eNP
zWFZ4i(+Q_NH&t=#SLn^MDivbRyq=POUXrw!N|yRhlY+eVIMwTs)kHZm$f9f75qtPM
zu9Dk6*|0`h%K)lJx+;xt1T$JvD#?N++|shCNJKJxjmLXi8a}sq^u?*$8!6X@Yp~UQ
z)-!vVNJLMW<nQ#!tE6<{t(8?^k0%?ru(<YNa)S4-eQP$)4_zsmX_bkk(1s@pipFr2
zN0vwS?n?-RDTC;_Nejc*sJ>)qe8Wd@RA8#!TN&<Cx(J;#A^T9m(6?xbKJ@h@E4!7i
zJ3PlBK(y@Z@hjhb5=Y?-%YrtUk%n}@;7VbqMv>O%ZjUd6v1*?O&KSgV!Sea^ys4E_
zEI20<sj#X9Uxp$3g(mUhuDc(UFE}8y{k)`w9n~|I-EoZhVx6T)XALQ(%bg7Wc$1r_
zH_14KCG!~P=Tqi!+T6Wm44Wk!3!5fIMlDL`;gVbCtZ^rJzZQwMj^+F{?4lI>CEo9r
zye{LPnpn9=ixzLlbZ_ON0r@`9lJ>-{`e$i(wc1r*fwel|+eo^m2-?<iXhu8})qFS~
zx?^8;iy<ukyhWzUw%__fSRF>l7BjV!;2taEuLhruing94`$-sX+CMn)#O2clS7|t(
znpt0&w~JUtYr-`r9OrXUDY7CSB?9D%4(|!ux#oux7i94(xkCm--p!X&;b-1e{vC5I
z{7!_RXxkq)oNAKv$Pq*CFbr}eSx+Y!6!arOyUQjZ&yk4`%CAh&@=y3KFfU>Qk#vmj
zRIt$UnEfq0tWTragu3(ttCmAiYS;1sbWd3#WHkkQ9(?~RxGvtG3dZGe|LSg3C(HSx
zS#5EJg5>rp5qB^(rst0_rlQI)jYgtsZ*?(zTeT2JivZS1#6svltX4POXEHhbXvQb+
z<0`VlC)6?Yzt}gWZR4YtkD;N`cm#ugXrq<<B?5-AMwEDcTog>Tu#Mv=2Snv1Daed>
z6S?qlnS!y_lQ~c*w;TVxSBCre8A8NIlQdRjfu+&cEYaD$IBl{Yit27qX@PM7mH9pW
z^IhwpgM0suFk$y|oqQRE+Bb7P994@&IYH*%(tHwG18Zt!;cnsjl%KKrksct?R-yCj
zzftP(hb*9Lp_Y8ttvK<+@&zmZu6Z$RS+tDcVblBgy6;KUm2acHDzQqw(s1UQ4WSSU
z;D|B0#luNU;#Mn>f1&hO)}abbFIUjXY%dtuDhxffGaJHkCW={B?ECT+rLs>wq5eLo
zNBMh!in(pt^{p5%K1!yieyW?o?Wf^!KBj^nm<aK)VD!!Vt;`rBY-BcH{88`u7RQ}2
z=pd?H2$S6x%6G7Mkv?zPmf+wbr0El1QGj+EE*CaspJx^K6r<Gi?@>cGK-aoE?Q7{$
zXMv`3uNv9ZI&plp`FCe~<`(2=K50cW-Ev(apsovOUtlwPb6gr>*Ao2eRbagr3klh9
ze0u8>>l*+g#b~ui)jCd#fnlj5uLX&Wln?Xhg_i>J7P|PG9AXD<Wasl$3yl@<m(wd!
z`bZ+K_eG;v-7hysFaLHVH=RvBKySy{$pe>ecKrVz7aq^gek{=dSA_TVDARQT#SK2=
zrlkP_gH6cPUTHw(n2M()&W>A!Sg0phNF`{!YT3PZk?nErci*?{ShC?2T?~8+g&C`0
zuy>W+kLCT;cMSO==*^MIGbI>OyT!~d2<3_B1xh@DRLe}mBT`4@%cd`R-~CyVX3=!I
zx*m2ckzbA3c|`9EvtgfKe=H81IdkNjc-VlhvIQ`Pjf=z!l6qQ;mZ%krq@d{*e4)Ki
z=!FVoG<07HTu4#CZxd^n0;77x`Jh%X%$<@@A$ufPvh$Iq=fKWhS!UQ6cg*n)PUkNi
z#i|^-nF%GKi7zdeo=w<kkw(QhFZNh9jb(!MangcYOXH7bAA53VH)W!@xgf1dsrmbC
zi=<DE$?Ol+J=Bu~WPslz<ZN$gc_xnh(BU;SvjdE@#Sja>*45WkXl(xQ|M$oxcD$ZI
zF6*w8{3mlWg*zHl3hV9eUK57Fb7>pL0*nPX;`TVqe7~t3e#VYskOG>ajW!Jga&ur?
zJmmMZOmW{F9J25$J-j?~dHU)wPM+^yERlcAWup(ayyonAS-4%n@4F^A1Za(04#8#n
z-fC=7X7XoE?BWrogS<$#s}KCsI)e$=T}#+=Cfyv=S4-)tvvfMun_Nrs7?%W@TChm;
zkC9@2GrzpIHWT6TeczPV+={A?-}OANsRRE_A4xY1k;Xdgsg_jXuoIf*VHvQX^1xH&
zICd(+eLfq^t0DHMQU!3O%|RsjdhSLhdmcnUv?-}1;#+_Tc)uLDHYXVax=cqvX9%N=
ziWzB^!Utdewh`0Kp<1KC50`{xWf_DShY>b5!-x6f^{Z_!-m)O+xdXY13{ogb12c<e
zXDX69s<;|MD{RD}Q+S{*k2JrZoSFa`bUl+C47$5{rYwftfIdGRN420pq2K=rt^8D8
W`B|0-1^wr#1}O3*l3{FNVg3)C`dPOC

diff --git a/assets/universal-crossplane/universal-crossplane-1.4.300101.tgz b/assets/universal-crossplane/universal-crossplane-1.4.300101.tgz
deleted file mode 100644
index 5a6d5038bd12375ebe14aa8dd70e602a1898bce7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11617
zcmZ9SWmla|6J`k(+&#E^Ah-l~cXtSoV8NY(yF+jd?(XgccY?dSbC7dSo_EcBnf?jg
ztE%hTwaKCoaG?G>00R`0sf-$%xr`#Wf+ruB8HW~|g*w-FJ#{{AWi2gkMQz(3ruG(|
z8mbOoWxm<kL7n@)JFQ9GZbLdeA|a}>G*g5)3=wK6O|sd{Hayj%DN2dXvS76-41&Z4
zXtwJK5v;xE)11B2^2;snYVSbr;0iDl+cTw%-0ywnBXs>iAJ-=Z_i1T&Wvm3730@?F
zIMt~=C`pf3>&Ud@DHVdZ10l7V<+F>ci!#8w%LoiWHX&2SFW&E>AP1|S7U5_48sWbr
z#BXq3PjlY#a;+lgpSuK}G^H*%Wa%SIMFMBS(Mh1t5piZ@m&L_kTjh_N!_vvk1K%kI
z!y^zHR?UPGoUIO}=m*6;KE+vMfv>r<4Syz2R<E9-d?awREnilY`#7{uH^G}fi&6cG
z7P)tB)zh)Oaq;jH8`m}>!@RKUDbl;_021<s4=yR{-W3@!-^Ij%iiNdgry}ma4)sB-
zQ*Je}NFGfIh^<O#pGuZXD-j#?Y3<5BerylsA51bSBt+S8p_5QZQtfBIv!?z@-A;-+
z&$!mq+1hip)3Y-h%OmpD0Y9c^2okUbteMP63vA|qYFh+e)-ErP9oB>%p54NI1Dj#^
z^EY@ic(py;#M7t4Vv&tRu(uooB+NrwO(N*9LP_v>Etdxe)*U|#If@8!kr3niP|qMZ
z>JE!<YCweLI+>W~v|La};E2XoaYAB|v6cNqd(MVuV}9_EQ*nwh;Jk@%xAyv^54q3J
zX}O1wgj0a1GdtACsx5SVhO#Rxf*S&W)7PuKtqb&SCou`i0GZ%)F}$#FSaC#}_vxi@
zD4e6CiqSKE=fibZ&(MdLDRbxZ_u^GP_n1J~J8yL;mRk@AG{ZCwyk|qCAT?Bf{(!t<
z2&sff#prTjNk&X{WMPDYyZ4@X(T<r16IwA)5Czjwce3C=M9?~zlOdk-QcGYnHz5qL
zA4sThe-dL{7u5fNz?mRs@a0$L;6^tL2A$|nDVW{K(CZ&>p^+S+e6hiM5(^{vyuCSj
zwg_axe1Y(3gxNHpf}1o6iHQYty57-|bDb3JN+z8^l0n+`N^A}<MV|@kEcV;#8Q43D
z&eugpL86#H)Uzzw4Y+PrvKR&?ai;kTMaV)A)ohuxR3oNT`(09)8OOt1eF^~7TjXF^
z65;?hbu9>o+Q7t331+2}!EF8$xrU-_V2Ooi0PhX4zaGkmFT@`hsbT1`QS)S)(=f-v
z(@5aL?|9^>-4=+qIZa6q+lG@y;i#!IV4;k%Q1Z9VLQb{A#knqnAX7HK<6q)UgnG`W
zOaLxN;@B>U0CLy8D*DIK#N+s$gEUlA5Zm7kS>gAjS?Z~teDXXVt7wBHDCKMRCzZSr
z>|y%tjImMSn7|djqFplTUY}t&G*ny?jzej+tv~ifVv1st$WTgtBXn4I6eu`OH%;1<
z^WdlfDjTfIAf+PKWr<P@WGO*7*4P>Pcw`B~`ISKI{tyG&9sNFx?c)qKqCaIQ%i);1
z89{lybx>FVX=bBCF#CzcXSRJe(_uB!O0n528-E=)my~5rUs#~F>7!xRyZRd_=r<O%
zbJ4f5j37UKHs5ca@$Y;`Rs!$#qFU%u%l&OqVA>(COoHmUqWGj@(mYEHINVj;z|C`N
z`<ws?9h?TVwW8UOrF&saGP~55T4DVBbKOcftcTA;aAM*Sa#Z^I`agLS2H$0?z7vle
zQ}H>dDs1NDqU0yB&Z;W3gMX+xbxIc?c<+833t5PL(Qb-1;pCO4!4-+tm1#BNGs{JI
zP@Q2S{=ShvRPlX?>%lN2y(01ex6z|5+Xum7K0UN*xvoB~y8PazX6*`%Q$%r0v)P<F
zbruQFSesXWho2TZ`(#h`i>Km2JH@2ZubB>GMOUuI;&1+%v^|4mZ1b+-C$`HybFmZC
zs}VVti;8a9R<u5PwU%=wx{DFU)fUQ-P(1;X5m6_5R<`;R1J#2n3RdR)6r!VtxWd5q
zX@O+5h0Z*UpM5IC<|(pS2@j45`Q0&w9b;DftK3MSO;Iw;CK$EV{m>q%bEGI<5mNj3
zTqxKOr$vwl#1bJ~Qru-A3^rt7XA3<pR%xrd%?CI=coLU_>3n~>n@`$%azHaC0|6!_
zXicx6fB{|+=(`J^lGG7=Lr12|Iq5a<)wW4ZBOn|P*gXO^GM_CmI8IH^ldNxvEjd37
zvXM^@)RE6hI5kNR@TT>lVya`Lg%GRk%O~t&H{~WX=d$KQ@9u<~+gBxgIT$+8Stk!Q
zR4*04HQnX~o<Q$pty#a1<sO8JQDg?;)S@-LJzmMCM&elG*;U|;_t0k+6S>dkjN)DI
znh0E~5xY+W^{ZnIdR%k*N|dL7*Dc@<)ccw91G*%}Y^IANeV^s_2}xI>wpY6c&deZy
zKEl_ni6t|~F5z?nz9|Uy`%X`dVJw1mCcfaZQN{x=gRrl-b9G2{T%(raiw^1qIVTb%
zuJOXGES@Q(Ry>sQyM@J(9Sx}K_4b!2Z<l8XO664hRma_QIMmnF#}ly<|LkO5`q7Ek
zyXyK)HdU(coI#!ZmWCCa8#nn1`ko40mGFkM?-^p&_~EQm0^T3JU%!F>74Oz4;93|*
z*3uJTgN3%ZYNr6rY{?E`O}4lx_CVOO1-<O^)~7j348%)e<YA(<7JS*ac>LGS2>4&T
zKdvk1W-*}kv*y}+s}ByUIKfABlHahqER>+RaDCq2YU8UBWS?|Vx1=yXKK*nua6YAc
zn9qA@L_;+}$;_4-N!wAKkfl?0`_V_Hv{#a}^1CEi&GV%-H*@WMNH-nR;&P!Zy8fpK
z_2H?i3%#1JcIBg=L-7`O<&>pJNwp-D5l0Vi9Ckq7xIOi3)_cJF`vxU&b&lfIg$mSA
zu}lD9jpn1^ilY*nVtqQp)0J<xwtSy9qOCZY{Pq7ba!35a=R!R+!20{8V2sY`gFF>+
zglSz3H@AIA)#&1#Y2`16ie9gpy&e=Glcst-lhu`Hy%|_LNd<%4pG+D6efj#TAAb=%
z4U@wezU{la5-xPTXfZ8yJ4;f65SF@%u+0MgeT8fs70=I@b7ksGv<t}}2Mk_<B^aJ5
zKjE*GB7;OED9NOuA1!=SV0AQENm?WcUQaP1N9!#F=iTWn^;0DF#RG%VSKF~Z2n`Vr
z;vf=ClJ8Jwl;Ul5dm*}@B+?lAZo#d*bXTzYs46TdW&~_4@&r9bWP)=R_d<M{*hf$G
zNKP!P**_huU^DY0Ra14LBC<K_Vj*Igxthul9R3Un=F#+k3r0S>6;(A)ju$bT;6Ts_
z8q1UZ%@{#FqJ<43$#D%$8SzfhXA2)J9`3{3a^ODD6P^~_m;_NlaDiBaa^=eEsY2pp
z_LHpZ(}=7Mfs0?~!tRe~ZalXjmhY}$KukG6S{;V7_sGNc(lN$SoC+RIL^FT|?z6HK
z&~NnPvEUPjK)?8OK}1`Mek61}@}E;Y)~{c^{@xge0#*81MG7$b&maeP_nuD3+RDnt
zHNc-Z3DC!SPMv;knDt}EJ7Rwf#qDTyAuG~HJy_itJS|?B?Ig+A*y)Dnl^o-=-(gW#
zIkp<g=~na<mQ;Q>jHh-;!KQ?dcXacxv#048V)|3v7Bf-t3+0c~VDq*@x@<Xe9>b0k
zA%SW_HJ`7m{QT7;0RN+g8UL@PV{eBR6+VF#zPQjsD{N_$*u6kZ@{U0F?wZ_G_(iZe
zw`_P^3nG#s!+M)Q@dQ_}V?r^CJKSS2=8eksoK1R|!#$VU>KQMW%h}Z>sm?z8>zkg}
zFGYd7Kv${U?=UEm*eJ%Mrd_^h#>Y{x1b!_d4faz~-@Bk~X-uMezGmpRm*|wBYN32&
z<_w*wW92<hB$~6gkAcb+LOn{wwT8|Wa;+3fh6{Mmho<>fLGRmOuOP>#NK`u~Vu^~4
z&0{L6$Wf$EY<I#{!|?j0w5uycKVR<i*!>Wys>E>Ga$_zcrlE=)JPW7Pt2giMX~um$
zi77+H55`6nF3g`nLM={OILyfRVfL+`4(*a(m=&J+Ma~J!V)Wb74droTW6#RhrzkfF
zx}|K*IGhdRoW`^Tk`!2&w27+kLkrGKeUG#~9*MhEENSgT2-eaWiQB^4`Z=D(%T)iU
zWZQq_zY;h=N_UN_%=d1#S71!T>He0;$|argS<q>q$ZWod1GYn26eMb@vSqC`IamLl
z4SpicES&#x1{9(DDgF=uHr80KfY*;7Gherw3Td7I<=yRNq2OTm?5Ua}7#WY{zGYsl
z_5I@lX^-U_0x4+s9C12TR{7f+9TFj-u-G^l=GyXlk&jZEDc-HJ`syFE+-+<EB}qzq
zxXI|~TI$a7@58##e(qV|U`#)-alCXHh`^pat^En>eQDdhwJQ20j)oHpiy7bqavIYs
zkx*;1tD>^;GpL)9phw>@cRuu*tG@-61sNylO@rJY8J|EMnRmHOg}D2`k>_;>-%XX`
z_;nBauSSWx_jTa>k?Bde{y7v_j!)5=FJdER&@XjPDwinLK61x~GQ-=W$QnKt56n&D
zx;RQr*#ptMO{kvl%KLLe$WYM6-nQ1Z20=RVKTM7SQ}lIbKkWokf>b}ut1-Lh%#kGj
z#{aNgaUb|$<EQHgc`7oind*%~c@wyQR(t3AQmOx}F03OlWe3#N<#Ly_3nwY^33z%M
zf9mn>5cu@Jn_cwu>YeF_wbOg8tJ^H(WElX4y8=624k;vV-YWr{djMi$4m71`j04g?
ze2fcPm0%YX2skJ%JL{Fb$Mhk8ZjZrwY*;z$g0w9&ZI?JTD;>~^Ip5)Y1;7~0YRV}U
z8d_obQ43mdOp8ft&n4y9YL|`oe+LX@S>7Cc4K{E)T>;}d;QZ>`_7b#|H~~(|stRc+
zRn8@rRy2}{NtiI;PUpWWB5~kgGV`63(=$-Dh^!nmCH1Z^cDWp(qj+T}+%coTDZoSw
zCr@(+O^8d_U;69M?Y{N2GyVJoTs^^m19~8|kUg(CGYDvm@A8>jYD`(ed$DASYAm-!
z{~?CS3;x9;I#I-*M)Hg1kCD7!VUb$uTN9A>yKH}yMWsv4+P<_$A?qC{G0_*qV%<vU
z-T0s91J)_x6{!qdY@fFF8*|eVWTNx$Xxw{}y@@_O{<dtXw1FfwSL?#ZNfQG@V36ij
zj}~O>;^Fn+wP({3=*hYN2?51u`_ac9;lhmu!S73+mwtFD7S?ak_`3BifWcCNzG4}k
z%+DgQ4vQ$8E};JT(dk@G*~Ix(+uX9c^w(V&wfZWx8(h=#cLb6?taWxg=IcxC5m!Si
zl0veKylm9?uagO?UvUw}zY@uRS<Ojgn%`pJV<*BN4!p@nUJV?rBgQwJv80M^R==4S
z{-qm>24ATVUVc%KwyhsP<?5AatdQz;kHu=8=BL3ZJEF}9Jqs>wAb@Y<s?qfRJ&|d6
zz*r7x{gam)wh>6O`XnCZZ%D0R%I12coiw(rR#Lz57<+4^(8FHC{f!W%3B#^0B7VLl
z$B)$``Ae<@O;pJ3piJBv=XIp<CDM)};nIkfMCLvH_o9cbL@5)y*PbA`x3I2_$@eR-
zxu91-=;7P8I2d!8D3L28p$XIeLq**p_4B_6E`Pd$z5?BQAKc}>cTK)e>&^K-146EN
zH7}U@#pEZ_8+sMaj!be@P<QuW98Ck`DE(`VEnVF~jy8*7tH4%mk~>CtjxR&ep*jkV
zzb$;D2VD@>iX)1}G-CCS);3$Zl*BPF*>R4%YXa|d&{S56ygt0Jve86VFQO_<aoK;n
z+axY^-l@juzKxVKsy__CwfS3tTe0bmyW8Xyqis#sk}TZ>85oxQ3tcwE@b?iWXAhpa
z<ueMtkPJEAZJWZ@=}GbD8=MZOKG%85km>AoxH~k`+>j^#Lw^<emM_G22J}bXik4U_
zLb;IpKP(BJjz?n|JRruLU!E{AZ;LZtdrZQpz8V`FS2p!{B|pCZPRU-*Jd#~OZe4<D
zwVco<xe2{-J4CxD3G-BahbHF|S2PK%=dT-nP&mOVlRH$knd0mSlhwKzQrZy`@GYaf
zHqIg;CBZLlc1nPJEZC{tm-<S}dp()*oAyZIWLYD?{Vb58Fgur+tXohB1oCn6aRHy+
zD>l8F$%O58n84-FU+NhF)~dRzEGO#S;nJRqxo;Wpvf;)R;)A<s!MB;T+s%H7bC-%R
zR<KPrM`w5}ALa}i%jc@_``T|@DG0=wQ>P5JW!?(Cc#$v|CO#_rl`_8aDO%ReU9=Gn
zn>{A7bsXHA))!m4`pIe>U8Qnqjz>=58qr{_Oivz!$i>b0GT&L}Ywhj+FzQ*#bn{H#
z6?gw-bivQ$njw^F#ZrD3cF(x+tw{gHtMYwo_Z7q~mSdAc>b!X7_;)(RxEj~B-brxA
z529TUY+hVAya_KS$tA6M4a}WO99S5x*&TF#f8d<PBYna1B$cf1axE51B?EB5AO`bz
zJjm9{7Rwq4)$QY_*SMy_kY^A{=hf=n+4tKQ^K|ruCgbqxb*G2TpGQ6Wc0LDc{2JbN
z>pyC1t)Gw$9!u2XcWnB#uTG3E*zqo0HnY{*jttsQcNBs44vLSxcm_)BSv|ahW2A|w
zvnaGEl44!2L!Nl#Uw=avAFl=rjl3jmXArjY+v7=5VS%3(8{6`Y{<<78=$h?++T|Jr
zI?ez$bAP<|tt-t-;PHv)3aFy{S_?5=mDzUIffsBY5=lTn&O}d^X$ha~C2>Q`ytk5J
z8Uu==MfLW9ZId2iz-C7HZx&EV!@>ew*;Ch-hksu7COV|T>${vyE{r@IuHNrEmpcvb
z(xSp{BjiZ3-q510AWUDtsNAgI&#ykEfoi^qv^)Jd{d6iR5Lxtj`D~=w<H@I_<Khu*
z$x2j}D5V@uGN^o3T^6b2w6=9SqwLWzXgyoIV>mHyC2_#sMY95JjsDLjEl8WrXSGI<
z)Iv`9+!iunCy6Io*QaA4>y7H&zL9wmiVAs&;W@m1{vib&!&2$u?$FX4c_X6!E&$Vz
zr7CJS$xUz?hpW8~6ggO|m9)hO^nqV{vN!!`AoHRi_dTE?r7`psIGBb?AWO6+IkIi1
zdiA$U&(Y}9$_&LQbFW*nlrW9=N|Y`^w`ZYHoo)`bDd2sS<*U5uLF}VBJS%zP>f-@&
z?o-lgayO}@9G<aJ@or{tmRs=^sz!ATqnA$<{3Le=8rvOIGi#P(t0{5hgIco4eZ>as
zY=1WQ)~jmwV!1+O3AN#o%P4~K$aRO)_FS^tmp#s<&0X4zv)`)H5b>rLzd@XR)q%71
z?tx%r=e=CQiqWl8SudPIcD|en3{8p*KK;`TFGRY5(T`*PkqnkR!RF)%y(pg0_Tgz`
zUw>M-g%$r|HBh=y&~?c3S6@tQpjrEZp^`#6VK#13nvF!5>`9YJo$bJXSEj-PZ5G)?
z80BYeR2Uz}mZ$2^wZ4iVsiFuggKzmQ{1do1I=t(vXLX0MudTcep-u^yCnAwCnR459
zg9)ijHENjpz3FW<I*Gg%gOG+ALxi#;BW>s)qCPny?L!glN+PZCHS0GD2r-h8+neVi
zPNfF*tKU(&w+kdu{#J!HT~|d#S+;-r=rdD+o|TRk;S6m<J(%Op(M5W4%&m-O2YZ<q
zYpJOsx^e!St7JJtR+Xm9&~Gu2P=`fr0pZW+9ZR{+vLafjEyhmi2o)P@T_dF7+AhG$
zuz{R~$LXSuT4K`3woGvXI~4;<tJ5Aa!Hqw6oHV=$i9lX-Z;n2#DzoMX&bB$niu&xI
zrj8q$mOACEGtR~{%MP;|S9M`mFO^gwHI@oVaswqq_hu2pgK}Sy(v*l`?|UK+O%;8Z
z50TU>gfWDw>``}*+m?}3UBu+Gu<>)ZM1&WTZ?)@9`v;v_;MD|^U>Gl$kR-H0Hj5<X
z3%mKWSvdmmDp<q;{^4aLEMXmK+-%7M#|H<;GaRZvfJT-2yTtEx&TTdX@<O3YA!u<a
zpCXQwM!f(A8^#!n5mu7rR8YS{7HaFJMOAt_Q<px|ar1+7$P=l(XctC8#<Wu50wLTp
z#gtOYSC;Ps7K%qS&T&$t(x%crzkD0Znu1-Pv)nepww}pfJ(^zWs7OieVykPDIGR$@
z3UcQ+Kj%`Pt-@(dy2^nzJKjekABE+=!mZ%}<~7=WfMd_{RwvMz(%1-$?8XfW`6_qE
zJgs59^_-qfBX<HGDv!V_$vrou$42()8gi$O4(MY!rn7YU9cU3+CikF{j2~x62zCD#
zli)J#+zpqL?JVtnBsYPB818V@kb#n`r;26PmaQWt3)Z;0mTmQ)c97hzNZ`l_FtHi{
z&SW0XtbW8V_MXy>IfadMn|pI;RhA-s?kc8n4G>?kyeZTEmSf*Rf|rdJmE%3mwQ)sg
zJUYQu!zEEK)lQv;he2r4abRHv6A2+2kBF^Lm0}h8v5x4(4vorc)J_p%JeyE@9AYMH
zv3C5f>2=Y(ovY>s&GdL2SYZ_X#D;yD2J05QVaMEQm#&J(Nx5wpr}?R^zoBTgwZB2^
zQ%e$hz!`;mvV@;MzWtaut~DifYZR4maiM?Zo6!1Zvy4^7X$D6i89hGDZi-x%D(!aM
z`Ox6h=B9ngxoJuteiA?Z4<c!HPjA03Bg*pVb=~l1jM%Bm3nN3Z0@W2x{1xD3+;*MC
zzUpmnO|*F%J~pnwBfH3{HJr?rxy9L&%<+Hp?a7KR%prEmI0xeKR@|jMIVQZTt2nK?
zBEOu09yq(LKvIC<6+*?rJZ9v>Z@9C9p;1O7ID$kK*z{4?Q6<HRNS|f%O7Kcb|9at-
zmzx(8uSjJm<R{3%VR<Zu5O<-V4}&#ss{SgfUHS)k!(6l2DpR{YWv)cp9fy?kUwaou
zi8o~fq@1ZPhLqB`pPrs>s-x`P_w`*XS3_C+=gA?2NJhI*ldQGURJrJ;Cb$^XgPfR6
zp6r$qo|W1S!{M-q1F7nv;AD6R#;p;IQ_K~n=E{0`+M{<xe*0Qxl#P*do&O^0YLS0(
zPDi=MP6zSHJbgUz6c$Sok(nO;*^f5!0gHvm<O}h?Yjvvo=`Ms~A0*1Wvq$1IJ7u48
zQ`Ug0M_7+nu=2tCRo~$|@K89k3AmN74es7;X7@{c_bSuBTB~OfI{;twZZ4nD-cIID
zab|MjjBNbdW9SCMX{DNuCDZmN$Y}O7xh!;9Rqu%+6Ev+&eBm7us|a}b8`Q%L)I7s_
zApc`nTD!tmmlwpg{|1CVw$KbgH8){kfp|eS#Q#Sf(H<j?1(~+!Hm)ArCci7qxTxTA
zW>a41;`a|vRJ+vZf2kh7u$6CPT>8yS5fW%)RI?;mF90Coq5GW~(?-dQm5qE4hGp5B
z{E88S6-)SeFDED<lRj0B{BvG}vA_Nz{R1;YD3z#SriJ2mX)QxrG?m{c59B;P)wZV5
zQf2-4?$I3aNZ)UZ;lk9xrewp(0bzmuYf^<Ayn^0~A;?5#&+PMT#j>Btd9jG0okB#F
zxRhbzf1*eb1~YV6qHtpRJ0#Errq|IcE5|n4F(E<E=LDNjJ~{aRrABP>4cfGDIqkhF
zOb<;Kry-q-N-g>(;fI&ORoX33G@lphxN57BB2#e+EDW;7z;ZZzo%s#CeyOnl*#E8#
zf^_A*aNc_^J-%?I*o|Aag~f>%KurwH{LQfR(>_q){4U*0-kn5j^rW&#FeX%$uLdPF
zs8SYcQw1SS1g;nX{FRT*<G|Rf@cZPe@R@Ax3dBJ)z$tF6_hTYGE&_h+?N;b9r75sX
zxk&b7zO5LOAy7a085O4S7=z`3dtiXkU-JMELk1=Nn~65JO<I@%_m@wvHBE)m3BZ_h
zvgrXmky>b9q$dh>AoXFODbA`<Aso6oyCmlNc8!nge!lrf#aS*tv@D^pPn9HG*8TpQ
z5<}&TLZMD)xbtQsJUV<(uEKjFNEKNdc71Ca@XVi{O%kx{)-S&0?8!3`*yUs3eJCP8
z+cD~8uM21u5%u@wb3ds3;#7~MsqT|ULkYWqc&=&2kK;I6iF){&v+R{S{jsY#wVePR
z9s9ua!_l+!UlC!;^<r-v+NfubYSFZH3a{CWeR;zEX^HMig3uERi74>3MPWps)x`)u
za>>CGptssqo?Kz8XlTdD?T$ZV2{g2{s0#sGD;w)T4b89U-b}@~qvwDzM3tJ-loo4y
zKAh6ouP;Rv^8~&!wMk-mt40{G&oKX^PPR4&bi>8yDJi?aH&l?qj~!s+eZy}BQq$6K
z0~pAAHNN(+JlF6dx0(h*S=I5JS{79_*+Jl)+lj_f45#qcOPxbngmXXa<aOb?qDy(p
zH!<h0u$J1B&!*L@)C{K@R@GR5lGcaeb02iJ_R+O@R#!Na-Zq(2E}cAl$Z)(9c`DJ}
zgIafG!C2D!OL@sDt?nzVJQ47|yC`KN7U}P2>02w%O0Mgbjlb(X)!2`=Czwy;8g28v
z{QScxR~$*Rlt!x5?1gL+(7iOfNLNgtF&8fimL~SxhhF-s56E(oP)==(-B_C-98(M9
ztRL1ML5r_I3^39@SFi=72E|rh{SZdQQt>JEZ1aa1?wY?9b*+evfUZNt!|j>p&sC4P
z)(H1dM02mW2I?vN|FNW(U(aM+L6Z;%mXkj>K%i*Yr83G}N7ns9Nzt=0tWUz-rqhoD
zz-S1l=xNyjnhHw>0o0>WP3`+%o?Sn+-mWH}X`8Nri+%Ch@-_FA)n^bJ{T=AaWDjV|
zX$%BfkbY}80V!L0UESaEX-lqhtKhY6z*=^nw{H#6#T~Pa(Z_Gmws6x(y=!geDBp6W
z-}QHHtpZ+i`|^l^mL8tJ$3PRcK5hZ;Ay{;C+;(AYX*Weg$Cja*(6$fNb278a`SEzM
z_=!u#t+&r<w9jd#kH&j+b8UJ6jTOVAR*p+Y@YY2AyiY)iEVvC5!KS|sw*X@*O1w1K
zbX8iBKrDR=FJy*M9Zih)b7-1ol~C~C-;UiH;!URAZif=o<KOe9U3=w<N-ehV3Us-K
zXqXhS;IzWws7SAN5n`av@%QSBpwh&gMUQ>gm|QfFdbFb-br2?>vvGIj7-F3ehRrxf
zS9jgAhP)(>B<U;TRCS_8I(b9fgb&z4Py>+G#BsHPaE<<#f`@-oc$qja^dGi{yhwGz
zFNezbb5C&vK&7I=wf<o1{bpW<yN|?-FII&mQN<9gXGq@EmcJ0$w~$<#`e}J&>2a}f
z^u=MwCYQM>2RQ%r4)XdJ4Rap~I}C;d&)Xf!XmswrD!g+=S4FH{{zF;eq?{~$08{5%
zp87vxbwB>r)6mcc=qk5|RiwRQ!Ne&>g2o#WfEtgBq#|y}mG&m+<mw-df9r{DT-Q`+
zjyL=@f{f1=7xPNXbq#Wl42oBv9J}_tpY;OfKW_l{AA{aw06=dJFN=bLEh@R@U+jHf
zx}~QGQ2vcLINBkGJ<&1dko$96wi0i(w}cnL1ZyTisEB5EpO1~0T(r6_a^2onI^oJz
zG?;F6A99wq!`?R3{WuE5SsBK6IOiplGl&Kfa3IJ8cPKp_480<Y61p{Shlf(cY?l-u
zUnA}*xr+@pzi0<txk&dk*gZJBnDVcr0ENO}*T!rfPO(i*tcs4$mp=0cJau=9?!nbr
z4(*iD*$$A71~_2~DeL~7#c}gX7jr2f<m--0MBHpM>&S7BkaU37_`jurVQ2!`uKn>=
zS6uUJ?k2=99Y9Cpz5$jJo42dDYf9bE-(N1Kt)_`fx==9Ct`zEOo@<ONs_uRYaFL&4
zy`UU>C<q2Z_a^i*TLzoE_s7Te(HXFPkxRD7Gxtd4$>q_!UiV!J(cWdM&Wf=*CGn*m
zrSH|tu=pTx>y|ShK(vQ&zvH`k8XW%p%c&Qqg6T%}UWC<jpLpG^MBd(c*OoP9k!2(g
zF&yU&i~qrNwPFDKw_Y|R15q&)q1|~*$%!zV{y*Wc5);W;!5Emn^ff-{3U~14>_h&T
zbZN+~q8y8d;gJmSqjbxI$|~e1n6#Lf90-oQ{m~U#&h=KYE8VuSY~h3t*zf*zbz2`o
zxUcx9Qj(LoyWw0&j_@<+!w`waUu5FK7|}U0YF}gvd{(K@wO7yhfjm)>hk_%6?X&@e
ziY=D_%NVOp=1SxhMR`tM)St_aFNPjPU8i@HbT!0BHCXANuwc^x+3;$%>tNHBJkM&M
z$P2v`5CkEvjDg{g%x_rtokbmA71VNTo|G2C8H8dYzInN}hog2bobS`T>914%tYHJ8
zdo&LkwML6hcbw~wWg{(J{(@)xQ^ugz3!bAIqkib0V8ngba7`Epl+dDNb~bC)OoUT+
z*#zu{4pz`97BoKvW~==~sYdk{JC3LNM6c_l>YTfA=T~pXm&eKRr!Z;h5{E5=3?Ycu
zSkCw%%!X<|O)>pgySKZ?qg==HRNvfv-DF)ncB(@K(%Z^4={BskcMs@kXlI4#4n7&)
zw*^^x%mx9&VB6#zBGQIrY|$#0KBP&`CRlRBh6U}Z{`~uSW+8K6c|?;yvBrC2AxTyd
z<6=ocS}K@8x-4zSrYStZ04{vMVNz(eM-&U3*5?p{2|;c3J9w*WTB6<1E;j^xW!SV;
zKWla0G8BT(dLWm5et&?Do}P}ne|0_<>UC`UtMOZ(<f`Ki5j!QmNV=qb%(@JEsNPs%
z-DMb?)Q1r?e<6ZM%p;y;Fq;2Amnd9M4P{3Su`$@@R~9Qw<myM0-|x5lAy?UMqs~+Z
zc-P2qnLm3~vG`XGu4n#!6);(n9_C|zJtZ<f{W3<2pg|#)ZE(sGevj8FlI0Q7q`K!(
zjNWy4tZ$5@(j~j^q{bRBk2Pi`9D!r2WySvBDTVdU`%NmrFTm@NTWE;NL7dX@*mzv?
zcMk#SXz~;?8SYq0JUC)Ivr?%}S4JC^Pxdf*3WG$I$OLC)v^Xh9`DD^NCt5AkTY1>o
z@nbDgrfiZqk;%Tf8?m)(C7LN}8W$g2p}@$P$Y?T*EmF$JRg+&!?s&jL3g<Tz7GjQ|
zNJeE&3M;ClwNxX7P}rOa+h8K6C>cYgI!%mLhO*j38!}{$Hf(;7qet>@1mh%jf{HS$
zADgSsME1>Ka8`NI)7oF@{$RNV9eqa^MNBZRP1vncgcc!qRTh^+j1aS-0Ll?U>zlKn
zQZCdWQ_7(ZFQ_X+a+VtA#|Ql<#+$Qk;5Zd!**5sJUM>mDUF-w7&XB4fQOdBq`#rNP
zvm^#`9y~|zEY{Fg){@^|I>2>Ygl`L(;=iMgOV>h{SyjtaWLqwccv)w3kaB(q-JgL*
zotJgPe^3=GH%evZbt?OtI;40qt=XV)I4#I!9_P?7_MM@r_N9(OU+sq3-wNA^zdT&y
z(<)mlV#BHv+`2}bDSybFt3G}=KT2RtG|EAIOX1A$sb|S9v~)Ee%tSJ$Jg;S*m_who
z-2FoHeNAvwJ#`C_8heMPGo!x+>F!4`MMTb;@&1?wnYbRAX6Y0P)*Z1%L8OMsQiT-L
zc*v9~26H|tKB@YD#ERLikpyV_?xOz#=ji%7^MZ|@i!C0>sZY6(*2CAS9gVxJ6XZ6&
zTgDj86~(JdVw(h&Nk$WQvDSWO)R?3VU?nX1H2LetM&#9bq;CGl2&loG)PZF><8S@G
z!ELd{jEEr)<`W39g6pn~72)N0N`K614<+9<@<dVFW57+k_`xsp;_Gv!7tZ9G^u_x}
zMKw-YM@;k_64IlYyR39Qd)Qc5syaA4sq|kS;J_r}<Q$8~Lkt0$k{(>47_Zcb0Y5!r
z#K$xgN)g0d<ol_EgU9E1I1zmaPR#$tOE5;oiYg#3!{59ZiGzM&GcMSb#qy=S;$Mg*
zk*?#lETTqT89bvIB`JyK{T;NW&Ka&waME&%unqhY(Uz}-dV<m<7ENi7a`}Kej!@Cz
zj%~seJ@VFu_{VnFfrdCPNu=py&xUwLr@S2=nmNSI=Ys2Z#v$&F28G<Bj2Z7hG&bu`
zYCpAOVz}^NTAg(MLa~>OY6%1u)nC<Y&Y}r@;)u)h{m~TLY<LZ+!9@#L8X*OwrWY^)
znTI0TgENeKM<7UQ5?}rAr8-)x=i>9#U)hXM6b}!>YL9~MnQD0M?fvD_!u5|wG^c9N
zli1F#q(+Z#b`v!lEERu#lCAB!l-?7oi{c-mCLrZ53yu@r;ip@k+?2$=)lT>@Eh^M`
zik58$=JV!sa1iSb9d0ja*<#|@g{Sn_s?@najJ*NpD#LzDdX#ob1D4~UUwY@DM|7{Q
z+xO{hlRL<oo?5V&&;K>@MjFuCv+heR5qw9=NC(QFL&5ANd)75ZO(}{b9t}}A<6hEA
zhMa``sm7$)xkd)ZXBXoGAU|*s42C{yXU(ufDX)3jo(!*&gm2ccGeQ4|a%|oQ?pg4n
z1E&@`;Xn7T!~?^$u-eH;bLE6vCNQ)5F6_Te7{j#}SI5-VDqOCYcA8>R!k$jYSpKe@
zY>UDv&lN`%Oh?u^)PZ?eeu}bM<ASL*u?tNs6mH^&<Op~bYW)KgPXrP!+~|4d>S!7#
zuf_7G$N%fk4fhFY3<w`zb<$dT2Z7(}1%lp}2OW7IvEZO%V7qaLNOiGDZd-^OD9+L0
zI|NSXu#-66Lj(Ocv)G*!p#}R!*2M!zrxkdMFY}I)BSG;{neJ6wxFp`9^c{;8`jW{0
zw)pJ90b;D(k8&3EXh_SFC2FZQl*zhMqokAVR8=Ro-`0LS%<%tDkt>@o*9a)@;u@j!
zUZFNV(^ZwuV&R2=uOC+a)HM`+5|~<hL1cIJMD0~2_}J<lVkO?yeOWOb=AiT$#4B|5
z4+KSlyZ3DSz&Ar{N%ETH58%azE#sZ^mn=^<cNg<)G1K|eSF$)z8B^E1qnZef{}Q#9
zt()|!3}I3>C!`GF+q4-=d?{#_9)n0ugJ@-S^~<>W#l<D>cMoHd*{2Ke9}NC72Es_Y
zJ)S=|!@Jub#}44v-pW({FvD>^9ZL6#v!Q=UPi0_bKDy@Y)ScX8^n_zE+W%tAoz1Z7
zrJ30__=$@t^&~woyTA<DG5?o+ZEHvWmWkGoc*87Pl&*Jfp62ZT{I}l!{5KsDGp)3%
z_I#JAGvn{lhgKIZ$_=N*ol_k1LM%EQ5A&6$_n)=vb@TF<ltvsE;H?90SYQVmKE7P%
zjySMte>!=HD++{63#6&-<2=Tf?bo#gMxi{~ov&)1-}pItd3ic|`gypy`9RuGI%39i
z-S4F(E~1mY+IDI%JNm`o<iBGS{U^eG`uYEfa50lNuiBq`$i5J5U-abW=2!=9UkOX6
b7AUS3Dtb|#03ZL^)WFeSDpn}#4^aOHm(V?f

diff --git a/assets/universal-crossplane/universal-crossplane-1.4.400101.tgz b/assets/universal-crossplane/universal-crossplane-1.4.400101.tgz
deleted file mode 100644
index 9459b7caca60cf7861939b60ba8908f94869ae79..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11618
zcmZXaQ*_<W8}5@dXw;yw8aHWdJB@8NYTVe|vC*)xZQHiZ#x{47o$u-Izt%Z7XRhaB
zX3aY<p6Bx=@*@`1e+!_6qBD|GVK$MH=alo{;V@>?VE(DfVX33a!>OpD!6~o#%gV_1
zr-z!doq&|-FB_<HpEJkxp}D_cuWKxbvNY8c0aht;Qa`VBCH+}O3%Rb2^c3}hJdc>6
z)D(uFzd3w7-mvZ~k*;nd=&AJ)@e!lx5XR7+LP{oYpJ)nAcVMH<tEl~GZZkoApMWg}
zX4xe1j$0UGOE8U`x{VDB9@HAUaQ5IC*eUP;s$Ql8wzmn--wL~%=Lw03&e0w}z0aLp
zU6GsvaGp<dUa~SR!skq#d{62Umu%8B5hcO_Ght}NP-uu)Gt$dqqOdKp$4#NBq$U9n
zvVpMhkM(QDf^kmfhY~acV(x^o7MS2`&P;v##L23)QxpU|hhJsO@-hg6`(G!xb7#@3
zUOz?bott;JFK?bbyu`$|4olH5EPDv|EZczuz2Jk23%hoOhfQ`du%KdK%~&Xi+CPVQ
zBi1Um82(HgN%oJaOm3S>lu0QT9q?}H%shT<3*sF}Ff71F*>wIYE|;L($8u*uX;0Zk
zf;#_gy|IHE&;8lXy<zVnKdU)%XxkX*xdLoJ-LbA60)U~N+kNxq=InNp&*{wt`YWsr
zg0pD51G_`j^?3+uHX1Q*haYv<9!&TUibF4^A|(nRqy0oxcxdY$OvIj_yA>}t<Fix_
z#%^6yXh-QADA8S0tDy3jAO@K|xseu$7?(QhEx>m<I-hXSR#?I!NQLG(w8z08%o=%B
zR9Jb59*ZINF2(6qD5y7D_Z-2eIr`E31F-nCEz-Td4U8dTgu{|!m?3Eskz=AzCEg3^
zQotx>WLJ|{pG~AXEg#@7o$<v^);^_M9c^$RVNP7hLpO{7y@uVI$w1&{VDy`TWPAc}
zPrxSO%^##7h{zk$UlR}S{n2Om#(`)?JB-4C3=h+tm9UQo6$Vp&Ye*1t#X%~JTFVL}
z#AGZy=ND&?T8l>$47vq*aLdncT;c6L2&4)Df1}_B(ouI7pHZ>RQJjbnhr>%^ne6=p
zL{`xSeH~#@nb~+{-zD}~!oyNZzbN>{#je)US8Hk3!19I3J8OS6yH9&gk>)np*Uv>f
z6mx$n-*aatNRZCctumuKpNc1K=^^PCEtSRfKGiqkl$VI<ml*MiCTE|Gwhl;rhknKm
zNBjCY<g1h+KqJ-CbDjZT=b<`K#3fvk77wd9dJE&Q%LCPj2lJB~MokJ{iJCw-?iUM1
zA_fZ|68e!{qSSc_Pmg6E|AbTY*EnP;DRxAt4sLwW?q%e~YV=U6ji*<>>TuChu>kN}
z9p7u<@_+;PBPLwHLUeQ93WaQ**n6@GXHf6^`=!FmNp=*q!#gS*bSIC=ej2QMKx}I$
zj6fE%1oX0+#JeTd#1t(yKni`x#%OO*a-6~<6#t^&N{4NQ`ArAP{+3TLE(OiVfDG5b
zi;6X~o14Fmx|jD@?bJ~|2&vX^K=tqL$7q;V;RTLN25vIF5mU@AY!v92D#ZM_j4}IY
zytqQ1k4Qwwq!?keA$t76jFxRvI7EQ=^UL}E%IaJ+@sSNAsGw>a1}dhHyJwS*pD<uf
z-{%2*J$Z6~Hhi@CB^Jc8?Uup7E!5@i<yeZ;V#bqm*4^F5_JHraL+0#kk|}C5fBO1w
zTPa=Vyn~7`mERJj#xGaNH7R@($`7wj7-Lz3I;6@#o-!$WVhMX)V<TMXXX%aXg|s1u
zD8cwUoWcDI@F+U(2`2GiL3%X~)vy<PM9o*<96hOv5|H}%M~T3CH5KTAl;EJVB#Osy
zr7v)ueQ`^~Ivr^mdaB#%DXnE%KSUz`tdE8Yb7oqucoNe^o|MUSKej<GyWmTtTgP0Z
z_E~j$ch8W_>GXzw=CS$k%TQOB>TwmUmSTE7m6uk9EH$9ijP3v7#x`rSrOCW_(OioI
zYxB*{SG0{*-Ax23A}`6ku$S}Rj3=FsZYx<A?{P~_O~OfVX3~{)a0~=fEvW2uyvM24
z03M+#5ox%INQ`(9CKIgTY;}T+tP9Px)|y~B$#sdHX})8MJXc|v^o{G~FnuEogpq#K
z+s}SEN>wjt)7vP}wH9Hv&%bl*x!+!QW@k^<x&B-kbiVnHSok#qzP_H0Z|{>kXM0y)
z&KGiB0VaDq1S!KV$l?9%a~_@Tp#F;mAFwI3LU#e6y>xC)zJrKQ22qS91fqN}<+J*u
zsQvKZ_dU3ADAS~>9xd<?*jmVpkzne7e~9p=Rq@VyOo%_2r&1H<Cvupm<WMQ<;3keF
z9H_BIaw#T9AvyxytAP)HRI&6+w}um;!&`(SYOT=hfPV1vEF3HR*k9{6=r)}>GyOH>
zI@>Osz$uPiu1xds#kjNPDYobPQ7{O21-+v^2UGve{YdVa!1#%31%<ye|IfXQB5o{9
z+B2}jJ=`n<Bh4Ek#V8=;n>fRS8VtLOEM@EymR800Fa(9@-$DDf=?x1}AFI3CL3_4S
zz!Y;NG$(EM%sg>yBvBu}yuR7<c9%icdcH^0Q%@KknO~fKVDWvDe^kd&=@0%8^Jh>e
zdKpHmy^8*1jwVIG6iK{mfC{*)^#GVIZUG1u0*hG(-R@#+fbKr%%Fs?J89+erA_RBG
z+~4dya@ouG<?6IYOZyGd4{Zm>({Ev+?WA8QW)n%`IK^1t&3%Mn?}K(z3(1%eBuV%v
zCJDOodp${D8x&bNn76TuNWqhtB8|hP6by-ZS@5qq41VL|I!gLllxjOh{}V;uhr%ai
z6Fka~HN08=Ge|oK?oeg+=Q2n9XFBzFKQu(_mXSb?%HuukZQ{ugxa6*xr=Nu{Y3wIP
z))Wq7E3J+CXN|@3*x<pLJRQB0(UJcCh+|slRsMH|H@oUxO&oZeHzB-p95Be-yjy7H
z8sMGld&^cd^-^f@^ldY1bD1m5(x;wIuAiNBm#Bwn39d9w(DG28H=LsKXJ9MyCdaK|
z?~B93d9^ax(^!en6ZkTu18zd9c;bB@zwXxF9qT+%aqG8v?auT~1>Bxq(jnVA@iyxJ
z((zfIxEw7-clmhE<zll=?PDe#CRnWIk|7fvd7r{RBvpHGIQF+frVdMP5kKDH+*eAO
zUfk7|5efb059F9&Zp@mmXZ4glWsWB;41Ft_p-SS(RC}pid@SpAl;mG9i6$17l0IJ3
z9+DPG^;p0oew`I>e12S%%`y2+e{%ZDII{Gl@3IqVoM$_S@>bP_-=MfL@l-*=v|k=A
zqOp7`#pM*eN;92hIIC<=d}1TzmpUFV^&7n$S*(val#sHcw2zKdPwNj_1VMffET&18
zNDhG-ya1-UG$l_{8XirWKQ6lTIU1rF8!3_KzDX-XH{tvD0m_2R`%uxGyRU2&V7a-7
zTaY+;ws^weg7DdkUG-0(wcf3!I}WgxE*}SQJ(2j+2y&nWhfSPft)mDDSnQ$7kbcp+
zd$7LXKC0Az*-Tl*An_!TpJ?1r!Sd6S(rC6nIhpN`0a)McHh1Yw30C?5ulDx9+ZQ|Y
z>h2xDg)$vbCc4X5G%(ADXwgrZoTJjYI-Cf~G!u+9_J=RZm*#u$vA6g8!*hQhW4GO5
zP*plMAI$2K_YnH72+{vdX_x$&9R9b1tGkUYRr?^_XjN<UM0pa*sN+D>U%6E2GUOcE
z9Y=gT<+v&y9~asAt49Fds+t~m#mu3nU4sG_&m31w@Sz2^BvSOAFFJ9DuWNT*W-9C=
z$b?fmEVdaDNuPG3m9J=mBgi4H2*nNVu?XWv>F=C%YN*{khsxR+H;41t)g_76KFjNy
zj%SiQ-(7%<M7HGzl<%KW3`UGPeLfi+N5bOyHVfC=PDxmH!u+B#jO-Rj(`_r(Dn`{n
zL7-<3nW<&uK947uv$c(e$`(XD`h#r&lP%~{A(#l~|DX#)Wm-<-Q*SFL!y`{nGbe0@
z`uQ`Lk%&B7p)Qfl2}d>UD{Dz-XR>at4Aa>CAgZ$XP|9*cHX??;k_<cpyF{P>k%x=C
z=W0w%qB;k*PD$Fw7LjaS9y+9CxEC?54b(eM86O;KZ(`ENsD&Yh&55c)B*|eHbzAc|
zTNDEd&f3)0DoLJ$@=WQX<Rm&&P0#+>hnlWCI)1ND1~hC5oTO0~a@a9?1A067Z@CL4
zKT8yvKV&{-ItEX)eP5ap(B-1WmP6WRmHv}PF^Nmkx}#EiGKU|qnV-|0!(3v=UT$W&
z`abpM6)Qhynfd_CA#_tWW&)QN$xi@Z=lkKi8-wL21W4e1ZbT#7(J#KUK7qpAa=GS+
zf#u?PImXy>;SY)H$vm2oP8^SaqtghDozC6cgF>z-qo46tPC6j5om*OfKH6MMGgL-6
zt)3hn9kn_4q=6V!f7sy0hZ}Gbn27Ra!bKN(fw<n1)%aGmylGn={QeM3AtIi$k)2Vu
zL>s4Ot9v$*_C=GP9b-)FX(gjItD)k};Pmfu!P4D!X6G$<`ttqo&78p!4h(pZyxA&v
zThIRsb~!4BS#O~yp?1g^WZJN%{$HpU6fQc`qDYS6oNg3+!#G_8Z^HVe47z_TW_kJj
z_p6!wE4c9B*#J?<39J1XGbb8&dO{m}+vZyt0BOlu86E{B>uS#u?gWs7l%eNU=-smB
zh!gX0q5qcO2S9Jyy9|^5L1r{ozL6_y1ozEq?p$9g^qtj)w#O&$fI2&!?-F+5z6%oq
zPY4IE1};<`I{-%k)uM-I&rBbzjm~Rr?N$LhLq9Oo8PNW6NG5&*sQ|3+fxm_(Kx4An
zI3Q`|ZIIuh0J|WE$3}M9QK#rNru#m6dkofL#>`^jr*58Uy~L_sZHJN1vV`;D1EbTc
zC?=PyX@urRE@;5fEhel#7ngljxoo&!>DQP3m*ai(HnBTg0E1fK{Oa8160{UQ0Zz!M
z46ZNvuRh8Dkcy6*(Bn+yy(%QOW1}<nnUvAdQ~nuIF<?aERafMEIsBFEl?8vtm<%f)
z12K#=#SJteCT@G_r#rX%*4;*DPY9rSz8<`8zf-^OdCnQXgT{C+pE)JQ6ve$3i>D~Y
zvYT}uqUk*0U)-bOh5e|$v#MJS=L87}*HGRX)|9_f?tEv}Xj`_qrQlcj<3aEVH5GQA
zUIW@eiu=)seLQz@Jdq$J+RkxJaYBl6Xa*eLZZIYgjq0Ubue-znNb4@s2M$xj0RN6s
z_GCZ@Ts^)(ZXpJC^?-q*CpXYNL??tbd=~+;FY@7*+;suUXFj`9w=C<bt_O>aJaN%F
z5KV}+R|_$EDnVG=+l$Aw^lMEkq@0CKb72fD7Efz~*&d+t#vT-7h<J&IjPu`=(N<Oe
zX%0<(W(s~J>u{tb3n}P;B$^7}MsYOh<SH=(FB;jT_jv}+Mr2<rCX&&j9z$}y^!X%v
zj9wDqg9f$u;-j+Mb!AT+ufQl%k*t6xA}+g}(6^+5JvwavWAAxwl)#O&<uU=~!^tW~
zY<1Aa&zb3d+ulzXueslQ7%_{OQ`+vzr4Ou2Rab4jBt4jlwo^3I>rg^;!kYeykDTZ#
z3gPn0q$=jc4~lvi7Yy4FxDPV91z#7ToSD$&$$KU?%)Qu2Q`9s;wneDk`?oIteSCqF
zUI-}rh4ni3EzBBqlwfjX?PIgw;))ffx5K-^;;WnglhDh5zt6Cy70{M#Lj$&pr*_qa
zjK{GkAtk!jE{wL{OR){J1hexZ&a54fvrhTwBHgL~Ogzh>Kb4vM7&Me9N|{BEq*X|)
zh>c76WVFscs}?rqaOS=K+O%v*(<czJ>wTqePcjbutzC^tcpI)re73QzceHh=^4C`S
z2N%W->^{vO%A>MN{58g?UX8|!uT`QQ8r3&Q7yHS#B}<@{mXErmjofhSzCBJGeg}`i
zJADX<1EPX|PILt}@2RqkH5prMbqcOq6WR^8diUzDNoI)9kq$IMOtO#<ysJm$$k&hN
zvjtnJSeY*MwC@fT2kTkwa^kuPbnLtjigRPj+FyO-mv+?{<QMAhJn#5vy`Yypp_Ze-
zWfWV?TT>hUU3<(-Wd=|MW+jMnN*Z66TC!;M$<;^sttL~=o|s3!b*<2Dm=`mt!@ft>
z_vi2REod;#0fy{E$r~lZun1kNDhvA=w2-uK*S7l1K@E2ad;NcgkFH`BV`3Q%GP_D$
z4Ny*$ym2c?o!9io&%Q8xlWnK+8N<DyseVZ?m?uTNv33d5B1%y5orm36QdC*%wEP>D
z<9gw}nMWm@7OA1$_CT)1)x`*F5_T|`icA!qt%fEEO&$#XJBp@mDpWj5uhAyJ)vq=2
z1JkTILr`vMp<;?D{PYb{S7fCf*V<PuPX5~3+M#rU(H3h;!mwbar#E@F>^aZKr0RWK
zHCL{0UZ^l{epm6`<^A`M!uAShS%cU{K-U|XmKbrGoHwcR6!`SIdOO~jr=Ssour>|I
zJZ`sl_6`9~0;TM&m0a|b3Tg^Vjhh-%=^Bc6zjku%;*OLl*LBUmIfHKu;($M_@RmD3
zX0Pq)yEVwIrWVkW)d>TZdta*ry0fUOg_6O-`me#qV+@*CsBZ7FTSJ<Rg<_4%LzVEz
zk*?i6rl4<d_+8ZA4_TLsBqp;8N1L=sUQ>nTBwP2@?Szg{zj_a_`oWR?`R8P-=#z$h
zN|X!j1{vnia}?hUBdX+&ohrT{R;A{a@0l5~lgEJ!<kJaHgXPV$;;AIM$bJOAb+^CU
zalu>60+1gE?{@Yz9)O*|iT}S6D*=<;&-%BQ0X{-pYsEW9yzToh_{$onl>#9#9p!f>
zQ<OP!;0X=>UnP3wgG_>_b>`-7flCSU@`z{0&SE1$V~leWdFiqi+jAL`iK>E_6>ARG
zxO5h_@Fg45y0kcH)ZSADS(4MTA25c5)hk7xp1iAnG~{c&IClE}igcTHYg@OyGW5a0
zDl{t9QDQG45J)PpFZ&dUT$O6I%`vj+(P&MNn8v_!E}_|YS`!_AZgcDA(pL-_+Y>3e
z@1HuH-q84ofkhbgJ-K1Irg*(`)pq4?^|rgor`T#U%9)iu8Mh}_>vB9a_Qh^C=5c)N
zg{5DCx$jyIgAjuki6)=4^_I^W-N5<@>bINhPcL4CKz3sR#|FRzf)9K9Eq=yrK2N-g
z@N4|O0I6w>JxHoEvXPSlDR3cypV!CU8Zq3ni9?TYuvT%*C>oIe$jD+K)LD(#1%4`M
z9`J_TldyR9XIs>Sg%-68bsAcIA38PeP%yux!~9aT=o7i--RbI#ovTIAaR7VrnZVX0
zupTZsx(z0|<W6y{g;h%m6(1IEly!)x_-vtb$V7-Be;jhUZ#O7c<6gyhmwlH0VsP|G
zOs$tf2ux^wf7ei)%O{N<z0nIUL7JUdRk>P{<;Ir~RDxHNV`(QN`VbClHuBkCY(VYO
zpQ4_Rz0!HdF~WSz^8;K)S#k!$YO=py-Mt}>F1*-<+DOg>-74jY_k5~ia2p1?YQ?11
zz1SUjuy+u2G)%?Lk_1hF6}fO5Go9GR2$!k&`NgQyCgjvaw{NV6cd}bLQ7sn>+WhQ?
zvQ)GVJM~HRfuvamtbgzb4Vga_=IY`AJ)>e`q1*rp4b@08J2=3N7Ww8#>AG%jy1dA+
zkbL!tZ+avD?vGx4DC_7%K!B$VrmrAK8-J0vzi!NrGc{>4J2f_+&q||7mH{!l<?we+
zmA+{~CSy6Biu}&6$~-z8?3cS$szBmNKNA!#)m?c84(Ml%9RZmj9g5Lg73Po&$nsel
zoMmgAbu1N`)uXYjjd4~>(C?aE7um3ed9dE2Fui(@781c9iQZqE-s<^KU(!djA{44N
zqnTQxeRlPVbM?8_vArtOUrOf#+wSA6v>9M_9A#SS;ZDD4UVIR3l%w3pUrs3vSR?qT
zL^(QTF%cG_ozaZIrAl;i02NN{mzcafV!^Z<dQe5hbaXJW90N;1G($*};Y=DrmhNq3
zmp&Aw(KoU@h2Y6nvMeMRwXdOtQ$LjdH$P`Y3>N(peK@%^1?E8!bf^dv*@MFq1|I7!
zU1n{;B9ff8s$~$j>q$%3+h?=gUp)`h){_%@C!0DV&6U}79Z&Yir@>(h-mc_@Q#3tj
z4z6|QmePdO*1SxqUhKErNPN5H=lSxLR0aJ<4R=%K<N4>k<(oqIH`f+U&cT@(rHunb
zkc>xPFs1e~V~tgn>dW2Mg^)%ApnXca()9ertMm3XHt=7yh8#5(6hee>K$MRsUbi+K
z+sS_cbpz0kzmVa;I$-(oeQF4BV>lt%0{NcqfMm%T>kF5wH@@{p-8Sc%;Oi%h3^z~j
zAa@$pUsRo?)lF8&N7r$Jm`%Gxt#*KWi0{MN!Q<;j_{0IrBaSyx)g(}_c>`>$pFDBC
zb;tbd_AP?fMy>G8qjz&Z=WF6J8H^~qp0n0b!R1c0!O8YiKRjt#H<~@EIc{y%n}=lG
z1W)MQ>4;HU7sv)!LdQWj=_*ij<{VeoW*pOaS?=%V4`q_#Qq26_EhJQV#wHGr_(Ah1
z))c*EP`GT1{7!57wZ=G>vE_8o9gS@#M%qwvWpk)+JsICrgaT&kL8~#2j$gMdnvS2Y
z!Qo#Q+(P0gDZP*2zEi}n=1(me(9V5pB7-zCcGZ7j6X{%3TE#>0?C+>dZd*ElZwm81
z@<Z<Y{NloOjKmDzo24``ugC!_q50^m(_6zm`k8f26{~}XypP^_%U;{J;`%g@er}{X
z@i|hL<^gkO@&{Eh@2#Ta4*6OSI(_2Iu2y~_0S}O?<MZJ&<lrQB*lx{hvEq#)Yw?~a
zsnfX<Op1p(wZIaQqscwjmv=r`Jdd4)Dw3qr=TyN=uI2R`8^M&exOQ<DGIeL$0H@d)
zYZCa`NEu08?<0bjSG$JoL`e<_YKXmubFz=Yf`H10)TActxgWEem|)7jjBFO(KG%Fz
zvR%-w%C+;Qe69FF==gYjq-e}d;h&31U#7zaqhk6ArE5$C3s-*u0<ibTR}E+pQMu2`
z>9{5miNl^8)=^TwnZ0>TQxq-#qLE#3kS;%yC?`!;Mp$+?6O^@gwzeE{;38{n=IA3y
zowSzAV0Vqj2}Z+=?$FP&mXZ~@)K(?)amq<lO05b8brKVP&yxN_h9#WXw(RkyHJI)U
zShhm8trY#5vjMd&U~9Vr=+0_bdEHiUN!Rk;YFAC6k!Nx_^U-bkUc%o^yz<JsDc%L1
zPc=&j*=_Mkieiqe={aSUOPv$v#w<N;PL64NnsDK_fX;VK*M=|Fvf!v8@w)zV0AOcB
z+5PJhHf7$9Haj~Zs6aJEsywObHOD(M2q7MU+W-Hmj=h2yndS$t1+Sf3RXmf3X`jjh
zic|{(&O}#IR+BDWWQSZ@Gi_)!2Xzvu3Y6?8&lcOHT#tl$cYEz1<3AmwX&$(vf9D*u
zw<6^IGl=#~H=LO5KOd+d?!&R)AlsJ{6lPHk+Ea#^CsZI3VRKUbaTu`sU<b|q^;<Iz
z{(~j*9PX-<RBd$y!A)oo^Lc*?>$MWP{d$-)e5iSKo4tq_ijWz>5c>%ntYm<ga24}N
z>0vk&W{f{gAhYRmls`4hHN&kqGaJsq$!J`Y&36&QwFGpz{dZLKbjsW&yP5PT1>)yS
z_W9qAB?DrfH+2nBBh#Yw@QZH6&IAk03hB{fn3n30?6j4_IK#tA1f6@3!C}(5(Bl)=
zjlohp$#<ZdFH0`kbe&b_a%XRb2I`KPy{Ra5Tb&0>el3n6?20mUSwM{=q)ySg1j`SN
zMXhW{r@T9KA7~!~zCZe3+;-o-D}wIcr#<J)n*d#<oQ*xsYkx`^xW3^0w`Q_7sTH76
z>LGN^xyn*J;x7)BZ$A_RuefaI<aG^_p*pyGrf<6d2i)BZs?iMxy4!039a&E-a5cXq
zzD7(QnJHdH%CIoGlrbZoMDE3Rooi-nRjgjr_c2XL5?<FCEd9Nso)f2*-ZkYwYLsJn
zwTiM`6Po59EDWyRfk_{fp4dJW)Qqie;&jNH_SE^K;qYLLZ~i#s>1qg=#X&N{P>R?=
zzl0<DOc;iY1-tUcNptEO#n*BrjzI(+a?zR0o*z_2Vi=(lYldA{9+gjE?-^^a(#V@@
zW@Qo_`xsCV>b=R3O`D`qU0Cc9LC`319&V*{S0dS)-2QlkQ3{D@LkgOrL>i6zl5a)5
zy^bxUx-hd`rgdy-VNt@w$qm}(QOL`S@8Ax|giJyJ9hK3K9jo{5F<(kDpdKQuJR%R1
z#rz32^9|Z~qh~{5`DkIwF5pD`gbdkN`s2)X>4aD~eQFx804D2a6BT6O>XYlM>1+4a
z*1sm3;bis_X!_f|OaC_n5hi1Bt0X<CYN-iKIB{Y{qwC6}Yo9-bz4h)59~Ahgu^@nV
z!LV2tWY(V3<}YqCCfZ40;M&*~50Q5yB=lY~@ktQU+q5vBm%H_<*J>Nzx$#jtm)@!o
z+(6xp_<A5q6sH@gqO-eY+P*<aa39WAK$2kkSZ(fWj?BI2P(K$jb|^iV5y)0wA~aVQ
zd<uppiTF9}Vb4q4EYk|E_%3*?{^0pD5K&yMIaY@)b{qQ)p*<PouE1JS?X%jt@G{M<
z%G3_~YaLL(0=VA4oXN!c0tTOW>$=Jz>{7xvxrYZZpYWa(#t{}Pd8v^GsI}DI6wbUA
zIQssjM-HBi%06H`1j<SPIMLh%-M{`PM9(Gc0dRqzHnZ`b-FQw)6=iR_KR%Nmbsj8?
z0i6+mCa7iyXe=lm08o!c)HUyuJUZ<)-mWH}sT;3>i+!=0vURuQwPz5hdjjYTj0TQ8
z=aAmFzlEucLUettA6}A!(=xh1O$1tlN4kxje&cQeD1$D(0`%j2-kOG<=e<?Zk=G!S
z2fN_$Y`9C%<J0&J=+z5>5YnCev)mYKm|tkbD>d44U1tOHV<f{MM<7EBS+z&K%M?lH
z+P!e#PXr?RP$GH+V!gW1^G*o=`Ck}+gmSgOK?*d^L6Q!Wdyy1E{~Br{T^6LB4(=cs
zyds~4AhJZTjq=Az)&tU@JL53z#Z$2`27)754mH9<YjXwhx(xUiJ%kFi2$@G4mNa!$
zy}CI{Wy4@C=G_~{m>HTLUlvAPBtKeq+@P)IPEpCiYp+3z*x;F{ZEdou#9f+DLwbq8
z3I^L@?FvcfA3=RDc)^YC6OpPGPpY3(SI|pp1k{W;v~~tpcV-=o=n3)=I3*c=#pssU
z4OrXTguz<u>3#laf1>194*x-qGg(KZs>hLR;hV@pT3^W`oJu;OOeLP2e7I+;gU>G;
z1Nq1bK%?VvROJjj{bLm<{%<tYR%{zrpXjf8P1XtE*zR92=wC@|xga^L4Luf_$9(JV
z8%N`9ya5#cJs4km`fK(>fmcgJD-+B0O2KopT;w$nu`H-<wFmefK>oa6ih%loGpTX?
z!Jo*h>K+~T(03~>b}AnLw_@&(qm+3l+mc@@pM)TD5JeDZX8jqcrn2e9$Aqbu0-v6+
zEZZ@}Vq!j1rU^%N(6RS+l)pV9B4iC%<)V5=1VT|m6Q8K+{PW&E^h0Cr6O@l!EV*HU
zr*OpG^W-nPWAI55bkD70-vIX|xK=&{g3>fh$}pBdKk=3`XM-Od-ROx%=E(nZmV9~J
zpt6}S{}Btn%0V2@3U2p&>l#4Om!bq4u;M>`KyuwfjACD(s<!QQcZy5j_cPzNv*hs@
zxQMQA1$@}er+fX`IEb3)M<@TG0+-pn!OCZaKhJnJXO2<tXHHlajc>8LE2em0vdfV7
z%~y+d-~?6X-<3tGo5O+T<OVpqMvw2ECRhI>E)KabO#STL%_DpUK@c6A%+U2xXyrdM
z=Kmjqfg-pQ5T~3+`GL5<y#w4)8gO)3&)9)!;BfGZU-jykLPP?3X^s+^G`{(cXloWv
zG6(JIPUC+_#&W(9(wQr<;y+cKBqHf646*qYMB+0ohib<TO-{HSG(E`G1}Td6Lx}QU
zBuwLLjO-X1V?n*o3KEp0#zp&-L1D*Y9tU2AX<T@bwD3{fy?Q;UX{DT!YI6SKg00lP
z0Wi|B%>RG`k+6OYGrh*N1OcasM^mRDk%^M*V}z(^$S0Zxk7b9Zf`Wz{hMY6*?iq0&
zxf!h`Nl$(?kCfS<MMZ*xc@mG7xgX151XP%^F9Js}!$cBVkRoJuYyLe`BmEIuoxEO4
zzxJ5<t3J95^=w=oj{|N{(#Xbd(vdesQRiU)uPEd2lTHV!zn1IX?j+si<fWx0FsWLQ
ztA|blt(3mE*LF<$NiZ*tq-u;+3N2UWN_h>9Zn(ia^AK?oF_jhvJd`D;7w<GF3Upn-
z?Q1VPyuYm5b@PB8Fme3G6-lebDhRF-u1gtD&z*OI6cX>`O{tHE;_=k}pwA$N_qdoy
z6gom;a!1mQ;j64;;=5jVFIFSxo9%vd3Gwst`n(>_-QO&$KI(CPIgY_(WcjYVwAtQY
zuemnp_9?k2)+Q!6qs3cS{qJ<h6V%t1wO2?x)2Hblsa!ei$L;#uDnG>h{=y)bJRyv!
zKa=;XkI`4b`0wxtgvOzdr1#+th8ArRbqQAWS$J-q6=lg;1z0qj@v@Q+aLWv$7?gjH
z+W#g@<ZJyH{*D?yGK}I&7j<pd^FVhLTiM8Y(xr0oawQhf8sS-co1{oKX#hO9p}|A`
z*<WrZKz&vs>ch<HH_P#W$cDW>4r6gfKi0?%g4Q?^l*UA9lT9?ED3};xC?94liYYsq
zJ7TCWPO%t`1$cdhm==i3-+1)lu^Q2O#9t3wkhb|QejiDUG5p0v;@t7er*y6x-^s1@
za_y;zjdC)6T;v#9Fin(4FA)vmZC%hsKVfk9=e|L*&L6sw`{Fq{+uVhf<C!pWP@o4>
zOqDq8i%GjuF=c#u7e)EvFcw7)fq9s)@s5z(3K8F(=}s;e2eI(~rp?3^{FcZ-cK5lL
zOFPrJ{&y9DWBdedCK+!Ydk;-rocvdW?78$Oe*8j|r>v->-A{(toC(y!>^&pH=iD==
zTEu+>%+`)bQf@Ix{=aDvR<P(}x2++zLVrG#GFXn`>2RCDW2<Lbh)zjRH#2pjqagC9
zu72d$$BAppFfJ#xS5+~hS{B4HbNuT3zI#pc9ixldgjqv%dZDB7hGXN`-5rm*>{WAZ
zY!G6SS#8tqaT@t8-O{InOw3Bw+s1@%W<jjvW|GjmZ}KnvrMYT8W^qd9MJVodzj>FK
z&>)Vm@q|wnj-j(m_*JVP7fq9>?`-72Z#x{(KVvi5Cl9~pR>xHYzaNIJV%*A=R%KNr
z_f(G4?UtcBB4@fBN|Ufv;{0wX<V-iLQvUqVs=gI<c#1lj3rA3taL#y|AEegFsBOQm
zQp*&XK9^l?RyvXGVKqduZI(2zVrBGTBGy!}s|__x-Qlc;QOen1WdGT$@c^l%l%(Go
z>FBJ9(c1+N)&L)WjLc3tH+u0-VGu4x&j~(-)-u_CLO6IUpgQrm)aJwh5!Y1OmZQMf
zwfs;GYLtHf?N$s^pt*Y_sZ=neL9k3I6QA;sr$hp~w5LKdS|b@bv!7H;l#r3X=q+L(
zRQue5@7-zsxM_iAYG+=nWVzvZg`Rf-tmad3>Xp%7ddM@6>*%zvPEcN#zO~7-M4p?b
z-g6mbAFNG4@U<PNN26V&_4;Ii+fa<{?Q;GZI;@{5v|6!iEa>&46S2HHCerp$3I>r!
z%bA)6hB`w={Gj1v<V&e=Ab~UCowWnw$A{w3mcstEBjGY7xzTA^g9GkqO(nCinBQE3
z`U<|oUnwc`YG`a3m4BWh-|~eBo0ZK*s=|~<Tw9@#JxXK3>|7IsCYGisVFVo~2T6ZK
z{8MOWf%(ilH(Wy&u7*P#n1We_y8F->^8W3sTFJT!u@mzX(^@dKKnsIyIU&w=>-8o`
zo)^yF_;Y=nJ3+g|nD#1F9pV_}VF)ir0owu+OGFDx%d#dtMaAWoyk8|V$=wk(Wqo*e
zl0Cly%wkb&wS%xp=_$d-8my+9#^o@pG|d6kU>bFb@EsI3g_fSUXX#ugEK<xgL(|jW
zNGH~9m}Cv&>TP`!aNpt4sPq((*+TsOCw(WY$SPsScm_41!P=&MaKRKSkIDwX1`3BG
z5jw+Z89V89)|#$mP(cgJgtDu58#Xf98z)HRB#@D{>^~*4i0q0JiyrQ)cg-x_uFVzH
z{XV}U=X2+r<lyvExWvDC|G1;Ko-p{CRydr^d)v=?SE<G}cnDV*fE=>xemQ0T6FWUn
zSGV@NQUjR|Qorcn92j%~nQnANOwVOLj<9dcLDR6R1@MXPJr7>9MeOe0*L75aM7=$u
z@hJpJM2G7?wPoCwnEeCt{snH?a|oEFc+aBxM`N-)v3q?a*0`snf<8Nb-yZ{#%<La}
z$7dJg{UBd(;RkeG#*XSCyAp1blszeK1#zE@At$`PVa1pnXwF&iq8+;i8veurTCqF2
zQ9+gC5B1d(PN{(Os=LtZOU+^0Yfp~$sjD@(Y){P;`GmMVt@g3pT^Z?Sxl^tyw#pCf
z8Rt+3CZV~>iYg5YMixZQR54K4@z9Ck@Jf`r2PhsNi8-*N=AEjds2n{P%bp&8WT513
zp9K%~3aa&YZ*P0ZPdvikflb{W5vs%Y?9Zu?U<nYt=^_N`D0%noc+AA`&abX63$o?p
zrtS%mU_70MMmP|!VZS(`!Flqt?WD8?W~qLA7lHY;)wrbQd=8g;u2F4^%>Y%WKY;#-
z?Re9uNuJ=M)WXP{)TZ}2cY;;)(PD|%Qr?_yU86j730iVFXjUpyqYz2$qLK$^b(|Wk
zGabRZ`>Xe6I<$IPAtsYybH!n6NinQ+-1`5~ai<S120nt`PM+ZY8;_^qJ%foSVsqrF
zSf;Hky)u~6>FO%r9cg;uXd<vRpYRL|DP3b5aDS84Kgo<qfcXa9KwWEG&o?JAmU3Qj
zqxhZ13&+}D91<zvKckd4H?p*ptes_L=Qb?e|9TqMWjC!DG9xWNs`QJnTRMgd2SG@Q
zk!$5pvr*2BHm8+K2!<rU<M(KXoP!ZhXz|XZ6^Z63oy86LA8_4?-0V{M+62{BiFT{p
zG}bv0wr&`5rE}omCiXjg{Wp@d=n(CRwO826h%Ja!SvfQ(!-tAK7|i-U?`70Nryqa}
zAFGgcu~(Wp*MUn`>Z4_ET4}bKdNHUqei8<?(UmtQpHmn)%8raQOJF7x;P-WEU6ZN?
z(PQ6(wt5rEi)%vVsA4;@^?uganJiZs$38{Q&yPor-}Tqm@7+zCuGr|kcjOC^TbUOu
zjH800SFmxuX~_iAz>(4<uKV@hafu248ypA)DQSp40k*$lw!1ySkl(XVb^zq<UYrmX
e1n{&G+00Sf%zc&yg#O{w0P>}CFq8!})c*m*$xe>|

diff --git a/assets/universal-crossplane/universal-crossplane-1.5.100101.tgz b/assets/universal-crossplane/universal-crossplane-1.5.100101.tgz
deleted file mode 100644
index 41ea014b789524947fd6dbb8c9c65f77bb47be18..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11619
zcmZ9yRZyNy6KD$rm!QENg1fuBOK{iV?(XjH1cC&I;1JwBxbx!fuJ5z+{pZxa*mK=g
zb1~Ch-K!T#EIby(e+Qt2pf{0GV=<Fa<WlhF<uqm2WHDFgwANMU<x<wv<WkhKvoUcn
z_x`5pC@5oLXAg1i|KYMOb-NAj^ojwi%6^^3!=jB=%V?I(XRzh29nDZmag}{hn?}P;
zX@p|Ao)p2@dp<4LJFUC~`PTY|_=Z)zK(IWM%g7b)GaRAn4f?r1DR|CEdn#ij+fMQz
z>L;pB??Fg<y;;R%9Z##^z8?sw)h(Z0TwPQEzFmed0C)>LZS?B<AsXoTJ@EU}Hggx)
z*t6#e=Xg{8ijj5)s-frpazhKReTK4#rWguAj6%o_LV!|5gxUZV0ezdPXr0(HBo5&*
z5{-h2e9|WNMPfQXo1h2{b;n+ySayG4-OZy<m8;XHik;ASu%W_`o0bSGwUA{mOiH}%
zlAk7_vGC*a$NJU7YeHiChz!HRvbRX@vSXl-FKk$OY4@(kh}kYW7DNKHB`XDCCuW2n
zLW6Rfv3c5PMsPw+M#prTTvoZ*pkG^8{_$f+7~f#3aS0ysrW>_{LaJ&%>zx&)6J-Z6
z$~@hA^Pje!tDT;m*#vG8K}VeUo*{5B2v|4%E6u-E5Ln;J|GIv8dF;3@^ziHv<sZ`W
ziLYprCx=JN%R@YSCNcrZPy`d?94uiL(PkV?jS)eF!(+KTII!UiIpi!Nz)3`i<45@y
z-dSf@eCr!nSndx!!<?oY$_Nbp#2Qw30urWjfN0Oz@NB#dHz@^&7%kSj_;y>bU-ppa
z{G6s|)JPOrAZ2c+8cD6Wj^9vzm3dfWFmU>I^#gQ)+U+7HK^`m<mMw-I83iql@bzP6
zDGCDX=%{M+jL-FO!`(aL;dR=~_57o3jn^|i1p3Zb9fI*TFfi~h{RHrlpCA8jB%P89
z+~c!L`3Zz62_f($4AiH<`oa5;+&B~d)rq2TCd0+>Vk7A1MS;Rl+!_|bSaFt#qSCfO
zk1!jL{$a-z_N~pk1q#iIJiN`Ejyt;3AC6QhWIGOaFc)QK@fqdIcVt&Wgpuf9iOfzx
zf}*QvLIEz&C@k!J@?fbw*666L3KFHD<iynmhB|GndT9PAMK>L4%ln+?ELk42eS;!|
zLvgRCsy#0b{8ZUuy;@89^XU}QwqD`^u?l${zf%JfE=8$?0jW{ncyf-}c-xR{Fy!->
zXjE#<2x=K)fJUaR_dE~wx3~IW8Mnx<oD^u~v0EtTU0#T0TqtuMsBbc`DpdF)$#$$1
zY3Qu{h-gQSX)@=(czdn;1twkNsgsdpWH=BY{_x<5^(-ST)}ck(Y`}fwFH4X;koEZm
ztmgNDZFhMHeWRg7PlxqX&y&B-k_Aq%67++O>pN2eUa5b|<^_t2ia1W=wo^eCY@1yc
zi6m0TsrGWFCkNugG`h+S3Cje%#32#l)A3nOCYE%kZpww{gvDS(<h>^-Qyz-r((Lcr
z)=8Az;Y3O=QEJ2G%Nf*0tB_&Gc_Hc(7O9frM0J!k!cd1HwJY?uhLH8na++|YsN>b5
zQ~c(D6Ad<lq=aG}N{WRW{i?XU8nRc2YE+m{$gkJYu=l5?FlpgI529BU7p~1W{JXeH
zM^&8=NjGoT`_A*9x4j$Y!?%P+n4=LKM`b1r$YlmNw~r?+uQH)fCV{X7hiY{iJ6(U^
zUzmHTC!Z4HFX+EHgE3Q=G6b|{apuN>Ok%5z+DMeAMjVJ?5g6%GEiEnEPUO*Vsk-w#
z3A55JTg6#_1cmX$s11sLX1U!h7Vmo{N})dvqNX8L5Ixk{;PqKKWysM5;Wj2Yb-4@*
zp`ZTzp~W-TAs(wWA7gvkiO8<?WrE)7#)ba{ZM2LXMX%1xg4ICdWZAG4L}V3|lU8Ln
zBE$6a3qyCUQ%k?Q0u|r<$WQazoN;&YoP4?>&z_u98!N>Lh$@AEXmyjavxvFX+Q3qx
z?80VD!KupJbG{jc=O*K+66MB9%pU!*f_Ic=559!Z{SAF%^ZEATaXoQ;Z81j9=`#{p
zn72Ytn$ln1q7~aAMLfd{sXP>Cd*tH&1f3q~Gj2`xSl~aQLgY4ZB~4=}f$=L}u$_Yh
zHb{jb;Smoif$R4vG_=@=;|Np)#K?gj5@MqKZhzMo@Z!W(WE`y5+tpDy^~e>7uv-WW
z?o%SNc><s!or9nc*BzCZ6PY`9H8)BVTkb%8eTLRR;NNu+=p0y1Hk>52To_oPp55o2
zw1SE<5h;i?6D^M3w@Hj}W(g%AFC%3^;{7q2Nj^kvBTTC!WFQ7JIDkH~p-W*g9y{OA
zCW_oyrs7H0-|Gy%0$zokcqM1kPyH3}lA@4GaH}4#ABFQ0NeoEMejs-bll-XqYQI$4
zMS6B<%X+Mj={N7)qEFNwa3&C{T$l$u^#DgekdYM>aSUlO_sOnG$W-q<zmII)z1t1V
zk7$4-!PT#dGO5HYYJcu-Pa5H4PDO^aJBV^A^4Cd+x+8KD+GuV+XiEC8Q7OY4F*pb~
zq-3RRb%y<2wVchQb*Acm{+UF0I<mYeC|tR)SA)|#PQc(ppJdMyWNu_Z#;MP<?WI$_
z=*1Y+d^VoK6d$sxUM8|HuYW5{lKTYAF##ZDXEd|nPIAK!nl?%B)91&>iCe(fsXiGv
zlOYjy2>i56Nm$vuo&~KvY5HzJGq$UEgVwzYz8`ZoXFZCFAd4pzp&)dUwiq2d|5wjg
z-0q(~w-pNUsuPA82yH%=MMW3wBV%}r?wTF{QYJdKF&yo2bv5)h%{eKX6dV4#$UPUi
znqN36?!3_@CzU0sZOrsV(Zhg(w?XXy^*Ko;I95P=K1Rs!W^>j~+xP^@Us<!VPBxXe
zg$tuRE?;lG+0b|GTe1-{W93kKL7ad<byNXH($pTPA9$n-urT>M47|N{N`gVFc=xXa
zU?XYWEa0xfZU#YXMtNDGRjFg4abkbfg{uQ^#!3^SwO+#xgPz$2f3lsj-a;x}c^@i6
ziU(uB)X3g$15q!z>S#cl9;6xkU^o(p2j-U7Z|62Rb!f8(TIZSXfXmB1OQ1EwTyL=+
z{kDS!U44A?>Xhx5??a7dwf|9!1Q@N_SDtzh>P6;<iKXVv4MmB1xu(J|TGWX4dxU7U
zYe_Dq->Nv^pePBU1nBdzR|bUoN_{?uSeC~{GOT2aF|V>KrO6hC=+Q`MIQC}uuTXw5
zyiv3mEIFe6vK*?6-Tn_4$GDX89k1O;zaRXy44#X#e&up}>Zx*sy};zY6Ra9Rda*G}
zT5RT<o6<Mq8gHc5cEi$__94J9KKxCIK{<HZpTsh`1B>8Td5s8<vvd$zJWN9tJec(z
z?H6piXrhD$hHOF&6>N;<HjD(un|R17GJGW3i?+kWRYV{<D}pukM-kfb`xvsVP-;{0
zJ4x~=^{hE7=id(SI{j+k<vG#0!#<!pcX|ti7eFPJ!CD2)+^lTu;qOIAArl5wLg^tI
z7Q}(WyB5x+xh*}yA`7H3T^U=kU`TON78&(@eD3S_dXNFVRv!6m*p_Qx>+&+d`=hn7
zv2_P<r_2RZ3Geb2jVynDXfsTkoukluIG+f~wc?LA4@562R{Zql=ja^pM{$Ztv)<^}
zEBo<xCPvUd_ckD=;I)%fc8h^p0-1F0{CaIe&LdVU#lV#yTZ<kq<sizwFPkm(8;*#2
z{{b6IF}Z>3>uE+A=mJ1lFw|kHpV|%btdU}3nP!UcJ9S1-!3jV1#HStb^c!kT&qH5F
z7_m!1BXPvU>QHNQ^;F2Vh2JAr#Jfa1SESf2>MdPnLj@h%mNYFp+Z-=}HU;ZP%^qKx
z@9A<q4q?vXgyvy!W2kVulLma=2)qB{Ah5hU1Y2(A#n1V`tjP6Z2l{ffx+ym(5me)T
z*0w?}GBa>m`N~<cxq%NU<c~kiO#c^J$p2K^p9Tr)tQA^rTvPScax*K<C5OYfG<Xu9
ziprrsB*#*&m1k|v)=>S?LdDmYu~jVHFzqCkpg1aywa!`?lf2_c8nUic+~bqe{vzjz
z1%JPq=HfT2A{+8;Sbv9uY8q|qW7JJ2?#XqU2c4{I_n;MaHG)<*_Rb7CLZW4j_I$|>
zR=@a_LCeDq;)Aq052|ck%~}rq6BOy?f!FD}>vLYeqDh6dAeI((4IUSC*YNMxk!n9v
ziug7^yKQ-ne_=br))9ZQ+syjLLhCm{X<(DUVdS+RAwN_m{~g{VF$5ga|D$`hI;Yg)
zjsNaSkW04QVhNBZdCyt!0C%?PZ2?cHpShlTY-Qyyfx^MQI)8YCE53XqdAOwO+R!>@
z%C@mt>BQ^WJ=QqrOMytGV*QMLqXs@dzt2P@aN5Qi7Qvt6DjA-fQd`PC^IR=0LC5l`
z1lkKJDLI%ei=UwS5^WEU(U2CLnONTYwg<t_UA3m720yqC9n8qlM-tKyB9KEJfcMjy
zm7+^r)^(+q-rG!zqE(1HMh+(*N-PclHMkzC<^tgIT;me(;64(zm8BmAX708<U3c|z
zGj;;a=&Yj;-`auI3$4q*$0ykTRWMz}%zmd5yP|2uN{k}Ie2^kUlulfv6aG(BgaFf}
zra~j#1R(vIUAiHb8FKA8kcEflF3>R$6EI<{2+l{+b+C|h3`2@}mxNJ}Z`kmb^Hhm3
zgbu2kLxOc1SR@M7XKIU*9Ad9nIz*B-3Log?N2nVizLe9A03IIarj%oFupsT<K_F%j
zaCvcQcOJN$lJV{61X3Icv&s5mWY{Nlt_c|+ctX59&5cAGdTIpM%>r+s@gK{&YK#C$
z#f^XbE+4uIyUAo&+ugX(1+C)?^~BF3+ddhu;p?mov7-+4KbBXB9NuML?l1Pm>tzIW
zYSnazBAC?lzEpoxcGxSdRFY|*pEE=C{Mvlo^Wf~Rb-nZvI0SC&X>4o<bmZBNlwDe|
zr;COBT?je7$vCChTvyFc|73dnnW~O@;H0;9mQ1GojS=a6K9)1rPEr_lK4Kmg8?F*3
zMM)ZBy!F9~ir(J-$w4;u4mhptwSVsc5u|+puer~OXR@&`0PRuR-a0O=F#3f?Azva*
z;FiN8ckMCW@gA!j6l4b0*tZIzPz*3cU&?6chrt6i0&_~kT$e*C$xd>|<h+yBC}oyq
z17ehTe*@}IozFFfWedG_eyQ^Trc&gr5!0C)A8MD@b}O+to4;#cl-D{e@dSvS-*Jur
zjV?g<C9rk*D)S2P$^8I)<_2B>PQ#ZXo&qf_QdImToQ9vU$GKp;O|=KVOqjAP^rC7*
z0>9^Egkd==w*u(#-SvqEdBNbR3#0h#_F~Oxk`x8&)Riv_yX9nV(DF_r+V#DiMnuc*
z`R+*pRv{i-B99!>QV-uq8J?^d#;knhY83*@_Xn-?agl~2nXHh=M_lyXM04YL)|7^n
zfp3<)e7N;&WR)$6rXh|n2@5B(0jvh6v+`{}OkPzhD2a?J;3bZ7r%iG9m;Pv8M6)@1
zq*wiV-J=Q(Aof7=umYhnLU|;!g!e7v8!6Hm$>)!Itn-iivVIKzSxd8ESrBW2p%zmD
z`MkDotB(6&q%&ZTV^Rn@%=gj<w9|)iTWFK$q1(^>EJ<Gql*bQlz5qVc-H<$ba6k2&
z$)a8YZwr~hs0Y&ewlYgrQcF^8FxA7FsoVb^xN@rp=?^e_l|J(?xwxMGrQg%ezi6F5
zr_y%WAtfa4wl&j3H8jmolk-RF-<<s!9s1P$zgwWs?5E%rBJ3KvPgdbhj$*Ono3ai?
zr#!G?%#+#WQsp43@;c-@`hp($P$b(%RPwI65U0&}MJzH;VU9a{(`Y(0xp{b(+tR0e
zU4Kl6cZxla)6;p6<-loHo78Dm`+zi}mQOhii}E+rh!<Z`32;o1O0dg~*HOI^2<kVw
zS@fStgSAJG*!-)?bGrxC&&Oew6=Si4JY8@m`MvzGw?5^35-Zvmcbar9%DdvsmNkF#
zd!46ll{g&Ar?=gDukg}5MB%vA5<iQtd*`@Ub@%M48`I6JERELnFmx=SwqV}YMcvL}
zHF6&$7+%lj|LaM3DEWXCw1CVRj4*yWh`-EUDqljEEnUMqe@;xLGlat*{&s#}8q*u-
z?BV66pS3nF`AQNOF_1#=khR^*trwG%$6jir4zpE*6p`c+;Ntgu`~3cKGj=n3P&LoJ
zco|DZ6mu2wB}}Q)*8Ah9q=j{BiSi3M@qtF*tt~z!SwPKa^jI^DamSpX^;cQBPHvPu
z^o82|I=v=n8Q0lLxmH8yv*G1%W8?;XKG$H1o7B@C8j%tf5`mYZ%JU<R>>;_<BTL-a
zRr&t&jQPm1oSem%ud4YyMoZrq>Djcr(q+trxifL-1jU{jCVz(O#>ZB9f9N`{9azMm
zZff{6pH(kdzuFZv|C%P5t8&XscQ`p~cnpla0#@O@YrTCYHR?u8g!Ka2H5bOlZ$#c+
zjK;vet*t#bfW9)FqQe=Ad?RLhs=Iw_`d!)Lynvq9vEIHn*4X1xHljhmyVgEX8Yimz
z9QZx3)ehiXA+kFcUP{5<1>CQ@ZD;Dr$IcQhgjALT$U0mm7JUcuft1#pbompNi)QDl
zzW(A(W~bFcInjtZ1f#BU-{ukRrg?8qxq|}Nlgdc$kF(1NLI^!4-XSOO?lq0C43`9Z
z77G@_!zIp<PSAZ6Vpg#&<}2Zubcn6x@oAe5ZoJGsNNfHu!pCGjyWBiF*)eLF6u7Dd
z*5e^{?*n_Z+JS$=)gPd>;J)`Y(3&E6#su$r8~c+aIfI>$3i&2E*C)>vUc0$MvKks7
zlMU8783+yiaCxs21&m$6jTuc%?>(K#qm|^{`d8LjiQ3Se(&{O6wFI3haE<g86py;`
z3j3Cm3dQbv+0~ZjYU1@i6Dg4$m6;GL!}Ki`1A?F`oC}(aZv8rv_1(?8{L7Yge(gdS
zNo(y&Y%G*YDdn%Ud6fgZA+}{}o+vJ!h8OtqA(rx=J7+a&`0RdC`sThH<X>C&+<GO^
ze$+R<u(y8EfgXZ2Oa6Mnd4A&I*h0Yde8#<%HLzEOhrrQNKeySnxkfkqN%7$ddD2A+
zrkQiy_?NJzzB7>7oorut$aM*QbOm_$yrn-Y!+mVV12ejF_?JMY@F$4?nPT_6#*>8e
zPc0TcYA|~C_+lknL%O->;i9Lq#Q8#P&0!LP>-e?tyDQWO^}_%abY@mv;np%V=-qct
z&$K(hClR-6N0~!=P+VPq&yb~=+{~TTu$=wnAJ&;a?UuCfHstS!QDH#YatXOdKxu90
zTZNjCGJup{c%in?$73joKn@8p$1_WqcRw}UYaofAJqU2WZ8fFR7SPIknR!tBsB?Y$
zjL9?^A81)k9#}<vqM9_k?^P@IE!^tRuEO)|YaTKM3C$<EvaC(CgkT9M_I-plGE=&z
z-sDxH9L<h@KZ@O=D;P>iLw-8LZbC#v$A=}BF|^2o&Rpd%-7dwg`((0QY!g0;cFB_A
zwa7bJOsGFd3UbNGmI6zZ6P?r`E1k??KbMXC@o~TXGT@<s(Zs?y{}4neSE&*c)aYJE
zQzFHPpL)N1OTn%b(ko`3mLviZeQsllok=~eMr8_{hG8zB<JZ@j7XIu?<F$Hoq@iA~
zmVEw}|NV0IMV@I)Jlot-R8;UQf^cC^b(~GUiH?Ox?&SF4%;d-{5hwk6X-1f`zN?J(
zaxL4OQs&~9iZZ7b&Dk%ph#xQKDSZi+y{r+rv^QlLIS_tT*Ti4NYLd;pX>kW0!DsGM
zAx#^j%_AvjoW2dET&&9aVlvt{9bYBZPW+gBNi*n-8DQe&e;T(qbXTedB~F<uOHwai
z4rgu*3pv-$|E<lvi0N8V{8%^<HF%Y2uEq{_;{Cd@3gw<&^$1y{ONDVcYdiT()E)(z
zCdK?aho!_2!}NM+E^WfSOOOPnh}?v&c@xgffXi}9=AFx-t#k<b=VKHsB|fx)Bt@a-
zRz))@dXs(IqfcFU3uh!GQZDoiu{wLI*QzS}WKi&M84}4Q=+Q3oK?9^gNv~~h@W^;K
z>C@VCHZWz?6&zxOoo@O@U<7t&u5F*xW=qT3dxx4I>q|3VwtU-Q9>gSUg!q%yzGH1i
z^6=|CHkF{Ha^`1F3gUYch7;XrJkFLaVa)Bgu6Z9d9;iNUFJ2bLd3iPQcJwPvFX);k
z1St9T_@z|a;%IX&(|&kgJ(AF`0SpgVc6#rL|2X@{$cJIz9r#XnZVpTmD~$1WFZjZ>
z<tTp*RMrVIUxW8VR{>kkzw6IH?bpqLw;5%@cSqSli<bM>bUlkKRWO$u!%tg`m*>ZS
z;{=Xf%ci@5dP{b5h3e8FYT2Zg4C8xYH>l3Ab0eUTKe=6Ccq>G?ulXhLkq%tw`w_Z{
z0@P8g))iKWYJRFJq?sTheoMHR(rzfG`*WX@u>kYgB6q0VFx|W3!b97QkHP1XaoMfs
zyB`_*@}DKNG5nJhV_gyRpo@&uXcU@PTLx;raYOv}=U>j$qeJi<ZC)o4SOJpK#l<)=
zA4&E<pR`Vz*Fys3RuQUKej?TSux<?~w3%V7pnJ47T(?+A>HLif@)Xpx-$$Iuu-QYL
zLA2jc5`wOc+)%}Mfi!HRMb-EbowUuA@Sc?d_51eC$#<PR-@4Lv8b08Mep-|sowHPS
zknnFDOnzVA&ivnzI<Q6xr$2sK6AtZPyo?bFGYSsA;#XHG=o_k&;P79z)sCN39~x;L
zn`*#yhFodzD%2hHE}#{*((*Z~+il5dNtZh^%_u8x{bQ!xya9pUuX{JSkA|G|K-70m
zL1_zS16v_@sZe(JIP&8!2~G7hzBeas|B=+vjB7&rIQS)E^C3~4acjF~ub#U<1onOE
zS9>el6545EUvT<Ay1ESLxh=n`B*Kcf3GhvHGoKPy1W(GXBU;xTJ4E|om`u;$5}9<)
zR-oMoJJWjcJ(Xz}-wqrctV)uNJkL!$TK3?$p4O{lThe$%f8yxuC64zK3JcZ{NkW^K
zSU4QYLO*CQoWiHTphPxO!aG#Qe-<D0MH%Jnmi}hpT4lO+RTFXQ;K)?#Jv9WS$!(Ph
zrRH;4sTO|aQlk7*#Dzz`Nx>${+Mv4XAOR&+m0qm{)x>c`D*5}I1w0H|>7_fdu;vZb
zW}vPE(7J}XeQ_k5{?r5a52-DuV*3K?6%LrOGrpdPn58GB4qc8DE%50_t)G02%5z7#
z1Nr9d=2Qqh>r&7y(Xq7+B52if;HAkmK9=TGp9<O&;24b;9M~tev5;zDm&{PXzu$Xy
zF}E4tdm8nkfj^zC>+9D5U&<=98m!SC>YXR4w=u^5#g6Bgv)-EB${nDyi=6qqA16QP
ztoS6?8kxf4vkguRTg~+|*H<%KG^!<a#1LVY{}|T9ntOsV8HnGPdK9oT!_*Sz;SqGZ
zbA3tizY?+=4hzD4;#Or!7x}l~>49jiR6W&ELzWKl;u_28RW(s}!IOUHy2ci9Eq1X@
zRxNBH^-mUz#CjXAL=TjK9}tS8{e%hw*%~kN-O1~*5($T6@Y<}*L?P8s#EFszdLJ<~
z&!zyLbO$$z4PM=23fGDp0z|G1&2FYzP(WzCu89R*CWz1{aS4KGkj1chgY6nSUI+%s
zvZK&O$_bR<Fw0Lwy)$sws`z`#m5ZY6HLd<)NY-2gDxwYW5iGZSen<jO7KUSBv-;L(
z;CIG7&1>N1jkyiOdd92^DoLaiWL9KR1LxFx?Rb&ZT!NjbA2siv%c4rwG=E+3QV74O
zA~lp{-48)Z0HgtC{*7vv38X&-zUDp!E~N@Jet<%t4v1TWQ7KjF(3l7hdQfI1`@waR
zmBI^Uu8I_D(5*B#1h7`KWV)yJ5s?}YRpUT7Hkhh;6zJ;fbI<`_-E%)0*~%u81L;RJ
z1LLY3CCH&)?r>$GWhY?<XqviYkci7nW60b3j9yMh#YaBp6x+TN^7wz|*5<eQ8wS}G
z9iyS)hkUR^UpAEBSnmRH8ZaD;rODg59@1KYtj%@ZM^0_pzCIx^lBvnECPu~pCC5tG
z-xXwL`pG#s1mex*a$Lt^-~3Bu*|Uhe1bhePO4Xnn&2Ewo!Q_)*-Gfjes*gRhJ1a3U
z)%XC^^i5)YaKL1n;uDPm_RWocC`-HeeKF@)CR<oxw4V+u^1OHy_TA2y3?|IXTB19)
z(nJl=+~lf3tF@Zbv1Vm=$@F6i{N2&9+z;H-*xC*l$<yHlbLSGz+<Z#M{9&ld=s3IK
zLZkB2_g-GBob@%ym^xgfxr-G38t#ACX?1B_IZly;fpG|!zz1h7^aGu5ogcqHj2yr3
z0qq(0R!@O?*GA6RP6N=8)25CKQ*v6i>+dLsZk%b1oq3FHsz-?bHm0BYMSbZ{iQ^tK
zY;?pL4OBKoidij+4C9$Qb^mqjRPFI7LT3%#V<fc>O^w!6FI_qen+Mm=LNt$*j@l%b
zu+BrNw_g)RYeZ=oov(fyIAEZ>4&tdLj<LNhv-dQ@<o)ZPttBn)N=&EwvUL_ntXIVz
z-XTyWfA0zK<R|ErZul*cliXMO2>$MaCa+wVuE`#`ig^e%m=G4A##>nKKG(PT_?}mh
zX#mx70aQK#1VEyDsdNv(3`e8`S`5Ia{PC=E=K={A=UaXdda6l;31f=MKo?N%E>w=c
z^RGPS5MFBT02bm9|6tNR{f)2>T<!-*cP@1gfC>G)S%~}W$$L_vEPvAj|4e?=b+9lF
zbj1K#fsO-!t*ml1Kro$LReMZ-=d)A&49dMxwAlgH$0Ch2TCW(IZvbPJLtv|K7;qJ|
zh5;PENL1{D8GD+2{3pZ|l|aIJDAl`nHEV{w2c5(byL>&w83#n&^elpp#>*v=&%%kX
zt^EfxP*1|4qP$?oK*##oe^<89NjXp6h5pH0{nc7C#28$^qNdNj5<+mB!>xC8K3k=D
zWt(&!6nc;pdhjDu{xPYmwJ?%MpY+-|-KO4azprd1)H6;9-jxDvDa?#siYyN&QUzh4
zDKUp7jID<eu}GtgFwDsinYBvSAHG3y&#xlFX29=aGFm2MUZn6WC|yo<tea7)(I!S-
zGlvqf8VyNGU~32+A7+Jl*g_tXCHyet?^}!3@h_}^I^2r}w457$`oVNH!UMFpA*-b3
zp$neahp6dT6>XBA_1KBt&WINQ<0gm%P+wXi>8fGr|M2h&@G-?nir@Dh{tBORMtX?%
zLa9YbhOp1Gg@R-vLUdX*4w@KNqaXdE%@n5lHA+_<x4A>a##OxHOK1hHDl>O&V$DUB
zb@Br!W?4wbMi5w~e*^A6b3F>5$$GZOc(1sF)a2_AeY0L|arH1;HwOeB(FCn@LjWzW
z7twMqFz6)nCGh)qSD>-L4ONTv=_@R8E*6ksjSe=tS)-Q!NAK$X0COOsbNlB&BJ1|5
zEIYDJx<ni%V`73QMVoEl5(|zjTOw`e?fB;dxZJ1%I6;MdBLINr5=I_zF=K36BSFE#
z*O~)WF{nZb%&26~aH=fNbdb<aZ>lz9Q}DlaQZMBX3V%8I;xSia9+41zvoGzNuL<O!
z)ev~)rm>G@)&Vn@SpSP;fMlkF)bmJ$LPI?Sn$;353EngRaw7H#Cxq?Xt`8kW9KTOl
z8fP1GIR7#%%Ko7a7Icyj@O}LhbU)zsn-P!=ygjqxceD!oQ$?xiX|(ZDHsNS`lzRzp
zzzcGd#N`LQdwxd>5R3a8Hc*v0vT-sT2S)PkKfxgRX>X7)8|a?^Rg>{=YtV^IAw0PG
zx5t;n{z<s&<AV(#A+*~CYQEa{>De2qUah=6tQXD{@GAM@krHlYn;P91^=RrH?ReOT
zEPTDk`+Jk+1q~BK5v(%_KXMsHMiTlz1%qZxWaOI3QOL1!yZx;iscuk9pO;`}f&Wz|
zNj0dMV+<;4|3V<rlVceDc;M~NA_Drn`ND%$R)2@V2<A*dXr$>uw8+S+Z_liR+!U50
z52Dqs9>heUK`xZpc#sKJTSyqL-(WdKOcv^LSSmU~R2D5S0vY+Mis1`!)*;HUX$&NV
z5(|z~sAc68`WJQ5WaZlE!XF}Y6bj_zmT0?9VR%|KhvqYcjsB~ICTQ%Z)US|cW<8$}
z?YG?X7-?zk{g96NrkOcZKVx!aJR}pNY7kp;m^`FPy);P^*ETJ?gGEDwPNiqsds!pV
zHG58=rtoLHbhL4P=Vn+r;cwUO-FIHg`7RzwDjD)l8+~Qtri5n$Qqc@dwh;z?i{9zK
zV68VZ0PpC;>gsAK$r1>c{Z$RGKk&cJIxsl0|3FvZbSX=BIh%2}rI{;mW_!wqH255e
zG9rIkVcb=DaA@6jp`PgI3+cV&p4S6@Tz8x{>I#F|zQr6pL#u*)hxDtA<>NQtDZ)JP
zQ_n`|XrP2${0i+RM((tkrCOoiV@7jZmKA)K^Rwit+spTH_x>U`^9nUFK?&5|&f)+5
zkS3Tp1=sO2OkP1X&Hd@}`aIp^CO@?F#4Oj0jG76g`Q^EBN3a*6_Avmsj2&pyIz*vC
zd3C@^NLxnx=VkP*d<46E=^k}TXN#>8G4@iLF`<OMExVSyDXQR(tV^t7$uWHDsGv^G
zAziD<PKbkNO;BSUShhi@Xh%eg1m*Y_2ZmDKvW9{XDc%X3KE_|nY-<!d>b`Y?-;#`L
ziw&#&4%B7tmIFUFLqAdg&%i)WvwwM>hVt-tmCkx1B(`a<pVL%=DTpn01HV0)7`Zu3
z)@&2iBn~Qp2*RHQi(=Z5=8g!0#5EDUxdgYr6vGN(nU2>07ONSxSK{r!9TCKTk#r<A
z&bW<($h8ynlhW<?#7<FzuSainVw|h#<09wqf<>Al+Apy%zV-z@v=c_JV4fR9+n>WX
z3M4*Lv#s4&KYUV04@&f*%D<+~1YppvR8O0p-o;VAI*-SZe?UD<+WW;wZ$(J#{_V-A
zk_coKNTSWh5u!_DB)h}x<JQSHZA_}gcS)I~%_rk4=IEvQovcU=S2&mZB!E|n{8SKk
zwENlk3s)-D2uJVe$T`p7Q*EMtd=^_5L>bS7^xz~~xD_mhM3C)=gK*}j3P$U3TwNYZ
z*e@CdR$|jqRISWiXvhcx*{krJ``F1Hd8SpQPU>nVUzdfjEnTSH{^Mkl=-pIiESl;w
z3xAq#I5+I>?szriuUZ=t!w}Lf8(MacbI5P$mp&ilW7M$SHmA~AhOv=bN<;3xE4~U;
z6n*ozOjh|`hV1n_iEoJ+^}_`^h2Y7`C32P-uXYuF(ITDd&R*f=eTOsNJTaeR>QJ(%
zF1b1!d>FNgeydPXTTq?RTQfnwTZ!U=l<$5hOUzz_ozzsym1|t9iuus4u@!fCiZWIN
zgI|_<&UE@S>{}O;j?=zc19NQdTw#@E#blwk%`h>@GJRgn#^k|FyrpDU2V#cmkJ~r&
z3a%y-Crr!c1H`rp;sH0rqq7z!KX+VcBRsruGDq2>_{BS=A(#YxSJ*6C>kOw!k?^gM
zy0qg8`x7Gs91B?o&Jt6Ps>5#(V*-Pyx8fLrtv#dZ6+#hBLX|4{c$9~{zofoY^j2%d
zYi1zj50Gk$5ikjqy~hkj>YQ8ggI(v3TNY@hcjmQ!EjJynFz_wBeDkk9_01coIOLtj
zadF+(z_0q9yS2%?L|&Am(R&%@6t07hPu&SLqS7wX`hK>;X)6EX=YEa}88yHhS*P4R
z9`*+BN~EZPfe0GTLMQZYJNu@IuECg>GGsgz`&uCqitk2nXY0%a|4<&;RyweDBvPrO
zFg7D^bigyCrD7SCki<P?pcF7dO-Wf?PvgL(YJQ4z%O4?PSvec44pkL%ZG%kqD2oBL
zbB!OFR*|KG9(J4&CJT>{S?Xwo@ys$eQco8B4Vx%53!@fg_n|8SOh^6g*SZ>!E6Wq}
zS~!(p8>2%N0XC@pn&=Nzeuzjz^s0<NyaB~Q^*P2Wv;~H%cs~9do=rHe<Oc4>8GQ!2
zrsow^uO@Ediz{Zz>L5sthnPCpW`1Ou=SRagcNA!C#P#PjTM5o7`rQh#w94c`rwBZ1
z{cV}|lE1u&Xb6h+Z0<7Q_nZdNXu8F81}29g<e`xmwdLV>;=Lvemdpt96<>cLN(=U{
z!9j6P1@lE0X$;Q*@66P$=8`pLiqqGMtIhQM8W3WqXYr-y-j`gZ43}=<8i@hs7c=q;
zrO-Llho=I6&R^EEj5_r+Q+I?~hE7yYc*{bVCJD&D2-SIKa2_(VP0j5o6TO&Zzi3uw
zo8E<}^}&cc3wVC#`5iOWS5vb>PP2x_7;aKzdh*`$2tLy744YEHb(3t<{R>CmyaJq)
z-1{87754QVezZ21z=uEo|4v@QcOp056V)lS*93LJ2#p(*J2Rz`S;H<H#$3K@OB~va
zhlIQiE4DD^9sxe#uC~9+>zR?j`>i}2X^Xy>Q9MY+d6;D+*(opTl_&m)B`mR!Q1p{s
z@m&?js+ySXKl|>6v|q;H;7{f6dHW=2Zi6G#oz1!g_3Z~6k9<%wlF&mfOD+|~NP|bZ
z_)vO^L-vB>)^}Yv58hSC@sZEsjD;mu6$5{Hj^zj;=_o(ZV50nxX&J}6MdP!f!!1A3
z$CKZ`uhh7@==%Q*y7*B4UlD<SLEeg!kFa+y7M`$gb<ulH=U)+_@e%y!V+4Ow^6fkF
zT8gibAbWVuDN|8>e?@_T?BX@s&w=&|No<dV5-iAeQrHxoq5T4oLULW{+S2hohNyT{
zX|?{7=2n?Z;Xj4z`(31uniFBw#wwLEElbce#w7{nxJ&EKua37Yo))?PPm)tB*QkKf
z@U=~leEcojz0_Eoz@z8%ez$Yhm}>T2p4%g@^#RlL^cFwpC(CE2C&ZZuAOB6QLR3(m
zA=t@p>*MAb=gxm*HRNtDwv{@wQsnfm>a3@ypZ$UN&iL|pm@mA)Z1G8$7*NylDc>sz
zl7py`tzJ1#Xi8?I;<tWRM;|X3(j`>|id9KD(tdILZf>^7C|_IObe_BJ<}1Ehze^=^
zQ&VTdS|4^y*^3|QLrt4NX?f9LOw~cOx|~W3iZmuRXJb~^*Ph<7_G-)-(YQs_{WEIO
zZO5nH^iav=8qIB^$u!Rn!!JFAy(>n)Y3%G7-qTkd6KVO=1iSH3NVKZ>e+FF8e+FEA
z&|ozS$X)y-Z@FhKVRB~eq`-1f(L4WpnZItm<!QOj;)zkMd83GUO@6}OFO<JfdwTFu
z-%;;(gcCvfwOn&&B=RsHg`O;>qqOH_>SJb(FgSSU>nqJwD|;Wi_xHEEx9`{I=g;r1
zcpe0q!dJ(MQEPa#4=w{n6dvK>h#7OFa{sAtT-*PT3P+H;_f%&XAZ*UjyB;VkEI13>
f2MSDJlFn_C&ApeH15p3@)Bu+a93F%fB*gy#$*meZ

diff --git a/assets/universal-crossplane/universal-crossplane-1.5.200101.tgz b/assets/universal-crossplane/universal-crossplane-1.5.200101.tgz
deleted file mode 100644
index e42777679d2c7c3d561a0e4675962c8a589ddeb1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11619
zcmaKyRZyNyw55Rn!QI^<I0^0++}$C#yW0l@cXti$?iSn~g1ZKH=X+27GgVVHH`CW$
zU0vN>d#_&WA&r8=g7|L$UmzHMNU5-zNXc``dGT-<f74(!RpqeKQRU%O)X?CR*R-|%
zVQ=cCrtBafWoBy!aqf5Kygod?^Wt-j^`R_HJxzdBj+ipQD_zZamfc37t0O&4b12Uv
zW+XL@9uQ~&n}|1}`$nXz+YEYYe}sQTZ#jZ8a-@`!`E@`vjjB7i(cx3lc|5<FBz{2f
zEf#9oB>9e87=24HlY*w>8x}06J#O*r!TV>ozyqjunE}||COm&H?rmKlBqBm`fAj|Z
zeR%Tt+zATY>b~Df#9&5ylf9buOG$W>!-%Ayk0)c_6Z`yI3<}0|{vjR>@)D!t;s?!W
zx)BJD&6uLUswG|VU?Za)9pMITYnU=qT(C>t0+-0Fv9g7C08)Y|>(ni2UWDxh{+og&
zd+=G$&pqz9)vHSn5AW`teUnQz48#XF613}w^}Lx}$X%=QTJG7KbWdoQ0Lnn^Nw|^A
zU~)szb4+GDeCh_Xe3Q!Jns3DzN9Aa2r1lQ99o@_YC^uAiR<L4RoABrhrpb<z`~>hs
z5jBznP2=uNEGV!fU_z1$&$qJUi(fabD?-<Ap!MymLSly*p_O&w4?7Q!`&PR=Z(qJa
zL6LRHoLPG!`D_OM&VtEfu@M-S{D`YI;a_ZGdUb=C@B^`kM2$9kKQ7w>_PEJ%Gf`p@
z1u-mx+ZgxB9q0j4>Md*>D~68HeW(~SyGYTIkO<n|{B5`W6NzTRcyxjSECevQqn=UE
z<X)$hRVCk`$zZ%t;*@?ls%8UY&)&59*Z$Stpob5S*{jE=UT0Bpia@F03{jl0aA+}j
z>W`T};SgBI$CaaJye>x@ZeF1euhS+j=N~0&JRUJY(04wn5KOlq)|IQ2L%_%aL<uY>
z92^LB4@aYuq82162F32PRuw^#if%jk5`A{X*^|<P3x&>|40Tla86ck2S|11PPK5Cb
zK2;}pH{F?nE(@6)+dj7%0y<NQoH=7$e$RdzGCYZlyAblmT+EZhUu+0}fJn06iQ;r0
zk;q6<i8DAZk4WUxWb|}m@0_O`1%>%(7^cyIi96#2!yjzMJ``h2{XY@--86#c7}I!O
znwCK?Xj>nr+$1r>rimx1m8%GyjZ|>Vbt833r}Hp*-kRz1NeTOP=(h%iaPqGEnMNfb
z2><VU17pFv@E9vX2pG()e5HZ5TUhmfk<ltjsQOeJx`eYmQG}U7A@E}%uoEGZBVd)N
zbSL4=#3y5+244uNG5D-e95Y!_@AUSi51=qG<e?x~6hddO9z-7)1`7zDKETs9zv5rx
zjRbqor@=cMPDHWY;(=st`_*)hqlqW+y@%<@Kk9mWJCpohX$z&ZL1H4p4%2w;G?2MF
zCYJ@makSCOzd2G8Km;(2E;2(xQUNc~h(rYRyylZ}MLkKIG9j74kvI_9@3D$hM`A0Q
zqeIIE5pu^YC~;NNbtt?k9eS7rqKtSqSZ&;*g~H5eZt@n03UIj28Nm)PVgZFV{gzav
zU-c*@Os!CYphlpipp7HRaZ%%CGiw@QMubRv1o?Q}TU<>>ymW=g%g<UN0t#7C9G?(o
zLi1fU4gCatUA$igZoHmG_6;YWh%FGO<5;$G^(vrhv{6o8uWGO5{9yGx;fOc2N|jcc
zUcvvSoyuIfW@9PA=W|40XKf~Mstn_e{RZm=H(1o;NG<kSV!<I()5qA_+4b#;V?5C|
zmpBm>#vOEhXY=y${~D~&Auh@G_o(vw*bPYx#d!oN9j*%Bso~Pspt&8!6g3DobMjs9
z!*D-}MM;rb$0D~doZ1rX<wXx{^BVe8&Dp&}_gnIKc?*ITgOPFLj*9u(Zu{QOT1ab^
zng(LZ_Gpc|=Z^kWgk`pj6FJhj#4#KCWn?S&ir}pe>x#+(4yI34Utg#dLNaOyWh^?u
zDek8Je-!T7EA1Q3_`mHg1aTw@PE{zpJ5&4IaxJd?<wi+#aS2S2KaQk#Kz8~8-@M3O
z3!=h42W=H3|2l#x4nhpw!)uh=i>```LVB<}UsD%cm}^mfzC(EpFC&hhr{Q|%FxJ!>
zguHe9`3_A+ms|-RxZ@HNW+eDUC`d&|gaY_`y1KqTP945!vh<RECD^&>&CAOr>IJzx
zzdpZx=5s6C1Q3aaAu-Y&dU?9}drl&Cozeu?ra@1rk1}t-&n*#9BVZ`$&Gs{08Pz0D
zJn5LV5S}a)(u*V(CW0ohQh;E%56M0}J?J;%K>&qeBvxM8N0I4^D?BzDsw9z%O-%9^
z7KM>LShn*_(amzWPa`kAz!~uS5bL{U#S@#EFa>kGan;(uI^Zbi?;02#`1P3p6i}1e
zq@DH{RFzdbl<y*cEq}b~>~`>4eTO9I=M3Hkz<IzY{{nbVx}fl_q9`$V&QFS0C)C~Z
z3qyqgG++?-^i6f5aAGWZqU=l@DfPXq7<u3`RH7E?uaYx`ZZ=_2G6w_@7pVv+rQzJ?
z`4c!RX)u0c7=N_Jz@kI1T5_qL&-b01G<O~fN6-&SbLoKX*7d=~FM8WA$uA{j(Q!9m
z->hC^zZv3B4TEe4JA%1l22=uz(-`1uy9LO0zJr8@M56JpB0V1pcW_>|`Bn&%4}m@-
zi~lO4p#KIKwnmy;&8C$NzAk;}xl<`|C~J@0xAEg|(*CING&-^vfk=P^_fG71eA4QO
z3C53;lPh9JAwTC5Zn#e0jthBoOtCS1s@tH!ky+(D-r1$Dc+l}t*X<ztf_z3ubU~#<
z5o#l!P)68Zn@>tKYgFBDJ^IY^4hd)D;&IYz@&YJaueuU!zplN`!qvLp^SH0MRceMw
zGy=AER0{Zftt~d)k4@ziy?8omQ49k3UY=U$0@P$#BfTNOh5Gw=e|`+``R67DaCLtE
z^vL<%8{5PR9ILM8V%Fs5)nwS`xRzU_jWr(Hx_--@tAeoqQMp2;VX(-a?jmh85lx>r
z3d0!VNEJHNv$oQP-9n)`6IQR$Qw??29SeMYcSvn>cIa5#bX*5Jlo}oZo84RHKx?Y0
z?$W<<+(Cz~IzD=J`nAmGp<1KL?>JH%j8^3%OFIblB9;HcT;t}3vPiX5L$2%#YH0gC
ze1yvNcTVO8Wn6GTxVT^}^!eB;BYa(j9<O~A>*EqRR)X1>XUUbqWD8@&Xc+Y8Z_RGh
zP`;5o;a@OVGe!EP*_D}k{2nk)@Tg=vUV9K59{e=*pMRy7WwC$it#p9Bz~s6Us2o9j
zu{MccYUZ7v(lg;4Z=}_7#nO}XCd4p0YM{cP8a(ZfXPw-Ig?Fg9Mu5ZpbNKVuFdcc|
zV7dib8ElG3oVYrMbZj*ZY^3=Pj5x-dSkNjGTo~Gmmi@$4C<vVm-ir340PW;`49P|?
zsp;1{X~HP&oGBZ}YzKIqVHI?FPJC{60O-u0-U1=HP;n)&mH{(2D;xU+`=Js@L;)30
zx(Eij(cqBo#dAq6bNAq|TuDq9rdBK%GTg)^COvQO`?~#JBtW;7TQ&o><r>(!yv*+c
zudni~Tm!s`QvhA8*Yqh%<D5Su&N16#D0XL?D`~MV^5NR<;AzR?To-ZX=C1IkYzi}i
z*6Y+SboY(MirXb!dA~}*%u<P56Y%JtM!EUAI9n4p_fkxkHzbahWI|1OjCCDLCaIQS
zW|JM;k)q3_ma}_0ivN1Nfj%{BrXt!la_{I@CLl&PMv>=v>p?AkCx6Y67{4Yqys@LU
z7<BJv%c2?_S%(g(!MfZaRy`u<Z<A6D?S%4K2=}CO{M$S^!1YS-<-#qSpyR>A1C{YM
z-Orz?d%PsatB<#ErU^3i7kntoLEV;M7|Z>4D5PH9d~Gg^!X^XA7L2-~ZIUUbP1ULe
zSccF~I0RxRTDU~+(#Td^tr7u>d7*a`2<(B1dAu5=<3Yb)nF13V)RTL(xoC>BX^^$7
z$QnZ<BC_i8OETt}Vq5Mrmy`YQ7q<*1s+Edy&0hCH=_pJlZPsRj!<p%*f8r1n_L0PP
zb<lL%N@|T)WFj!B$wP1C&s1k)!%RSZ6cAp9dJz^2B4YNSp!rBx@2A?EFRO$U?sw3)
zHcD}Y)}m*vOzJHcX5TJNQ>jjjr-U+e@1A&TZNFgW3WTvFXGjyG4ZD{hNHQDOTqA*%
ztku4%m97U)zbUkfnr~9roa9y$CLz#-IAj#bP9+>6#%(y3uekn2>bq2)HB`b|<jPcU
zY_bJefV)R%{x(g%g8u$AO!}`QxKF$RIR*|cKxb;x0T_@bdS45Rzphz$X?BHxzv6u+
zkPONq^1Fw-;w2f7+L?Aap&B=n24hzaj2zG2I0e9HsN<acE*p17<+8Fl4Y;$nldmiL
z^ss!ie{jI*E|3haTZXjHj)vN6Coz}kO+ySP`|#&`LDLe_)B{&FIgbYRCy-GnT`DSQ
zpCwDtw^qBEPQ@|cWWpU5_}EVCDe7o|S=_E|RL)+mrVU=+Ej&D2z>TR*LGJ)Rsy`QP
zPqP(1n5!f))v_n=EpOBR5NuJmz5eg1&(B+TV1-heA-dVCq`*C#zS~0yPa5+FFW~t}
zU1K(ue7w&)zt;xm@kHwT!p{x^Z*QN?z*oqeH>7_O30B(k4>dIICED^w4b^@(VNK+e
zx_&M``3~_+-)$t!rMJm8dKeU?rN*CRZP(*?ug=}onRM-azFSjd_H5|DviV-*DT4lQ
z(GQUqu!n<(g~@+sTg0n~il>vFFK;8n`6ny6#O!&yP18|xn?IPYC+`6i113e{d^EI?
zZhi+94L@;2o{0-j1+!u9O*6bTm3AHGF~;TA!cgww512S3=A0?qWOg&m9%N|DwkDzW
zQ9PKo%b2<0bx7H%*Qp4!$ABt$$qyA|;{-NR7W;ueBTM>yx=#T1+YEU6@(66fG?pzi
zwyMJ&^?E<%w0ID*h&MKAmQ;Rcuy(`QNbzU6s%QxNd&#H_(NR6Ejm)vXFGd4t5;`-E
zC>udS09?>N*~c$_aD>uE%`^>Ec0#q@0Qs$kJ-~&-o=^=f(-Baby&vmfQuHp~r0I9c
z|LfhWQ+>PbmqmWu2pv4MmI{?>u{)B?^CxIo3RKw6Q$-8|DwATLO&XzoO1F&C-Pw3)
z)+u9bw6I_kQi(<)oo>1Ez}07((vQJtabu($miD*ejfIsuT#imN{kyy-x2dn5{Cm$V
z|F+@{G~WXDwc9M)zys$S@K6+X2iSDoiaGJu(g~BWld%{}BF}PttacQizAz)ou~CX@
zcXK{pQ({J^%%1SWCl9rznWT9`Wv%xTd~^9;oh?L_F;7#^P&T9}b^@2W6I*W-=+Vnt
zbH;l{_Av{6VH<F66&rn8F06Gqr<FMOn5>rpRv3$zYh%TUM%ACi5sy7=I|<?>bZW|p
z%mbHCI=iwOnTe{|kq$v`BM_A@B)uDVEEc9YiVWNrsz~$psGx^WbL9-Nj#hhBuVI>P
zozrV7Ka9x3e(;~;oX_@<>Oh}U{6P3w&exl%)|1Mca?#?E{ABzZ<JJ6S!l*375>X*I
zyXWEFrLQpgg^FIAF_~7vd!r;!^W9k!&SAVxu!Ul+NK%@i8c1b_vRMa+)%JwWFYGTt
z%Sj{~z*9NPC(`k_wm<PzbJ0~Xj)+<@)iiy$$AEe_2-g!R+-ArFkRG|7glwdrc7eA=
z?XFWv+l-(hQa79G>7i=6W~j-9V^uXLKPLM=RX+<e^qGT1{5<$Q1GmXayvb3lZv@6{
zLlKD&Y#0mVwplcp2+BP6ISxMCkG#m=+eVbKueuSYO?ZUO(oSJcI)5kAb!c#L^DMWe
zO!>IvPlt4hK94iddyQp&)~NbXt5M~>tscI7%3)BDv!Oz=^omM|`vb8Er_^X2)iai`
zZli})@0l!6YxMZ5Uu9`l&!Fo0ILxwq6qcZeGwvjxr!UUdr_4{H1smgzlP(3>R~#AA
zrf<Hl3$(4`M?*ObHe2uIo*GBU?6;a?XEC+!?DxuU9=)|=I@uM)5jyS$4!N{uEIT@=
zJDF^TZi9rw>lu8r9z;jq9}oi;kvIb3$4>_dmcJFt7SU%&R`V>Jlh9}n;qryNo!=Kn
z{suX@d%EhSuZ@3yC5;XpNF;nn-}%j@8=0B?t=Lc%W~&-8G~V6c+4uSO`TgT&>}Kw;
za)E2<GK!oy@+t^BSfSI#>!a|ynN@3%;tK`Ip*rZ+hJcFPzZwNS$^>KFAv0k8Ra&N#
z3ppEou_mWhw+ULxWv)V|)d2czcsaxfsa}uQC6Mwa>2#M)xQLaM|D~Yf{FpssNT&7J
z94~5Bw*NeJA#5x&bLoXzIj7g~j~WxhS540pDN`Y?G+cTC(Wm;!!VsO9s7kL79f!3;
zvq;oUb?@f0szs|;+uY`|Y0~*h*R&M-zi0K2pr|Wg70#>1%X?D2cI1bUu7A76;@J3&
z@Y{>w7}%$kYvmbKLz_a=`Vd;Y8ZkcB(Xu}7wQy>c%fx@rbju%U>T@O+!Yl-4xCK;(
z$(Y`IzpXH>gD$Qv9nOXRB;xD=Zr43FGqt5-XK`kNO3VJ_9nKR=J_9*GV(U$c>|dpe
zW~a)&{$HCcj;nbxBB8bLhTWw;%_CY(3tk>Fhq*3)E5f)w&MrfVAaoshh8)3r*K|Ho
zoZ{coS+U?BE^&{w1Mb5S(tp`tz7m~D2HBXOoVID>#Yi1&Yc3pxdjD9+C^d~pa0p)}
z1FmX-^%zK<dr+@tJ3xrUc?DF{3e<rO*Q9n_v|#z$hJ+K~5VKH|rCP(MeiOT+WZhdx
zF^mJn(IPqr0Jtxo2(ak|)$st@vN}58?M*3Db#%j;C-zB6#-Po@FVfh{G5TXaS5p?z
zeX1pBoWGgV%ym@DX?*)yPOjB$HYTROBnx4?kG;OQn|rks<&Gt5ShE~wcXRoo;IV!|
zTs0H)i=9y&F%nk2urv`%Vd;lcABXBiCu}=kt$Pf$NF#OF=1GMHaf@<dw>-E;;kn7s
zi+?oPe`WPOV?B~F$oOadXyPNmqiZMEIx^w=1EIs@?#)s(G=Z+x-^(p~JM8_yl2;E{
zbDqMWwM;wKMN)>EHb8cJv_;W{&?D&X3B=beLJeLJ0eS2L|5|tG8*n%SkwBVgNqlVE
zLHQP7myxU1r;!zkR_;;%$6WkJymz8xDXKjax$;a)s7)dFqcl&|O)q>O_0d`B6GtBx
zkb9q+UYoZ?DdF&piHvhIi?!T_D_1?Lr60ZgSMEPsr>Vn1IjeR#wuS;r_GfE0nV;x@
zovmZb?*?Vf-xzLSX?#ss#B%bV`DEI|>HDrZ9m}5Qk|wV0hB@!m>F_u+OJ-mfKULst
zqh}x((PcjmzjAc@RN5P>h>a(=5>1^vlSlV-(;J?4VD$5NK;##5u3!_ggx^SBQ2&0+
z;{uMR?qMY<%z6qpa@r300jf)hjnwO3(Uek2CXN49=^O<7WH0J0svHO2yK*HiDC5Xx
z{3w4*gQEC2)_mmvj*T_A?@IE}Qn==3;e;<G(c#?!UNxPDezvk&_*$heToH-%$rL-b
zn+yo$%2C5qAI<Nh(Me==X!z7rXu=eondw7^5e>-^>5#?HtBEv**UV<*U?Kzq_jj))
ztSU9CH~-@dA6Iaq?5z?_hPINDqICbvF$+VXj)j&6{wz&n!^^ijCs)a-arbiSUCd=7
zj6cnl(M=0xZr>}uWLK-Z4*e1Z33i&+72-Qa@0!bWl^4@MY}0p1Mkv`(X&WF6*L4Hl
z`i*2vT+SEuRN_+xw&n7Zm}zJj8eR7A3GTdk6C~lq2zat0`}1_^)mgRHSUV=)R#oT5
znmcc(Tk93G&)A#J%sY*1-Bg9#yp_@fRhTNjlj$kId$b7aA6EDYm!(Do``i<JQ&-ac
z1Q|)SiXVfo%ocU`xMLnk*-b<?2OU3uOMrjz{k?9Z`QWfC`(-V`DEO22r;sF+K~~cw
z#S6QI^f?*4m$esR2iS+#k+6gfgbCw6o>;zESYF`}{ejfVR951@HrRJq;mC>vF9o5*
zBz%j%r8emVezBpCK^tKvUQPq`%Vi_CZJAbQWH5B=GMuzLxP&~B*o$<dC1lPh6fNSz
zJd;l=qzW)u4VcOwQ@g}TkVyWJ^iA<=DsK*Uea?2@da?CN7VvC-qopJvv5T##OZwKF
znqHW<u*H%`b+!hhG36!$+UoomiF_226@XdC0ZeK&{Q;-h_0=w*E48T!7}<*(6!cT<
ziFsPbc<((un?dXXJe3}SwaqJschGX;<?hFEDG9ihYVWJA_s4kk*GW1MA#ds&M})8M
z8&S_JBIo*LN6nY@$+bl~o4e1dM+`+cV8!h#&02l?-kF?HJrWa#zS5nwcOf5aV5S?~
zXEXquNj;ufSjR8@KBXOZ4jbt)@%g4vRffRQT|(^^D7I>TQ?6;2Yu`zXlY<hK>odWz
zd4+E{I>}MXA>JU-L6we!hHun)Xlnc^5=<}=5!;X^!7OOK0q@KPh0JWwK^|f_mr!;R
zVk~63e)6I2ebKU$r{WI9@OTnbX%PLyig}q1?H;^o$Jk|;p^U>$v7;ZSPT1bxSiIKO
z-zZA>PXz~_k$WVI`v>6KkBebjQc$%;Q3{n51ysEYZfvzkS!AAOehd0%8&dD3%493k
z?8Kc94Nh-u*_WRGNbSQ-;-#}Dko;e-aYRuTwY~@Tj2<&>d2wVYmanGLnYZ#~8M{Mk
zsjp_oM;&FshKH47@YpVLdL1jPb$)5?Z`Q=!Lei53ZJ0yswqY*V^Sz{7b81{@Pg{OQ
zc~y2f6ZM}>DMwrg=N&@H#5iu?%d5Y;il$ah%|C)b8Pxn)+es<anLw9m>x%zMLic*{
zjhmAj9j91nD8#X@wbkZuI2z$}&Im3|(qi@L`z9qvytb7t`33eSQ-UJJ<O_Zwr7agP
zHU*fL8AkDV3rkkbzpabElkNb|(0g_3{K;5>*nPYo35LZfz#Mm_FkvRF&H)>ZYLFeh
z*^A9w+^b5naX1_rejrUX^d%V<jCO1A$vNf<U43<<BK^^)vY=x<E6T>er9NN@d964g
zIk&SyZMT!??*d&s(KH5A5`nP}?wNJF$$;r%Wb%dB%6h%>L53^7D5Q9~PtHi3dYAN5
zUg|nf{Rr*(_M&+BarH6v2AoMpbpsb_tr0`V-FzVt^Y<#PTdiig!Q*%9f!(zW@&{Q$
zIaZujbg`Y9V{nadh*iu3$zSAyDHAIEZT^<|%;=5$#9_5=%`kI}4AJ;>R{t5K4K}=i
zzs3P?uT~F&wl>!{H~(`yR-sj34fj#+JjlF^Fi!L^eHXl1^oY+f=e#s}6g#%hE;1Lg
z^Z(}4Tk?KiYh(_N$<Y66&}yoew!WI`tX}n9TND9ixyztB%G3jl$w>14r&kUqEm$RP
z0S;cLC(DP7fSTx=!LY#RPh85(DZ&QAn7t6K70RdDDoBz+o}6Quzm<QeI^#>eb6(>J
zyZmytNl?yfA@fTR2*Y|CuRsS$!3_vTfBA$81KAoQW#Q=gSb>PkK6q_X@<T4kK-iIr
z8~Om@XSQ`N9N8{j_*Xbp_bEI}3W#kAMd)uP%DK5jR_hvA&?N%!ed3qf5cSd+)^D)g
zV<(G&+tS~Vzl6!~7vZwVPK3WRvfC*6dB~KCAn!M=mN6!1ECJ;a`ULRiTi*HKfhRMA
zF|Y~90TVD|`m1~obnK5UYPB#G9+C*6#6Yp4ikaACzUZfj%@q-^20be{dv1!Uo6x;A
zg~~uaqlpz0)HJ{PNP&AR-wjPkSC|2YE8w2%3aFy>Gk@!aff*OD|3oVFON~sAdmKdg
zD=PTIFiH(nCV!kMQ3PkNyvKz!`%A28aUBV@5<(*dKxBHCw@v_j-adDlz4R_@uYjtl
z1tQ-ya|@9eB<JG4B56#TkfBqt;UX2zK2k7wrbm8>+<^rhR#Ku8^I1mL+_>!A^K2Mh
zl!;)%-qX-)sNb+9>(-{@@b&bKLzcbae^${tJhw;OD*0-(`ulTKcKD$^%N>!SPM;-W
zNF5yAkR#j^RBQzDAPfT3`9wQ|MM^@FdRgY)Cnj|A69uDMjD>=5F>^cC?We9kZ@z*j
z&E1Pbo}TG+sEFJnLjAC>Z2O#>g{<0xBQD7O2Pkt<f2a({(fny{&4yUzP|0;B!)Phx
zvG{F-{%CVEwSt%Dr`3z~%xq4r3+vlE132IEy1R33Ux4YYBQS`m+!T7t)|-C>RZStl
z`+IZOcbAC*;h4)g7X6&z6S1HiEU2Z&AhO@2tOVz~qm9)md3afZS~`(H8pk_Zc?j??
zf&FOsFm(8*y4q9kEuTQT*M?3wjswt;)5Z>qQ!<)1>+i@%t{llso!Lxn%Et%}Ai+=l
zB0dbKB+-wl*4m<t`bwMs(n_-egBX@hoqvj*racB(@T|UPjI_qSsnLq&rCXbE^YHpv
zknWMnL5uVf)@dl|mO6H{TI36p(^Z4MJqGgYAihf6*w?q^Z@rB$+5hyj)pxVIBID`4
z4DCfyt5wm5cL>z)4g37uIkCFM8@_)iNbf7W1seLGDJs?_t20KfA|HP0PYChT;x8`u
zoa<SCSY(%{=|i<#02NOFArR+QEZGaNd?wc3Uh*fP%70e6bB6pJ?NfUA^HhTv6UG>m
zk>0=5O|X<;w;b&zlju@o7cdipXwC)hD{q9nvp%+U=9BgTn4c({d3etrJb%j-Wp8@n
zo+*yI4;ROQ?npor1R4Nrq!l9o!s&#{niGaQ@7=2B?W`Ml>s?@dEX+u~^@_3i1_1kK
z06w1yftiOQ?Dt-EwBp3K*7rZB4@`(0Jbr*JM_uGhtF;eg+Lbq6<k`EoR;tHy&F}k_
zpZZBSy8!>`HbR;Z;s$Vjm9`H&KEV=x^ro6t8e@&{3yu0@#CWgkY+%4eF%5D2WNIU?
z^=fpRCh1<g7yfDbnTRori19PAUPIV<_dlCp2P*J$rP|LSN>t7vk}i{bk#xeqIvOHf
zHiX?S?qC_b62HY@^5hpgWw`3Ehh)Kb#^Ksar()qu1jn)*YJ^8N77F4G*|4vApR3d&
zWghL=GSyY}8s@2#jY70o_imVDXX$?XvoY%;1bkt~4c=<)7L_c%_8GE_3z?1H)+Vn>
z-lGdMVwCt<#biICT_x#i5ZwQY7t-uG8Kr9Zq>7@tf>u^1p!S19Yj<dMch2d@zd-9V
zrzDeYtZtdZppBzlIJD)y9wwaQU!{Ob*iU+#sX8Jxzn#e!=|vVZ`^%PKRI&(Vs`2FH
zBfQ(4{A}$E<)f+qjjqSBfA-*v!75PdQCAOWD|Sq%PY%?)rRoH6Y!56N4y<IhU635r
zhn<Kl{L@PP6R5oZE=-|!65#91ddqt#@@b1~XJNZuDSB>|i@F9Pmj$)0_W}RIk2LTl
zxG(fy!jsw=Ifm0vdF#0gbyV-PT?7lhQgA{`lorSDi4)Yh0=*W$<$=LqqkW(^wF$;T
z3T~3(u(EVSueX_BMrtR?5{m7%W)}Lc=60Qy$P=S7g!B3f3RF6@YmuUrG`klH(r2l7
zn<|P{-EHLqK3%lk2+nqZ*W6RizP?uA7TDLuJ-8&YEV7n~CmTkB!q}}@@bkI>iz<cY
zFmeC-Aw~K8_XNtfzilB0t-cz(w8OVKcV(;lk>#JR&~hmBSJ9u??ie{H-Xmr3^fHQX
z+x12M+;@SvfZ;f+2F~O-3%IoHQw&GXbo6|<P3PN8p9B3+<ksIaX{w%Jd##;O&R@C}
ziZn_4aS+x<`08<0cmXcu!b^Suc8o9q2PP}TE$h2T?~$$AZLsg-q|@32#P0Pp)>|a-
z+Pub#+N%2L7jwZ(K<vmMB^?A2{G_o2w>vG;3!ZO33}vCXG%RnZhu58#D$LBLg}x_s
z&))c|XUW!_WKc9zRk1XVFqOkGPgfyZtT5@;akWBtI!)m}6a(we1#hnBBN0CqgCaEV
z^wwJpjf!=N=YX;><~EcT_<RiuPZbua@HaNq;0~oAvGSmA8%=h!l<=V3m^2*vT-fdS
z({FYMRvc9%Jg1=c077<EyV$aHs0d$Y`FCiTM3NsE=xjgH!YC)(tT||Xj?ynCj^O?U
zr9yM4c!Y1nN|tvu`?k{3R{Ofb%TE3U5zguP^;L2Ao@KZHLe$DU_VH4ITgT$=nmbei
zXf+}4X_#1^=(<;VT+2V6!xQ}-@taNJKNlc8h)cIaG}kHxS)6ajoxt=7?c^fyFL}Wy
z2%i-3Qjs%{$4ggg%wCS;uG2FU6QikQ9B~a|mOd}#N4lGMWkJRmRU~|?PSyq0=!zvg
zMklpjA)PpL+j1MID8ihnGjS;n{D+~eBaSxK?7u&>Zu`4{PpKIp((;52!n8PcP<K@I
z7gzuG!{^W)XN}9v#!$1BF_Y(GVg#NIN6Q?(5{o5p4I$|*6H)s;4XrogmO5;A`GWpW
z=v@4Fzqa(e-Bxgxm|D*`@>f--N0>!zQ`8j^qde(45h9P%OH0M?Jmf1#1;^&6HxEOi
z-0rUq!d9~$osLCap%8sAD8rYi$(7gNLo1WD^<ba|T)a^z$>X^~SRzs7yLo*5^g`zD
zJC@}IG8Uod?5A8!#lxMFBk_AQqVUGl1GwM+oMV0vQYFOUziZ&_ZU>xcPLt}|*v<PD
zuRUysLAzi-7#}j^iDveK&#p+2WWd`WeV4;v3xO|$rv;7b^QkbnRwE%cgW-A*W;pE}
z&XfXp)?bo_J4pNSV2Jo2UXAD^vbU9v_#gz2NGPqP*@9)MXEAEjojZ`|tVshR9w*MQ
zdOX(1XJV3df3slO_CrcapO~f%h?zW{2WXSx9}k{a+C-O6&}ES+g}}Kvm$#D5>s~`S
z?P33sh}q8&yw5Cj@cSbCK$9>b-43lFOPBXSrBbJzGqiY&FMYqCjQ{-=<}_pd87r;}
zIbyH?#H1MkHufY_<z?|zqtg{Vq78Cr;2kn2*XKB(%24GMa}~D=P&TE^Qa}+b=DPCw
zDuaJ1fIl-t{F~mEMn2XmAR%tmDSxS+H<-id&jD8aB@x3Xa#fVNFIptM%deaM%%4?s
z=abo*94C?JEBNPvvt#7!4ZX?nFg(9DqFawLQMmC8X^8BU6!pv0_%Ti%D4e_x?J7r7
z_{t9(Rh8tHd)e&Uw5=W;yHuoZIhc^bW71C<+YQZed_T~vA|B_X)-gM<p;iCC+)UQJ
zmx@^V>m)_Nv>g7mDY;vfA<63@92M8)+yP3V;a9yz^oj|3`J?sp+m`_wf-w?4tIVk=
zQA0{?#E&WTM#_T>6@3A1ra;{^%|Ug-103G7$s~Sr9VRj>Sv$@?y+WE(m&z{usU^Zh
zF+_Gb+Ex8UN%(Sa{f3><Vq-%bu3{n0DU}SNyTxdMo+<j$;>G^ckx*Odp+<;YdC$LP
z6e@O>13NU6))Ux{ssf>Zv8I>p^q)^z;d;J)O%~fq6eX-Y&WS`MYCl3^Rh?(tO%Fuq
zhB5pyr@B7hi@`jexM3|dbgnT~4w2{;PI?eV<!uj2U{Li#vhq_a;Qb~w>7o=vuM((T
zOHj>-%Nr(A7tE>WDffaMf!eq-=l*_NGG|w=oIOxluT*O_SFi0_c31wYwe-XtraI+P
z!g6plTFI_q#?{^FQuSSwqcUI<eixyUon65lupm{bP<<qtWwumgcs^aBg+dE6L@~_s
zO@V(xKjO`-pu*~jVWZ@}bzCm5qNvc}rjF{%#C=c=gylHlJX+q<LpxPOb&?Hho(WVd
zNKed5>lt^-t<9fABPMr<?EH@~l9Cetp}e8@YjhF!zym38QmqiT6j}p&cL`7QJc$ar
zf0qO0iz-_I1>77Hd=eT4v+VXP)%A~}xF2E|<&3<rY}9&$gJ(X-AL<HaO0C7bM@E;1
zO^EW|j=CEfT#P*~yPZI$D+1IIjXC8FyL(J>V}q<IX0r4ovYWM(MH#j+mXnENZLOAs
z)@FAWgzgXiqZxTAb4(D!u4guMg*>U@e!#HG5(k>m7u$WCTJ$CM+VD~Y<q8Rm0etgp
z$N$W3(PKJcD)zqdMRM%<WmjrZ%ZLiskPO5~BodjnTpV*G$gukKZYsv&)O>oP2RIv2
zxDEEtr&OUD_(H&4Z}wyYc5^HT&j6R%a?QCKBwTqdS8Bs?`+9Oi+XA+Rz-vOY5Q}me
zhGlMg<=u6|v4e^Kg}t_X=-UcTsaWxGIzk7lL%7;=*OB(0^xjc+**GD$gD|rr-E#BD
zDMT3<T%@6!jhx+4dd|<SEyhv#mSRm<p&^mQcfi_Pp3MaYr`V5K>|JXS(yB#c;2ZbJ
z!}ycX+vlvO?LUbWSbGaLlXy2bXuP>@vxh~J9AYPY3J-W1LtK+_Jj9Yd4;9U}r@yoG
zi?sgmIiLO-L+g3JJ$b+16E$=&Bmv(|un-5VIPd!XKL8$k?f{ygzcVy)UBq;)e__4%
zs8NYO_s~x`O1G4|igATj5sVGj9HHQUL6}0|a^<R<|1$IQVrRc?W;D^rnmP)$rc8&K
zO0QR*74gcU>1R4pKBQ*f#9zfIV*B|FPS9oXNcnQ?0TiqB7NcS(W#vZMxh`gm2@91P
z-K|f1rf?qyEbJ(c1q9&#06OCquJjp}&PE|md7>~A7G<(osU2PA^91TSa?k`DVZRXw
z<U#vkYV2IHt%Nq4^-ZEiI)L^$-G^>=KLdVbk@!Aa<pveQ=&q)@<d+ExoLQ^4Tcssr
z`~^j5U2S|+Z8t_n)z5ynx$?!sOgOVt^ajbsODP*(-PINyfhH904w`6*(<XZLd~1iP
z`cVVUv1M<KMRW_qSdgHvpS$z9?cd?pyB2>@Iemjqj#$Hxmj=75O0~6br+2$q3lpTV
zGo3;tfN{?ix2~hV@6F?Z3bvG=zuU)?re}$u1<B<9AC5DnjRDb%t~P2RQk@#IBLs(H
zq)4>1v`pTr`E>Fr5Nv5m-uwM87-uaLYP|j|@7z_-{T%4r-pAQnVfIxPa;p0U{TglZ
zr`(ZQB;o`QKeB_yU7L)7NEB}SWSYE1WQ)O)IrELg)VP^<iP3S{im0AtF(Kn+%{5oL
z`pv8@`=s%oEm}+U`%6t#edIbTd?Rd}_;l=}PJ6nXyI0M%gcohT&4sFtFSU1*O^S$r
z<UZIdc|RsnY;i2hnirginjv+Jd=VjU&I1MCk8iRjmL$ACOv>|tJCqVEo)7_3dav{9
z9g3fRgq`l#K3#^{xdsM$xum%{#Cag*0sH;iW8x2VWj@Mc1N&#2!J0ayJ{1D-FAyRH
z8?Z#Vz4%bZb7-5_<RZI{&mJZ&@8G40tFUNT&$p}NQrb1L=eL=;L(3#itE611R{-)K
PPYw7rNfSa?LPGoxDj_9e

diff --git a/assets/universal-crossplane/universal-crossplane-1.6.100101.tgz b/assets/universal-crossplane/universal-crossplane-1.6.100101.tgz
deleted file mode 100644
index 3fe8a6a26ad0868e3b64e9a0aca4d91c96e9d82d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11962
zcmZX4RZyHwv@IIkJ-CJhPjGj4cY+29?mD<TgdoA)-QC@p06_+KCpg1*@}E<6Uv5`F
z_I~KD-mCT!${1vPnEw{=5r)ZBR-N5kR*75Dn~%%vi#EH32A7S#1|PSIwl=qt&Uaf=
z2McdaHAf*?%kTCuXZ}zZQl6WyZyVmxZ)&UZziw5Fgv*%i8r>VJlnj&Xv*`|#Z;HvB
z-qF=(lElKs(v4h$g+{?z8@&&P4+sy)I*;ijQ$*wWbPF@Mpp~7iO41_-n79jR+$7Q|
zUR1*bwV7QQDX#~M==7r*Rbszu?DFN)yLU)PCxCIS&RZ{tedVP9G$-;$fcWoAL<pM?
zbP(FVNi^r1xJgtLiZ;}9w9#4n*(Fy_Tul-YH&oj12*yh`FHpII0+*)GNZeCs3V{Ug
z42xP?Q8FD&cpFueok5z9jkT>LSRl7In3dYGMORq!=L8*z*!g?KGEQ-b*$tl6uQ_XE
z9)F}^=lezox!X&(G31)#fjBDcnI8-J@p*doP$lrHX-S9d$V*W$7_Kj=kJ&2J+;bq2
zjrtyiC^i;%_48akSbaG|9pzRtG9Am)6K})#r)q>3ZY*a={@O)oq|Ik}UMq??gm}s2
zLQ{Rq)-)m{cq{-T;l4{^>Gpp9(cp~o3EE3eaX+8qxkX8SmhjfnEAqTnqaxHpYL=U~
z5vXj<6VEWim9wFKaGSpyOf)y-X-GAnPR**j6BTMYiWt9&an0^&DC$gxt&$Y78=Qdf
zo|<*iYb<L5kcsk)lll`~v)v|Yu9sCX=WMz&&UWOv!P}vA{>~y)nlUW67mJK2ovraP
zK>yDP<~1?LUV??|^2uN`b4+c!Yj&&?_q7RhSK!F=CBlS{nkGq<Za|SbMnW<;KQ#I6
zo1HXF^xr3%n~oW>%+8M*y0w?zGtDWv!3*mcsJK&<-(hvBfP`lm8OtY;l}pEcfIpe;
zZJ8&XV`rDz&4uQO7jsbl{T20J^3hRe(Qnl8L&aZZx5mFC6LBKTa(d&v$bKEArq2A@
z9?edsp^RYJNL@5A-ADuz#GoFjP~wu(w&n@5Lx((LBigl!Z5(T&<~+kbn&k8=^7#=L
zX$3D8V|!3WW)9{{qt!UXT95$;=gZyTD(rGtN+{ZU@jz+bEh<JT2of#|Dm9_3{QFT2
zsTs{E+v#0DBgINIR6gADCCMC_6j|Pb!}_=KG<9$yIR1jJZ*25Tv!IYJ<|~Q^c2@dX
z`aJ25IfFrDl4l%4I@b1iZT#-MwIV~5bXR8eJ3tU6SmBI=dCB%7Sf$%;s$^Vt=0K9w
ztP$@obJQzLZrQzC?f1~GpN!&o8}&JM@T4%k4A<8d16K$rXSoO{MCnFzq8|3qD@AbF
z6(w}lMPHuLop<<Pnpfa09^o~uNb>|CFvBDXB>AzCt8#(7pyDELnIyJSlw0;$BD*L<
zQSpKZq`sIG>c76-s!&wtGTHmO-iKtyqRkKKvuvH7yk2r-5$0@aRAZJ<Wqe-?Ikzc@
z(^NP+ui!dFLBxO78ut*QiaodHD(xT}_~9|tmvPP&!yMm9XkrXRj@XDMKP(~__!Nsq
zmZ|23F7#`xSl@%`0Zy)L1THWIa-A{cha7?0{y3r#VS{N@B;j>^_Bce7=pJiYKFNh)
z7Kuok14krdjX&mJTXTHYN3tz`@phH{71_y6f;f&YV-UkkGEI9R*c_G)j$^o`Zw%3T
zc{OM;H^C$)H=AFeqkgfgIyZ5B;0y*v#*}R9f-46@jAh*a?&%SHT1lzQ)*+JfX4Z4b
zC*b7l^K@_~PvA7oDzgmojQe)-<!C_S=xBsLY@h_}`R|yzj!*4wQJ_2w3mi|ut+6@n
zenQgwvso@xZUQ?~Dd?oM>AY&e!r06VCYj3K)>~1FZM=D!o?I&<gCpxq_?(;y1tY_T
zA0BgYkW3-6?+(&LnBm{MT3eESYo{D}jzHqZM5k`*5n-H@!n|eP1-p2{?h=CKB~JpY
znonsua|MSEH^PZZ-$)~#t3#MeDl6<IYS%6)Yy&gz(HqEV+oz&Uuie8M32M|2$`vUS
zlE)Q3wMy7{bcl9C!J0Z6cKYvh!yf6C5#^ULikE6Y#pD^e&7nC~V4TjGF9^AWRn*U%
zmGY1K^4!-vOMgyzF_W9xho(xJ3MLFR3|B~6G7s-&i-MuE0zcH31Pe8t`c=uy)8u|7
z-8pBJ_rw@=PJH8E<3<H-%2DFD*J)Iavw)&jxCosC1=p!WV3ASxqqZJ*z}VO^;YVp$
zD5w#Gy_C7Xx&m%bPBvl=0pic^w>ElBx`YM%A5I?kk44@rCQ@hF!6zUD%v~6iDNmE`
z9{%pLXaVP3VZvhoD*;pfIk#|A&9M^DlkwpWNms)%&y`FmWiLdb3WxQkh)0ZKkUte0
z<W28q!O_4@4<l3EQ&>I4tEQq>E7`}4jG&EgZ_b#~_EsL<A>=sA6yGREh97<E1x|rJ
zFuv4s#RG?>C=F|3vS{<f3*aQ|=M)qh^!f39Z$yo8as%smwjB?oN&GN;Yi%aQ!+lS>
z^%g-m!0inJyyXJ$0r@CijKPtcC7sqN-0&)uQhQ#-fA&)X8Qws=GsoGuU>7n8x`!i5
zVc8=C3F@Fn++<y*`9+KlVKHjzM4qtTtc1K?`FsHD5&kVJWhildm}IPGGqKaqejVJ5
z=J&`>nX{lwDI9>H1K#7fal1qFk6ZNr;r}CS$!$Auw?((|NgvK``3Jqxd&EW+Zv+~X
zon)ZhW)m>0e+BUji^Y;$Mtj{=1|r_{dTRavWY%6FcSTr~9=$=NxR_uDPenLpD~>nT
z)WIF4YwVs?=;OSz1;=4%ICWgC`i2@wa=QONgba^=+k}1CmH8GOQa4%Jxrxugk@`!F
zhE3M*y9tMzmIG2pCd&=Y`VnYWF=ivxag4a*5AQZ_=i3i&#`w<VapXp1w5k2fl#O+{
zk}Az7_{|TRTQmZ{n+mkldjv8u(ANFSo1w+eKB?;a?z_A{>Rs(Rf4|&?2c=|K=~i%o
zPe{DIba7<qy?S-0fP3d}mZo))08$8)2Dm&YzrSyN?Tv5Z1P=e&ErwQpoaYJ!%eDG=
zWC$88WM^?imw=qmzMU}C-&B?K|Kfr(P}SrUclc@(O3T4~-yG>lG@xy<|HS?qwOQ+{
z|J;+~AYc{4gmqp09iA{7xPP{MgNPj2&w}jaTC@mAscU0!If`RnYaFIKmLVtLrc1+=
zG0I@~r_&;y<H4z_gFz%&xl(OK#$=>HL;W8`+IKXhM5|?JAW=ygN*Opz3;#3(T`ksQ
zdfHh3;%eFkW|G;z^eKF4^f=zRTVG4!Ya|0zIFLA`;H1CE@<uUK4D+z%z>|kq$my7%
zi?{S%R*<^m<GJr!Z+YI`Ra9qkLK=O#5^FKv=^0hhZcJfV6$<(WOUd-R7bH-_TCpn7
zh>2G@Xrm00IV4?`pw<RDnQknU%@fnpB@*AF!-4ZYA0?Mfh$XvLBEd_2xq_oXdhril
zMMsXne$u6wyo><haG=<HfaYT#eRmJal4Y6zaH9NhmC_8}5nce8^7p;INHRzUPrYeP
z9j~Agxv%DvFc?>e6j^AF=7<ZCLGY?Zefs^ADf7K`KmTYQkFcUio1i9X)55eTR#E&`
zKcC;70g=A7)^zG;gtKk|AyBB8H_+P3vvTuq9GC_e<Gp82W*b*G@ndd@eFvkRO?~1Q
zs>59_ovhq7POLXkrZ1fGV3m_T#~FA{;^RN-)t5SIY^uy_fQabED?P-AU_Q^JE+0I%
z7<6@>XWFfG>5uQQ%6vzf`9WUM0h5W#+8TsIaGbNK)5-~T037pXCR{@7xskf;xLl%~
zJvjC>5)=YE7$tibW%-1+?0PEqVpo)Stx`fCy?*A+{TRsZG@mg1!d_F~xL?z^$w@<j
zYUo3IdsW>dE$>TSN*Dx%LTT;1ruce2x+Yp0z5Dqq|1`md7odc*?Kf=-g|Xd9!J+pW
z6zK7MD{L}`ZNaS@hEPlkk*ilNzGEUJBz!M%q)SBRA%|hZ!?PBcKpAm6iOLz2Kq;V2
zIk7bG%o3E`pq1LA$HP$ktAwC#LDY&HACJdWOzBIp0hv86PwmH-&(_YqXbxeYx*18S
zc_eX2%#9ZV7$n`qK9V%e5o2IF?SZ+DEk6vXYlBN{%WY}4-uXN1S260Q9bs*_@Jy{S
z-sw?2@{4|tUeXrbn1U%ol^J!{a`=|vfNny|U7yijBO`YMo}ts2ocIyW)V+OVr3-oD
z%K3M(A3`%URIy2F1o4JLhPx!M`Dtq7s@V=m{FnUus2L=QRr$UxHFBTQ@p~+jS)11~
z*#uqCYRwku$%8iv^Lq2x%N#i?t*RTK-G9T)vkr>6Ux44yCMkr+AguezL!jH(@f2uI
zTe^7#<QN0&>FK)8-2zxXQf=EKLAGR_QVO*au3C0EVi7I`!;}jQfA5*ps|yQ<#V5cs
z*Htt~B3YF)KR9Kzl;Hn*u(J!6A}{OZu1rbkT)9(y9^6D~bN-APdFYd#ao24qig5hU
zIsVf3+`e=FtvFi(6F(jSC+LRSb)r()Ms~lx*+JLUeONtIHK#+#^}t8n;0YpsZMPr}
zz1$Sj0~&jK!9W##H5DMDGJL7MYmoKls+Z$OljQB-I&k*D^dJ%vQpf_-(l#5HD46Q1
zx2XE0R7jSY%v^qe8Dbuh@FFjKKzSRgvJvTBiU-aUktQ8s39o_eZM6)*Hzef0O0GIr
z(;o)j`8)%NQg01#R$}$*lZu|I(Z+~@wTo!)+$O=~A?vJdky29GO9KaJ6}7=P7sdm2
zi;G5b_Kzl%Y#W9eT}8;cLjY9l>Fwbw$k7hyOj~l{Qz1Y{OaD4w(QQ-J`ccXL5%Q?%
zqyrHQWeiA%f~KEEh`*or{!X@iGKqlkiQ3`EQI%j1r@H8FRPmiKcpG=webQ&g&G{n8
z;5pZRj9<Ij38$2Eg!ue#meDQAVb&?HO3j~K(ne$gr*uA+RvfBbls6q8*AyYXI{F)K
z5cq9B^_l^zkhKxOK;`rE2f1oQqovV=_`*mcb#pq2Nd}EWq1N4ME2*klJ-HaBXvL%-
zyffwrzf)(jALuMZ7-$WdL(Mp8U~v#`FA}^X=g!Hmf|~?^+6&aKK;T6Ni2&$*d-H&r
zDCo}sDtx2ao5QkCQP#E3OWu-v*B+HU&IF!XJZyo<qJi|P4O(DK8B|c<SGm3ZuO?8r
zfk}(1G}G4c;w#CGQ=3H2L|n5*N5moO?UjgmW+cN)-GdOv_0&aHb7>lm@EMc#7ai|~
z`gz8hhqUQw&;mElx!N;@OuAf=bR=HweEA9-k5F*+UU+vh)?Y(5X@Zu17U}Gk>4AzL
z=0l+hqx4*h4HvTs$Gp(Cw?lfPF7mwJUSmJ2@+#<U3lyhJV1E7tDt$n#serExG~ns2
zwRHoi{vebCd=pwGNQh*N|5>HQulzewz&o=ED`iZQnSrxI7S3}1a(}KgXY;_LbtFzS
zE*y-N-)WPwLa?;+liCeI!D&>Nv472keAzvl3+sFip}`);C61Qu6dx(xmosh9!ndPF
zut#|u1>BZL7%O8mNBA{<-|Hlp`^C8_J1O_Ae5%5&>ANMIwms!A0tAKZ<GGH5uIh=J
z!tUQf{d9M~DjMu;NB&9EL<4h!<_{Bs8(K9zCkbol&)zF6tNH%Dt>`PmK_3-ME?#}q
zpY%^OTRPhcyNDJYrz(~7-kG4ivzHSe8*L4EHN0Z96poT7{9rjC3od@|)m+`i7TRj5
ztCI>aRRb(>egD8B-e>;~_zJ2s0+y30HUQ7XwZPFEyqXC1Rua1=Vml6Lg_Y<Ho$ls;
zU*iPY840{}zZut70VHRR|9x(X0pKBD@7F&6@d<|?0g0+RUCVc|g@lglu+3q6Y`sWS
zmD~lj;X8tMME$$zY|E}x1zQBXr=F7{9gdu&k5-&RX3=<sQ8<g#XPFF{sA>%1b5AV~
z_O*+up}y$DPr^N0vT5*|9<>fUOA2#J3V&>_mK?4!YOd9@9)3$?%XnE{d}3SMqqn2z
zu4gROuRod6Apydak8Z<FC_I#Hg;L^f>k&8LJk8ezz2Zaa*LA-bK2ingPGo)Yw<^yP
zF3>!iKwMUe!58*)Ih^r*OeV~6$%GfrU!QQAa-I2gnUFE=V=xN6E;M+5u)o1=mt#@!
z`27Hbvq4|tG%kUi>#v%75s1-@CD}Ggb<*K_+D-kQt>%uUCgWD?TbF51b~~Q`tc|fp
zGhE`SqS9E%&5p(NX}f;L-T<d#(?Q}YJhtBOq(Ioq>z(Tz^1%Mn^|(z?(~sLb5fY3D
zdZcrX{vb!pFI;?ww#~||@EaZMXf}u6N=Ii^*fz6svU3c(y`U9;{5f<buUA{%=bKM|
zh5DLp*a<SB@nTGjUw3|UG!_yO@b?VxyOUs{JHgTKF<5DuJ}#1`Nkew%`RNap(7Bsq
zJ2&o)b@eA$A$?Cr9Z>$)S&9aApGRo7^VwaylLzCMp5D6cn~N)<)_`8>^K_S74Af_=
z+DeO8W!Gwa(_8c>kMwT?&yB|tY--xHLlRaex&U>dUkH)-y5lL76$T}IN>;FE_AQv^
z9KOow8!pd##u|<My-gGQY`0umlhIQ@UMi=`*Er3MZQ*#UHn5tCNokyPqc96|`t{Pv
z6=+m)74@}^IW6wjQoQpQVp4w?tcX{S7(u%Ns*zZ4KM(7$F?IiO*FNF&mssS-KB%?T
z?wFKkJF;7Rj<vV_nYIkn<J=hDN*7k<tPTZu$huUQH4@xy(LjN%x;>yCLQ3}i4zQEk
zm!btBuUO~Or8w?z`%;8KqpFY(@-vPn8~nEiXMyNf$ON%<5_EQZ-c$|%wSn5=fV#9M
ze4sYt!6<9#x3^Xs^=)#;J=**tQMwi9N@!El?=oVRQ2E_3qW4YAYf#(~s&agb$M7q#
zuaBy4wxvL}XQ|-@-_IN$pT*t_$0PVUcpVLNqS<(r2BKyO&JYxdB-P7j=NzFxY&BR7
zH}f3szUSt@?@^7&dC&@RqFy6x|LEp1+w0$b)H~VJ&rw1Hkn{i|Qh1gopu7v<<UO%p
z2AYdxjDbsYx~6*jK7N+)XjxW!Va@lMmgr$8SU5~KASUxX#8;7{hsifc1hoJ6+c%bS
zE<mI#X%4>5t39eY3rmmop0`9&3%%7t>a>ojg7jf_U`+M`iXm6CHet<0TbLPC!}Gz1
z`2`&%(7xVctyQp&Lu%fuq*+P|x=x6Jd0{zM*A{Y@F`ZgcY|Fh^=VGItd{fQO!rB(T
z)MJ;pb8EYtp1_%Pxe`}nJ7I26uv%Jkc~L74!oLYHoOqjx3riEL@7FIY?vGdUagFu-
zvpTS{RSO}u!tAZ}aD=Q3$S)sz*j26{@_>7J*v~JX?Ce;Bw^J6Z?KQHRcAi8qP)+T8
zNx5KeX93@C=)?=9479uZ{0T&EgYf`7EWpx;(9P#+Kb6)uHV4@AYay<!XokuP&9|cX
z#y6|%6_Ps0`hA`rWRS*xDI!yZx>Be{%}9^l{^PVF^Ir09-26GT(vDC3yYYhek+z|z
z+IkjM7jvg+DgjD6yG<RAaSV`jIU}in9}K10Q@($Tb+dNQ0{27msi@?;l}L12(8`rU
z@~GrCbr0OKJ0e=o9`fDVO|oD0%1{VZz};^e{x-nrde2}en(I^UYV{Zd7dAMU({ECP
zAedG1%QqyNSbvlcgJVb&fzcnWT0_mLlKRlS;T)pUgJlZGe*IQrGHT1*$@sh{3R_x1
z|4pXFk}8iG+-W}PVSUYLp?dJ+jQZGbF+&8^{R>rzu0c~^It?|*c1(tNj<N5(gM9)`
z83lsugQ#UB=~F>$q(82AMW>0sgMu!JZs`+GRPv`(nyoWIM$~fum=QWCIKXN|4qG=e
z78e(pD#=J`YUgu)Qv>0byi_VX8z`cq2H}oM{?`3Ou6Ff+yi~*GL&<td%%LGBmSu7V
zBI2Db^Q+%=*XK%iZmS<C_6_V=DjB3Eq_!Su)gF#nx+HWkb|$zB%4;=<$MRceRSks9
zOiPE267K{uVMmD_N{6!aCt<b(!X6lLY!hfF75a%-FM0!5^jw%*T~6^5VYt5KYahlb
z$-<z(7`GzG3S`epB@BH=j4h^ew!xqJJ<Y>~wo;ODglDK>r!vT*@+)iW6UIQtYQ>5j
zxlQRC%1N>!Yo%?<I~|RIY;si{h;1%Kg+19eMR&g<!IFnwAPrwy>_}```nI>PlfZD2
z@r)cNY>~E2T<kqL$ne6(W`*jb!P;wrlc-~Uo{cEFgtXepSw^^{&cMiW0Nit3$pf2k
z?4FtyVdFvJmU3Qr1TqzwF0PbItZZtQ78w$3=+fxM^k>5%odxG2Fsh=ChD|81$8lTF
zYexoWma6}l-j_ygpH`2ynEO_OO`k4|OZAYYs?J1pOZ=_TIin`9HuHdm(sOisMN}MH
z8;;37nVoI()>~YzpR4W47)je7=!e0#TsVvxr{vGg`g2<&v&MWlRj2sc!0+LPS>x|1
za!h}KCLdIvBmlCVcLs<Yos&D9gMKIJzW~gD?BDS92YF)4`{`#j1NSHWH*Pm(3EkD-
z8yb)5Y@b?Kz8h(@99NdlGbT}R#Ewqbc)yw4-96C1f?h0NdZB}xzuz2Lj$t=J5Vuf}
zk%Up&p2q_>+(CBL?mC;2P9r(^yT;K?V-tbFp^ALhx?^u+AduoEnKI@HwrlOYbQu-<
zIl5wS^KlIE6|_Q1mI?umDE|XJx)%&Fu5nwlJM+-?UOPyAwjNW724cLD!U^1H!}N~E
z>_kML2Nw%}CSf<%8rQ}p39vl%)5TQLHO?&?IdgXJ>x;5wtg%al&FGn>PUf#|J3nEU
zk%)J>f*XkgwMXY#ZUhaK4GwP0Ox+$vPBfo<&k20p`rW1aw7k^*i9-UI_pF3DQRfEu
zoHScT30kD>BaPbjhP!(CasRQSyF>wXYVn^A6A}d0G<0n-v?3)%fmN@<>&+4bStT9P
z_1EzG1)OcgxQD4IkF>rF&8|*$kdK`RR#(GCn9-RdYKohNzowl_7B#9ae|Jn=?9<;l
z*YC!kR{WZ=#Y_rg)xL{l<{kSHVq;)zg`w7zWoFGIHCN;2e)9|l51%%A9)26GRfZUK
zzg_<Y?-+A20g>Ohgmel{^#4*3W6XdrWajM1Y)sWWnwR9H7PX4?+a3t45bSt*cZ!;B
z&J0+_?gWW64X&013b?&|2#ZyRXI-6~>Kyk+Vo^`#zar~=IIQ;9<x14E@fG7|d>*37
zl}x{Nm6lm?aQh_rD#R+}+}Hgvt?bpw-912WjN=;5!nY9;!{@&8vGEJO;3#aSky(PY
zFy%nLmS`gOqU6%Sa5@fwSzacWG@UGQPv+;TQqHT0#E18Zq_2Tx69?MEO%MYNFm%(<
z@HTT&%EnRG2vs)2di}@Nu}g`GOwgWFnsvq!ws5zu&LlZ0Lt~Zfs&HtC5UEs-+)rwJ
z(Nw$I#<=U(Z;IzLAPusi^lSQAe;fTWpn3?jA+X*9bmcUyzW~a2>BIz^e=qToi;r1+
zZ`HkhB+CTNC|3^oHzWfdC&3~y#=n-U4Gd&9d=DU$%rJ%b>3Z)<b*;JTxP_kVpFqPO
zwur8P&9{II-~sEt^%>Gk=Zai}-ZOG}m@9g7#4*=S{n&C_WJG?3H}8GZc3ouG#3z<g
z@X30CX0>&Fq@~tP&#2*OGR{+>{S!<fGj&+7ow3NW)Mtq>6v70D3RMcipP??~r8u}v
zemoDd=BZ9oUL+4>=<A#=<p?)$nU9EVT5;;LE<;Xqk>9ZN@OVG9D6#HF_9A!D&;2S}
z*SA<IC6~=To~0h{`CL47i8oM(Wj@g-A=YO<2__-S?L8Wx$KZHPuVyciW2555C4+N`
z6HCtg04K})uApiuwVv}`CUT$W7+(KWdU<Ikt-WeYa9`60>h!T&QYvmaar>rxERt;g
zD*>All8Jm=tYa-XJCdYR@y2&x&(b0c+w{_Nv0^EGcc{ww+k!0n?L9o&Z{SUBA9~oo
zeGfgnD~hWENMk=}n8z<$^&8l^5hL1Bkc}9F4j%L|u~Y7CVh(-f4l$I!#wlHX5C}s3
zJ(?~GcB)QNGkEK*eKk2CYm<G$!u)gz{Ka}`y#bLQe-Qv!KJrss5kJbp6~b*V<O4+1
z9a9D{c1e%~_ano_Sp0q#`Ri~LeUE5;p_Qw)!*s2EK%EqnLO2G5^c(jw0}noHP(Xh{
zdau_-$5Pk3G(6R`4o(9;iYlu8D{)xMscnC?mZBO$>m!p%xuBb9{>P4fm7v8^r<mpk
z6eZ%hwK83;)u>M<W*jUYelb6m)je+=B(QM&O$oR*F}vi3#n$>zCmBawT64VPh0ywS
z@oh~>RHL^EDG<o;1R~M!5mtU$Fr!RGPJPl;x(?Bo#O@$ksT_)B+({&%n0oN9y$i_2
z^08-g=b)qb5IuxD^F+$a1)_1zrckY6-mU3)*Y1)aDr<+!Wr-|;r`BjDSvs2d`C#w^
ztuDSGRzY9;H``WVnPx_-*wE7M#I~@$y);njUIYor5~%Ip?7x2lv6NdNY<~9<9L3Va
z6@{KGZ5DV3spnb!n6J(1j-P))5cr5taZWE5DDst)w=e0N0Ta+^NYk<dw1kT=uxtU)
z{(z^~-sQE+f1N>YWBvdVxH54jq#u%eHv<>Gq*h$H41SF}aD$}S*Zm@I)A9-95y^$$
z&g&*{$Fj;!L#qq5YORxnj~Yo0^FiD6i0Mg&D!CAm`u#TdPZ9aPVf}4Ua1YC>-i>nq
zS|WDkgZIy8uhw8D+X;iRv1+;U4%u2iX$M>k{ay6(QHu=dX$E8!R@t4swyB`OTRrGv
zYyCS!rRjTqrf{D`(iv|;WNC=aN1oi~F{JKF<Am?*^C>6FigpLrFJ@3{o%4iQxp#NX
zjsgbfK<pRyHI}V{Ta&vt&?!(~({%j;xXdNp8J(Ak!9`!XwW9HUT^C@X)NDOTXT;9>
zs&*|<eai<%Rtbw--g9b21zIs+n^b|t+7aOY#PeJ-fQ`iMXnUxyH>RXixOoSJb7lFr
zd%r0W@Ff6h-?r2K@pNJOH^(_z9iw@jgS+6GM@ZJSl71iHnexzI;Q-Oo9|9sGEZ;84
z?V%#eDcV<nwpgnC1>|N;yw*{#Z2b7;TV;@zUys(BLYv?6pz8YJ^5DYeb|>6o$%jq`
zmO;RKsh5Bil-36D36iBg{+B7J`A3uP)nj+k52L#dSF70m#2CPtwpX`V)zM?^abY#j
z@D=K0QCKIQ1%~V=hV18su=qZ5H=oQ5VzT0R)$!Zb`R(<Wtb{zo3M0GHV*d^`XOgD=
zMHHcmGT4-m$sYO{q=qkEsmO=C-9>Ds-TaJgHaYU7jsXsT`jds1#7qfay$s9rqafMe
zAl3?u|FcSx4z&s!O<Hhs80S6W3fqXK0xWyjLGav5i_TFQen2hpc|CUKwE)x54}IPV
zYT}rAD!Z69XTnpQY@+-+VQEtqirXFhKhV@cd~SqKhGZ3W@2jqEULW_G*oiRa;j;<}
zxkp)+cy_qjxFzA5oNG`JR`~I^D*9p8M%0<c2&{?3t8pc(KgQ}CQ8l;cFGcq+rI!6f
zT2`vP2RBW<IS$+9GP5iJWM?|FpfxB&f5E@TjKUMLY>W2W4@(1tVO~2Fb79IYB$be<
ze+8hji5xXW0uTTBCu@*Rpz4EApVpK_RFD$ZaId9)IH1#YKfXZoc1ii;67=#f)A7Gj
zXlL{|cSGfk*EXEhVw<A|Jm6W%i#$$OfG#3QiFOHkE`G^<+ur{A@;0fzfccA-nmr~}
zCnv`h+IP!H9i&o#GBnmHjW^Xf;h5{RC0E7$r|)0+SKPUz-wVmsH~7SuiBvqgQVy*>
zg=3x`R0DYSE`a;gRr<QAiSHgTn!-A^$TueoPNn*1nIX^(7?r-f-fR@-p$iB&i4P`9
zUoDQ)KZZJ&3Q(KrKr8z_I|?DIHP1Xy_Uy9>&_eDj!=Gu=_tcmCQQ!?C&z|F(wUwt5
z0rBM-9wVHQ86IF`H7FOGmUH`R=jo$o2S*_=kmJ-bG-|E$)BLYVZlP%9J_vu5b#M&J
zndk2%WVGNVck`?20Z>@@zfW`CM`~}Zb~*5Jmz6u4%R964S(LYnYq)2pH=sIxW^iLE
zuuS0yFK?IQ8W|Nv2Cgw3Cw>D(Lik;-Q~wyFT5?eQw*98xre?p)gB+1@WNn)ZQ%?El
zOA=KfjGav~BKG*2H>#seEbZLHOBWagXVGHm&N_Xd!(bFoB_}w-Y(GkLbd`2^UQ&J<
z-;o!^ddC1}GS|o#VI&oHkkJVdh2t?&MFyXP(gFDcEiN{Ph6}E^WRtq_6Gi#~#)w%o
zEUhv-kyDIS#WW6q233-ZLu78AXuM3iq~sLU&^Gdy8vW@AA=mzUOV?1bsj}Q7ou6?~
zOvWbfWoM6~qNZz>yi?xZIY~anIo;nfKEj&b>GPpryto_V1VKZa+SAvRcd%f#de<Ox
zOxmh|MfyxG;j4x^Rtp}M`7O>qqtRo}?XdgY*_dD5PQQ9(Ega;qE#5v*cZ~Gmg<FOk
zVBCFdvD3?Wq!lbFDI$}`rEf!H8#xKFRh8<j@0t#jW(SXDXirp&fUEOmeMiRETi?0y
zk#m#HmX`+KRitH&J1v(|K<?mficWb!Pv@<WU%g%^Xnp(N5|^p9F&^O`HHqBsJDj9H
zOgxo{qjc2My#v!DxQWv^ZKSKUw*`!<?kRD=FLPBCUH167zMb7=>C8gN|Ia6%_<Q|x
z`K<iA@Eke4p;>f6RcGtyAzM?-B^k34WhWV$T$`Vc)|N^*7R-mXKQGWuwuD)ebe=rU
zqZcDyHDiguEnFn?2c!wDN18#c3FaEOplv>-L0RNIrR~Wb360u#lN@bR&Ta}f4HX6{
zsz22k@v+Dp@#-9dJhphW?WouhkWBvqPzc=(M+gM<%PXl9l=G!Tr`q19OtTa4&HY-l
zV^HO{uOWN;0D?jb#m0e7krl|Fe~oUbA>`&EUuoGd^~ZVp9S04MXoi$S+`24*1lmMV
z{Y3=3H0&s5pf>t&<gLMkA5!1wy1AtN$8e`&1pR@#<X;Z((Un+zk}v!2s1Sh|>e;wd
zqCgYIl~DNj<hgOyh=`GkRoF(6&ofc0I?KcwKh?OCa#3+k_Ou=4iafVSc7~YF;@%&A
z@jv2{fjp}Ro@mjurnsQ}N>denkt_Pz$RATa+ekg1pkYP3z!sa+9;b3Www5SM_QK=x
z^N1}1>2vYzz=yB~dW!&>NA60E?}Q6R62f$@^4}uk88O(SzguYRY-#ws#D6GE-QG;P
zHe83T8VI*`QG}26n^K1FCS#(nf^B3d4RkxyBtgz_2~_I8dF@`hym#eG`jcD|n;&Lw
zrK+|c#jy9?!sTT_p+B)NB_mE%!U3ne@?#4s91lH#w#%itDT9jmf6AFU{<huccjjDo
zlJnJZwcA!%xol;Be0rn&=@eBtW10zMmhqEJ>OB}QQ%63L_6$o9d=V$XX-t7}e*5H~
zvlOf8Z{?gfqeOCLL0$ZtO~t<xHW}%`+9hF?jihE38Ep9@@`<&?@9l4<bi=4}W|_C%
zksX~~elMSyN2s7iMP(Eix6R#K%CK3?A-{1(aNK;%7Ddj$wh`qZ)3QLgbs}qi-Ce@P
z+7w-brgQd2O}yeik>WtTo-HP8A@_7bJwMlbGFGT}T45$wU4c!6+k%BChyLpOfPxG`
z(quR{y2C(Kiy<rz*gQSismJkjKxb6!>PJ#O*-aY$A6=nK&GoG@p>Kg1$yO+%=$c0?
zkMdDDf70H5IH{%WX-j;vYPD4ki=L8rrTV9OX}rX&XV`KT-Kin&Pf>BqigB?fp-w#)
z&ri7IyOJTWXb%=2rkbQY^2U(ckAfUBHxRj^IbZn+PyW$n?kvpW+=>J(XdvgW8o|S7
zafkRW`9gJ%#ZH0IKXjUns4LkxHS7u!yA}_imSlCCRaeo@JfZ5XN{w7(QL+HO0PlM(
zhIN_r)3$P#yep$vlK!NKPGw6XHKVXaQx4tRoo7wrkoRt+w|35~$agAO&UP3Eitxw5
zX7T~Xr&{s1uZR<h^C&kZZIk1dkFlYW_}s(O^wEm`asi{*V~Sk9&is89G+o3Jk^ae{
z|3H6;+VT^FCIWQ_ttqbffaS44CW3Hm(|c~Zq=^D^Y>k0tv96xwITL!Zunrb52a+pL
zU}UX6Y=5o0QTH?xcDb#v@DUl`mz@+z#eA99Mccz>1;G;6^$S0j#5ZZCA;z7NEn}1V
z*t!m19@v%vuc_S3tx1MA?SX4v6wNH*o_^T4ef4E_nCiMX$1Z8j#V(qhPm<-Ca_EQY
z&I5??Ln^4*DKJTM2uvFCpNeXa<>B+`EA*MrS;|bWR0p{9()kd`M$GPi)wwkxXa$wZ
z=)Q<<F}yEJA@&)6eEK(Ha?5Bh@&DdKhol;HHfkVJ74-<~PUIX?XiV%V>*#9T(b|EG
z3s}kXyv=H61}94(Bd>oJ8)(8KcnM22ift4Tjna9fKKU7c`N4I-CSg_ntRWL%E#X+4
z`H_2;k-(50f7DeaoVId>Y@Lw6;GGm{fi^MWr?kI7^MeS_ANud%19?mX;9y~0n;_`y
z{N|?G)7!VYX23)xS~b!H@^vIKA>y7EmwZ%Ci%a52Kv@f;a)<Q5R(W*ZxZ9R3i~q`s
z=wsSlJe?6I$$$yq<8u9cqi*78LJk6!d--AN_Xl3gUZbO3!};PvcO{obZ3H8z{T`2y
z-+#r6Fo8;&-&yo4LY+MN+_xpWZ4#wH*!YQ;@KFfUe)Qzfv!H9X+9knwnu_y}4JX0+
zhh~h=BfL_zj(mh2{*~k#a%w7OgoyhFl?{s;nct~}!qNW=9BN=ofzS9`orwHSjLf-}
zq+QfMgrac^h|MOCVNJD*KG>2+M#$%leViq%I-qSRwwwC+F0YD%#CHBuu^IXONUN?m
zoN9)B;Ef+V{<p4zHwtkXwfgJjnFkzPzV7YcwkT}M;d7UF;&`M~nyJ1k5MQ~earE0K
z%Lhy(wy0gFGkR2n_b7fJqJ<jh_zxU;tt5!aC@wCGa}{~#|B|A@`S{L^VW3<g<ho!X
z`qX@B&+%z6R{iuQ2lqW^?|0$Rim%>k^=5iyJ<J%Us06R(*f5VVzoP3A4Y{}i&|bsA
z?A~4?#@R``TDYoQ%$1$3Xppy=fJC-|Elpb-s_=j)uj|CzP^#w=WQwTa?6LLtaQEjw
zpJ^uE;f&Mq^uy3nw&4GZ2j11^*9uei`uN`s9!oupE}Bd|2z^6hRc3?yGAf5FXKJhg
zF5b^B9Zqp{7LuOgqh@JCpkB`kM#tUpDR7@)n~>KdXME%0QbjW0?o|H&aA5qZyWNL?
zQMp3GQ_<o73kI_6seWJkD`)c+{bN9$;aIZ?P?0u{PR03fka<p>PE<S<Li#gp*7tpL
z^}%#{S1_T_&0m_VnR~1|fyk*v$Qi}nG3^@9)G8nTfKjFU;LZgqC}i~vYx-&YZ2o*V
z!MJ4e&9<Tvg_{MwY5)$m5w80*Ts?EScOiaiR^LUX@kG}6kfcEc?RR28rWQTmLZ5~B
z-uB#`OeXs@Egd5MOT@Pzp;yG;z4?z~Er^xiFKBZ-m8R5*Q<*-&f56D9;nHlm#%%VX
zak;jZwU#x0_Mdkr{L`k@`RR7%EwT(gSKrv-Nnxm_UX|nPd&!S5V)=qJWF}qj;mqc-
zH*ToKww)e5&E=sN!?z%G5{#=02%B-PjldzuFFr?etx4(M&eeGaVE@I`0SPI^Mi?hp
GnEwHJP2o2H

diff --git a/charts/dkube/dkube-deployer/Chart.yaml b/charts/dkube/dkube-deployer/Chart.yaml
deleted file mode 100644
index 7d3b717eb..000000000
--- a/charts/dkube/dkube-deployer/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-annotations:
-  catalog.cattle.io/certified: partner
-  catalog.cattle.io/display-name: Dkube
-  catalog.cattle.io/release-name: dkube
-apiVersion: v2
-appVersion: 3.2.0.1
-description: A Kubernetes-based MLOps platform based on open standards Kubeflow and
-  MLflow
-home: https://dkube.io
-icon: https://www.dkube.io/img/logo_new.png
-keywords:
-- kubernetes
-- MLOps
-- Kubeflow
-- AI
-kubeVersion: "1.20"
-name: dkube-deployer
-type: application
-version: 1.0.602
diff --git a/charts/dkube/dkube-deployer/app-readme.md b/charts/dkube/dkube-deployer/app-readme.md
deleted file mode 100644
index 8347175e6..000000000
--- a/charts/dkube/dkube-deployer/app-readme.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Dkube
-
-[DKube](https://dkube.io/) is an MLOps product based on best of Kubeflow and MLFlow. It is optimized for implementation on-prem or in the cloud. You get the flexibility and innovation of open source ref architectures like Kubeflow and MLFlow as a supported product.
-
-With DKube you can prepare your data including feature engineering, train AI models, optimize, tune and publish AI models and be able to deploy/serve those models.  Kubeflow pipelines, KF Serving, MLFlow experiment tracking and comparison are all provided while allowing you to track the model and data versioning for reproducibility, audits and governance.
-
-## Installation
-
-### Requirements
-The following is the minimum configuration required to deploy DKube on a Rancher cluster
-- The minimal configuration for each of the worker nodes is as follows:
-  - 16 cores
-  - 64 GB RAM
-  - 300 GB storage for Root Volume
-- The worker nodes could be brought up with any of the following OS distributions
-  - Ubuntu 20.04
-  - CentOS / RHEL 7.9
-  - Amazon Linux 2 for installations on AWS
-- Storage
-  - The recommended storage option for DKube meta-data and user ML resources is an external NFS server with a min of 1TB storage available.
-  - For evaluation purposes, one of the worker nodes can be configured as the storage option. In this case the recommended size of storage on the worker node is 1 TB and a minimum size of 400 GB.
-- Dkube requires a Kubernetes version of 1.20.
-- Dkube images registry details are required for installation. Please send a mail to support@dkube.io for the details.
-- The following sections in the installation guide needs to be followed to prepare Rancher cluster for Dkube installation.
-  - [Getting the Dkube Files](https://dkube.io/install/install3_x/Install-Getting-Started.html#getting-the-dkube-files)
-  - [Setting up the Rancher Cluster](https://dkube.io/install/install3_x/Install-Rancher.html#setting-up-the-rancher-cluster)
-  - [Preparing the Rancher Cluster](https://dkube.io/install/install3_x/Install-Rancher.html#preparing-the-rancher-cluster).
-  - [Node Setup](https://dkube.io/install/install3_x/Install-Rancher.html#node-setup). This is optional for a non-GPU cluster.
-
-For more information on installation, refer to the [Dkube Installation Guide](https://dkube.io/install/install3_x/Install-Advanced.html).
diff --git a/charts/dkube/dkube-deployer/questions.yaml b/charts/dkube/dkube-deployer/questions.yaml
deleted file mode 100644
index 1e0a86ce1..000000000
--- a/charts/dkube/dkube-deployer/questions.yaml
+++ /dev/null
@@ -1,326 +0,0 @@
-questions:
-- variable: EULA
-  description: "The Dkube EULA is available at www.oneconvergence.com/EULA/One-Convergence-EULA.pdf . By accepting this license agreement you acknowledge that you have read and understood the terms and conditions mentioned. Please refer to Basic Configuration section of the installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#basic-configuration"
-  type: enum
-  label: DKUBE-EULA
-  required: true
-  group: "General"
-  options:
-  - "yes"
-- variable: username
-  default: ""
-  description: "Dkube operator's local sigh-in username: Username cannot be same as that of a namespace's name. Also, following names are restricted - dkube, dkube-infra, kubeflow, istio-system, knative-serving, harbor-system. Please refer to Basic Configuration section of the installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#basic-configuration"
-  type: string
-  label: Username
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: password
-  default: ""
-  description: "Dkube operator's local sigh-in password"
-  type: password
-  label: Password
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: version
-  default: "3.2.0.1"
-  description: "Version of dkube to be installed"
-  type: string
-  label: Dkube version
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: provider
-  default: "dkube"
-  description: "Kubernetes provider: Choose one of dkube/gke/okd/eks/ntnx/tanzu"
-  type: enum
-  label: Kube Provider
-  required: true
-  options:
-    - "dkube"
-    - "gke"
-    - "okd"
-    - "eks"
-    - "ntnx"
-    - "tanzu"
-  group: "General"
-  show_if: "EULA=yes"
-- variable: ha
-  default: "false"
-  description: "When HA=true k8s cluster must have min 3 schedulable nodes. Please refer to resilient operation section of the installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#resilient-operation"
-  type: boolean
-  label: HA
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: wipedata
-  default: yes
-  description: "Wipe dkube data during helm operation install/uninstall. Choose one of yes/no"
-  type: enum
-  label: Wipe Data
-  required: true
-  options:
-    - "yes"
-    - "no"
-  group: "General"
-  show_if: "EULA=yes"
-- variable: minimal
-  default: no
-  description: "To install minimal version of dkube. Choose one of yes/no"
-  type: enum
-  label: Minimal
-  required: true
-  options:
-    - "yes"
-    - "no"
-  group: "General"
-  show_if: "EULA=yes"
-- variable: airgap
-  default: no
-  description: "To install air-gapped version of dkube. Choose one of yes/no"
-  type: enum
-  label: Airgap
-  required: true
-  options:
-    - "yes" 
-    - "no"
-  group: "General"
-  show_if: "EULA=yes"
-# registry
-- variable: registry.name
-  default: "docker.io/ocdr"
-  description: "Repository from where Dkube images can be picked. Format: registry/[repo]. Please contact support@dkube.io for Dkube registry details"
-  type: string
-  label: Dkube images registry
-  required: true
-  group: "Registry"
-  show_if: "EULA=yes"
-- variable: registry.username
-  default: ""
-  description: "Container registry username"
-  type: string
-  label: Dkube images registry username
-  required: true
-  group: "Registry"
-  show_if: "EULA=yes"
-- variable: registry.password
-  default: ""
-  description: "Container registry password"
-  type: password
-  label: Dkube images registry password
-  required: true
-  group: "Registry"
-  show_if: "EULA=yes"
-# STORAGE 
-- variable: optional.storage.type
-  default: "disk"
-  description: "Type of storage. Note: ceph storage type can only be use with HA=true And pv or sc can only be used with HA=false. Please refer to Storage options section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#storage-options"
-  type: enum
-  label: Dkube storage type
-  options:
-    - "disk"
-    - "nfs"
-    - "ceph"
-    - "pv"
-    - "sc"
-  group: "Storage"
-  show_if: "EULA=yes"
-  subquestions:
-  - variable: optional.storage.path
-    default: "/var/dkube"
-    description: "Localpath on the storage node"
-    type: string
-    label: Dkube storage disk path
-    show_if: "optional.storage.type=disk"
-  - variable: optional.storage.node
-    default: ""
-    description: "Node name for dkube storage. Provide hostname of the master node if Kube provider is dkube"
-    type: string
-    label: Dkube storage disk node
-    show_if: "optional.storage.type=disk"
-  - variable: optional.storage.persistentVolume
-    default: ""
-    description: "Name of persistent volume to be used for storage"
-    type: string
-    label: Storage PV
-    show_if: "ha=false&&optional.storage.type=pv"
-  - variable: optional.storage.storageClass
-    default: ""
-    description: "Name of storage class to be used for storage. Make sure dynamic provisioner is running for the storage class name"
-    type: string
-    label: Storage class
-    show_if: "ha=false&&optional.storage.type=sc"
-  - variable: optional.storage.nfsServer
-    default: ""
-    description: "NFS server ip to be used for storage"
-    type: string
-    label: NFS Server
-    show_if: "optional.storage.type=nfs"
-  - variable: optional.storage.nfsPath
-    default: ""
-    description: "NFS path (Make sure the path exists)"
-    type: string
-    label: NFS path
-    show_if: "optional.storage.type=nfs"
-  - variable: optional.storage.cephMonitors
-    default: ""
-    description: "Comma separated IPs of ceph monitors"
-    type: string
-    label: Ceph monitors
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephSecret
-    default: ""
-    description: "Ceph secret"
-    type: string
-    label: Ceph Secret
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephFilesystem
-    default: ""
-    description: "Ceph Filesystem"
-    type: string
-    label: Ceph Filesystem
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephNamespace
-    default: ""
-    description: "Ceph Namespace"
-    type: string
-    label: Ceph Namespace
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephPath
-    default: "/var/lib/rook"
-    description: "Ceph data and configuration path for internal ceph. Internal ceph is installed when HA=true and Storage type is not equal to nfs or ceph"
-    type: string
-    label: Ceph storage path
-    #show_if: "ha=true&&optional.storage.type!=ceph&&optional.storage.type!=nfs"
-    show_if: "ha=true"
-  - variable: optional.storage.cephDisk
-    default: ""
-    description: "Only for internal ceph from release 2.2.1.12. Disk name for internal ceph storage. It should be a raw formatted disk. E.g: sdb"
-    type: string
-    label: Ceph Storage Disk
-    #show_if: "ha=true&&optional.storage.type!=ceph&&optional.storage.type!=nfs"
-    show_if: "ha=true"
-# Loadbalancer
-- variable: optional.loadbalancer.access
-  default: "nodeport"
-  description: "Type of dkube proxy service, possible values are nodeport and loadbalancer; Please use loadbalancer if kubeProvider is gke."
-  type: enum
-  label: Dkube access type
-  group: "Loadbalancer"
-  #show_if: "EULA=yes&&ha=true"
-  #show_if: "EULA=yes&&ha=true&&optional.storage.type!=ceph&&optional.storage.type!=nfs"
-  #show_if: "ha=true&&optional.storage.type=ceph"
-  options:
-    - "loadbalancer"
-    - "nodeport"
-  show_subquestion_if: loadbalancer
-  show_if: "EULA=yes"
-  subquestions:
-  - variable: optional.loadbalancer.metallb
-    default: false
-    description: "Set true to install MetalLB Loadbalancer. Please refer to Load Balancer options section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#load-balancer-options"
-    type: string
-    label: MetalLB Loadbalancer
-  - variable: optional.loadbalancer.vipPool
-    default: ""
-    description: "Valid only if installLoadbalancer is true; Only CIDR notation is allowed. E.g: 192.168.2.0/24"
-    type: string
-    label: Loadbalancer VipPool
-    show_if: "EULA=yes"
-# Modelmonitor
-- variable: optional.modelmonitor.enabled
-  default: "false"
-  description: "To enable modelmonitor in dkube. (true / false). Please refer to Model Monitor section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#model-monitor"
-  type: boolean
-  label: Enable Modelmonitor
-  group: "General"
-  show_if: "EULA=yes"
-# DBAAS
-- variable: optional.DBAAS.database
-  default: ""
-  description: "To configure external database for dkube. Supported mysql, sqlserver(mssql). Empty will pickup default sql db installed with dkube. Please refer to section External Database of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#external-database"
-  type: string
-  label: database
-  group: "DBAAS"
-  show_if: "EULA=yes"
-- variable: optional.DBAAS.dsn
-  default: ""
-  description: "Syntaxes here can be followed to specify dsn https://gorm.io/docs/connecting_to_the_database.html"
-  type: string
-  label: dsn
-  group: "DBAAS"
-  show_if: "EULA=yes"
-# CICD
-- variable: optional.CICD.enabled
-  default: "false"
-  description: "To enable tekton cicd with dkube. (true / false). Please refer to CICD section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#ci-cd"
-  type: boolean
-  label: CICD Enabled
-  group: "CICD"
-  show_if: "EULA=yes"
-  show_subquestion_if: true
-  subquestions:
-    - variable: optional.CICD.registryName
-      default: false
-      description: "Docker registry where CICD built images will be saved"
-      type: string
-      label: Docker registry name
-    - variable: optional.CICD.registryUsername
-      default: false
-      description: "Docker registry Username"
-      type: string
-      label: Docker registry Username
-    - variable: optional.CICD.registryPassword
-      default: false
-      description: "Docker registry password"
-      type: string
-      label: Docker registry Password
-    - variable: optional.CICD.IAMRole
-      default: false
-      description: "For AWS ECR on EKS K8S cluster, enter registry as aws_account_id.dkr.ecr.region.amazonaws.com. registryName: 'aws_account_id.dkr.ecr.region.amazonaws.com' Worker nodes should either have AmazonEC2ContainerRegistryFullAccess or if you are using KIAM based IAM control, provide an IAM role which has AmazonEC2ContainerRegistryFullAccess; IAMRole: 'arn:aws:iam::<aws_account_id>:role/<iam-role>'"
-      type: string
-      label: IAMRole
-# Node Affinity
-- variable: optional.nodeAffinity.dkubeNodesLabel
-  default: ""
-  description: "Nodes identified by labels on which the dkube pods must be scheduled.. Say management nodes. Unfilled means no binding. When filled there needs to be minimum of 3nodes in case of HA and one node in case of non-HA. Example: DKUBE_NODES_LABEL: key1=value1. Please refer to section Node Affinity of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#node-affinity"
-  type: string
-  label: DKUBE_NODES_LABEL
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.nodeAffinity.dkubeNodesTaints
-  default: ""
-  description: "Nodes to be tolerated by dkube control plane pods so that only they can be scheduled on the nodes. Example: DKUBE_NODES_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule"
-  type: string
-  label: DKUBE_NODES_TAINTS 
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.nodeAffinity.gpuWorkloadTaints
-  default: ""
-  description: "Taints of the nodes where gpu workloads must be scheduled. Example: GPU_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule"
-  type: string
-  label: GPU_WORKLOADS_TAINTS
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.nodeAffinity.productionWorkloadTaints
-  default: ""
-  description: "Taints of the nodes where production workloads must be scheduled. Example: PRODUCTION_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule"
-  type: string
-  label: PRODUCTION_WORKLOADS_TAINTS
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.dkubeDockerhubCredentialsSecret
-  default: ""
-  description: "Dockerhub Secrets for OCDR images. If you don't create, this will be auto-created with default values."
-  type: string
-  label: DKUBE DOCKERHUB CREDENTIALS SECRET
-  group: "General"
-  show_if: "EULA=yes"
-- variable: optional.IAMRole
-  default: ""
-  description: "AWS IAM role. Valid only if KUBE_PROVIDER=eks. This will be set as an annotation in few deployments. Format should be like: IAMRole: '<key>: <iam role>' eg: IAMRole: 'iam.amazonaws.com/role: arn:aws:iam::123456789012:role/myrole'"
-  type: string
-  label: IAMRole
-  group: "General"
-  show_if: "EULA=yes&&provider=eks"
diff --git a/charts/dkube/dkube-deployer/templates/NOTES.txt b/charts/dkube/dkube-deployer/templates/NOTES.txt
deleted file mode 100644
index 1e25c33a3..000000000
--- a/charts/dkube/dkube-deployer/templates/NOTES.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Installing Dkube {{ .Values.version }}
-
-DKube Installation has started. Please use the commands below to view the installation progress.  The commands are for installation only.  Do not use them for upgrade.
-
-kubectl wait --for=condition=ready --timeout=5m pod -l job-name=dkube-helm-installer
-
-kubectl logs -l job-name=dkube-helm-installer --follow --tail=-1 && kubectl wait --for=condition=complete --timeout=30m job/dkube-helm-installer
\ No newline at end of file
diff --git a/charts/dkube/dkube-deployer/templates/_helpers.tpl b/charts/dkube/dkube-deployer/templates/_helpers.tpl
deleted file mode 100644
index 8453df294..000000000
--- a/charts/dkube/dkube-deployer/templates/_helpers.tpl
+++ /dev/null
@@ -1,53 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dkube-deployer.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dkube-deployer.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "dkube-deployer.labels" -}}
-helm.sh/chart: {{ include "dkube-deployer.chart" . }}
-{{ include "dkube-deployer.selectorLabels" . }}
-app.kubernetes.io/version: {{ .Values.version | quote }}
-app.kubernetes.io/managed-by: "dkube.io"
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "dkube-deployer.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "dkube-deployer.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-
-{{/*
-Image pull secret
-*/}}
-{{- define "dkube-deployer.imagePullSecretData" -}}
-{{- with .Values.registry }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"ocdlgit@oneconvergence.com\",\"auth\":\"%s\"}}}" .name .username .password (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-{{- end }}
-
-
-{{/*
-model catalog enable flag
-*/}}
-{{- define "dkube-deployer.modelCatalog" -}}
-{{- if hasPrefix "2.1" .Values.version }}
-{{- printf "false" }}
-{{- else }}
-{{- printf "true" }}
-{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/dkube/dkube-deployer/templates/config-map.yaml b/charts/dkube/dkube-deployer/templates/config-map.yaml
deleted file mode 100644
index c30026eaf..000000000
--- a/charts/dkube/dkube-deployer/templates/config-map.yaml
+++ /dev/null
@@ -1,167 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: dkube-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-data:
-  dkube.ini: |
-    #################################################################
-    #                                                               #
-    #                     DKUBE CONFIG FILE                         #
-    #                                                               #
-    #################################################################
-
-    [REQUIRED]
-    # Choose one of dkube/gke/okd/eks/ntnx
-    KUBE_PROVIDER={{ .Values.provider }}
-    # When HA=true k8s cluster must have min 3 schedulable nodes
-    HA={{ .Values.ha }}
-    # Operator's Local Sign In Details
-    # Username cannot be same as that of a namespace's name.
-    # Also, following names are restricted- dkube, monitoring, kubeflow
-    # '$' is not supported
-    USERNAME={{ .Values.username }}
-    PASSWORD={{ .Values.password }}
-    # To wipe dkube storage
-    # Accepted values: yes/no
-    WIPEDATA={{ .Values.wipedata }}
-    # To install minimal version of dkube
-    # Accepted values: yes/no
-    MINIMAL={{ .Values.minimal }}
-    # To install air-gapped version of dkube
-    # Accepted values: yes/no
-    AIRGAP={{ .Values.airgap }}
-
-
-    [NODE-AFFINITY]
-    # Nodes identified by labels on which the dkube pods must be scheduled.. Say management nodes. Unfilled means no binding. When filled there needs to be minimum of 3nodes in case of HA and one node in case of non-HA
-    # Example: DKUBE_NODES_LABEL: key1=value1
-    DKUBE_NODES_LABEL: {{ .Values.optional.nodeAffinity.dkubeNodesLabel }}
-    # Nodes to be tolerated by dkube control plane pods so that only they can be scheduled on the nodes
-    # Example: DKUBE_NODES_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule
-    DKUBE_NODES_TAINTS: {{ .Values.optional.nodeAffinity.dkubeNodesTaints }}
-    # Taints of the nodes where gpu workloads must be scheduled.
-    # Example: GPU_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule
-    GPU_WORKLOADS_TAINTS: {{ .Values.optional.nodeAffinity.gpuWorkloadTaints }}
-    # Taints of the nodes where production workloads must be scheduled.
-    # Example: PRODUCTION_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule
-    PRODUCTION_WORKLOADS_TAINTS: {{ .Values.optional.nodeAffinity.productionWorkloadTaints }}
-
-    [OPTIONAL]
-    # version of dkube installer to be used
-    DKUBE_INSTALLER_VERSION={{ .Values.version }}
-    # version of dkube to be installed
-    DKUBE_VERSION={{ .Values.version }}
-    # Dockerhub Secrets for OCDR images
-    # If you don't create, this will be auto-created with default values.
-    DKUBE_DOCKERHUB_CREDENTIALS_SECRET={{ .Values.optional.dkubeDockerhubCredentialsSecret }}
-    # TLS Secret of Operator's Certificate & Private Key
-    # If you don't create, place your certificate and private key in $HOME/.dkube
-    DKUBE_OPERATOR_CERTIFICATE=
-    # Repository from where Dkube images can be picked.
-    # Format: registry/[repo]
-    DKUBE_REGISTRY={{ .Values.registry.name }}
-    # Container registry username
-    REGISTRY_UNAME={{ .Values.registry.username }}
-    # Container registry password
-    REGISTRY_PASSWD={{ .Values.registry.password }}
-    # AWS IAM role
-    # Valid only if KUBE_PROVIDER=eks
-    # This will be set as an annotation in few deployments
-    # Format should be like:
-    # IAM_ROLE=<key>: <iam role>
-    # eg: IAM_ROLE=iam.amazonaws.com/role: arn:aws:iam::123456789012:role/myrole
-    # Note: Don't enclose with quotes
-    IAM_ROLE={{ .Values.optional.IAMRole }}
-
-    [EXTERNAL]
-    # Type of dkube proxy service, possible values are nodeport and loadbalancer
-    ACCESS={{ .Values.optional.loadbalancer.access }}
-    # 'true' - to install MetalLB Loadbalancer
-    # Must fill LB_VIP_POOL if true
-    INSTALL_LOADBALANCER={{ .Values.optional.loadbalancer.metallb }}
-    # Only CIDR notation is allowed. E.g: 192.168.2.0/24
-    # Valid only if INSTALL_LOADBALANCER=true
-    LB_VIP_POOL={{ .Values.optional.loadbalancer.vipPool }}
-
-    [STORAGE]
-    # Type of storage
-    # Possible values: disk, pv, sc, nfs
-    # Following are required fields for corresponding storage type
-    #    -------------------------------------------------------
-    #    STORAGE_TYPE    REQUIRED_FIELDS
-    #    -------------------------------------------------------
-    #    disk            STORAGE_DISK_NODE and STORAGE_DISK_PATH
-    #    pv              STORAGE_PV
-    #    sc              STORAGE_SC
-    #    nfs             STORAGE_NFS_SERVER and STORAGE_NFS_PATH
-    #    ceph            STORAGE_CEPH_MONITORS and STORAGE_CEPH_SECRET
-    # For 2.2.1.12 and later
-    #    ceph            STORAGE_CEPH_FILESYSTEM and STORAGE_CEPH_NAMESPACE
-
-    STORAGE_TYPE={{ .Values.optional.storage.type }}
-    # Localpath on the storage node
-    STORAGE_DISK_PATH={{ .Values.optional.storage.path }}
-    # Nodename of the storage node
-    # Possible values: AUTO/<nodename>
-    # AUTO - Master node will be chosen for storage if KUBE_PROVIDER=dkube
-    STORAGE_DISK_NODE={{ .Values.optional.storage.node }}
-    # Name of persistent volume
-    STORAGE_PV={{ .Values.optional.storage.persistentVolume }}
-    # Name of storage class name
-    # Make sure dynamic provisioner is running for the storage class name
-    STORAGE_SC={{ .Values.optional.storage.storageClass }}
-    # NFS server ip
-    STORAGE_NFS_SERVER={{ .Values.optional.storage.nfsServer }}
-    # NFS path (Make sure the path exists)
-    STORAGE_NFS_PATH={{ .Values.optional.storage.nfsPath }}
-    # Comma separated IPs of ceph monitors
-    STORAGE_CEPH_MONITORS={{ .Values.optional.storage.cephMonitors }}
-    # Ceph secret
-    STORAGE_CEPH_SECRET={{ .Values.optional.storage.cephSecret }}
-    # Name of the ceph filesystem
-    # E.g: dkubefs
-    STORAGE_CEPH_FILESYSTEM={{ .Values.optional.storage.cephFilesystem }}
-    # Name of the namespace where ceph is installed
-    # E.g: rook-ceph
-    STORAGE_CEPH_NAMESPACE={{ .Values.optional.storage.cephNamespace }}
-    
-    # Internal Ceph
-    # Internal ceph is installed when HA=true and STORAGE_TYPE is not in ("nfs", "ceph")
-    # Both the following fields are compulsory
-    # Configuration path for internal ceph
-    STORAGE_CEPH_PATH={{ .Values.optional.storage.cephPath }}
-    # Disk name for internal ceph storage
-    # It should be a raw formatted disk
-    # E.g: sdb
-    STORAGE_CEPH_DISK={{ .Values.optional.storage.cephDisk }}
-    [MODELMONITOR]
-    #To enable modelmonitor in dkube. (true / false)
-    ENABLED={{ .Values.optional.modelmonitor.enabled }}
-    [CICD]
-    #To enable tekton cicd with dkube. (true / false)
-    ENABLED={{ .Values.optional.CICD.enabled }}
-    #Docker registry where CICD built images will be saved. 
-    #For DockerHub, enter docker.io/<username>
-    DOCKER_REGISTRY={{ .Values.optional.CICD.registryName }}
-    REGISTRY_USERNAME={{ .Values.optional.CICD.registryUsername }}
-    REGISTRY_PASSWORD={{ .Values.optional.CICD.registryPassword }}
-
-    #For AWS ECR on EKS K8S cluster, enter registry as aws_account_id.dkr.ecr.region.amazonaws.com.
-    #DOCKER_REGISTRY=aws_account_id.dkr.ecr.region.amazonaws.com
-    #Worker nodes should either have AmazonEC2ContainerRegistryFullAccess or if you are using KIAM
-    #based IAM control, provide an IAM role which has AmazonEC2ContainerRegistryFullAccess
-    IAM_ROLE={{ .Values.optional.CICD.IAMRole }}
-    [MODEL-CATALOG]
-    #To enable model catalog with dkube. (true / false)
-    ENABLED={{ template "dkube-deployer.modelCatalog" . }}
-
-    #To configure external database for dkube
-    [DBAAS]
-    #Supported mysql, sqlserver(mssql)
-    #Empty will pickup default sql db installed with dkube.
-    DATABASE={{ .Values.optional.DBAAS.database }}
-    #Syntaxes here can be followed to specify dsn https://gorm.io/docs/connecting_to_the_database.html
-    DSN={{ .Values.optional.DBAAS.dsn }}
diff --git a/charts/dkube/dkube-deployer/templates/hooks/uninstall.yaml b/charts/dkube/dkube-deployer/templates/hooks/uninstall.yaml
deleted file mode 100644
index edf812368..000000000
--- a/charts/dkube/dkube-deployer/templates/hooks/uninstall.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "dkube-uninstaller-hook"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": before-hook-creation
-spec:
-  backoffLimit: 0
-  template:
-    metadata:
-      name: "dkube-uninstaller-hook"
-      labels:
-        {{- include "dkube-deployer.selectorLabels" . | nindent 8 }}
-    spec:
-      hostPID: true
-      restartPolicy: Never
-      imagePullSecrets:
-      - name: dkube-dockerhub-secret
-      containers:
-      - name: dkube-uninstaller-hook
-        image: {{ .Values.registry.name }}/dkubeadm:{{ .Values.version }}
-        imagePullPolicy: Always
-        securityContext:
-          privileged: true
-        volumeMounts:
-          -
-            mountPath: /root/.dkube/dkube.ini
-            name: dkube-config
-            subPath: dkube.ini
-        {{- if eq .Values.wipedata "yes" }}
-        command: ["/opt/dkubeadm/dkubeadm.sh", "dkube", "uninstall", "--wipe-data"]
-        {{- else }}
-        command: ["/opt/dkubeadm/dkubeadm.sh", "dkube", "uninstall"]
-        {{- end }}
-      serviceAccountName: dkube-deployer-sa
-      volumes:
-        -
-          configMap:
-            name: dkube-config
-          name: dkube-config
diff --git a/charts/dkube/dkube-deployer/templates/hooks/upgrade.yaml b/charts/dkube/dkube-deployer/templates/hooks/upgrade.yaml
deleted file mode 100644
index 246787b71..000000000
--- a/charts/dkube/dkube-deployer/templates/hooks/upgrade.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "dkube-upgrade-hook"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": post-upgrade
-    "helm.sh/hook-weight": "-1"
-    "helm.sh/hook-delete-policy": before-hook-creation
-spec:
-  backoffLimit: 0
-  template:
-    metadata:
-      name: "dkube-upgrade-hook"
-      labels:
-        {{- include "dkube-deployer.selectorLabels" . | nindent 8 }}
-    spec:
-      restartPolicy: Never
-      imagePullSecrets:
-      - name: dkube-dockerhub-secret
-      containers:
-      - name: dkube-upgrade-hook
-        image: {{ .Values.registry.name }}/dkubeadm:{{ .Values.version }}
-        imagePullPolicy: Always
-        securityContext:
-          privileged: true
-        command: ["/opt/dkubeadm/dkubeadm.sh", "dkube", "upgrade", {{ .Values.version | quote}}]
-      serviceAccountName: dkube-deployer-sa
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "dkube-installer-job-cleanup-hook"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": pre-upgrade,post-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": before-hook-creation
-spec:
-  backoffLimit: 0
-  template:
-    metadata:
-      name: "dkube-installer-job-cleanup-hook"
-      labels:
-        {{- include "dkube-deployer.selectorLabels" . | nindent 8 }}
-    spec:
-      restartPolicy: Never
-      imagePullSecrets:
-      - name: dkube-dockerhub-secret
-      containers:
-      - name: dkube-installer-job-cleanup-hook
-        image: {{ .Values.registry.name }}/dkubeadm:{{ .Values.version }}
-        imagePullPolicy: Always
-        securityContext:
-          privileged: true
-        command: ["/bin/sh", "-c"]
-        args:
-          - kubectl delete job dkube-helm-installer --ignore-not-found=true
-      serviceAccountName: dkube-deployer-sa
\ No newline at end of file
diff --git a/charts/dkube/dkube-deployer/templates/install.yaml b/charts/dkube/dkube-deployer/templates/install.yaml
deleted file mode 100644
index 667928ae7..000000000
--- a/charts/dkube/dkube-deployer/templates/install.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "dkube-helm-installer"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-spec:
-  backoffLimit: 0
-  template:
-    metadata:
-      name: "dkube-helm-installer"
-      labels:
-        {{- include "dkube-deployer.selectorLabels" . | nindent 8 }}
-    spec:
-      hostPID: true
-      restartPolicy: Never
-      imagePullSecrets:
-      - name: dkube-dockerhub-secret
-      containers:
-      - name: dkube-helm-installer
-        image: {{ .Values.registry.name }}/dkubeadm:{{ .Values.version }}
-        imagePullPolicy: Always
-        securityContext:
-          privileged: true
-        volumeMounts: 
-          -
-            mountPath: /root/.dkube/dkube.ini
-            name: dkube-config
-            subPath: dkube.ini
-        {{- if eq .Values.wipedata "yes" }}
-        command: ["/opt/dkubeadm/dkubeadm.sh", "dkube", "install", "--accept-eula=yes", "--wipe-data"]
-        {{- else }}
-        command: ["/opt/dkubeadm/dkubeadm.sh", "dkube", "install", "--accept-eula={{ .Values.EULA }}"]
-        {{- end }}
-      serviceAccountName: dkube-deployer-sa
-      volumes:
-        -
-          configMap:
-            name: dkube-config
-          name: dkube-config
diff --git a/charts/dkube/dkube-deployer/templates/secrets.yaml b/charts/dkube/dkube-deployer/templates/secrets.yaml
deleted file mode 100644
index d46b7098a..000000000
--- a/charts/dkube/dkube-deployer/templates/secrets.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: dkube-dockerhub-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "dkube-deployer.imagePullSecretData" . }}
\ No newline at end of file
diff --git a/charts/dkube/dkube-deployer/templates/serviceaccount.yaml b/charts/dkube/dkube-deployer/templates/serviceaccount.yaml
deleted file mode 100644
index 6c1146f8b..000000000
--- a/charts/dkube/dkube-deployer/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,136 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: dkube-deployer-binding
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin
-subjects:
-- kind: ServiceAccount
-  name: dkube-deployer-sa
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: dkube-deployer-sa
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: dkube-deployer-clusterrole
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "dkube-deployer.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - pods/exec
-  - pods/portforward
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - create
-  - delete
-- apiGroups:
-  - kubeflow.org
-  resources:
-  - tfjobs
-  verbs:
-  - '*'
-- apiGroups:
-  - kubeflow.org
-  resources:
-  - mpijobs
-  verbs:
-  - '*'
-- apiGroups:
-  - '*'
-  resources:
-  - replicasets
-  verbs:
-  - '*'
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumes
-  - persistentvolumeclaims
-  - services
-  - endpoints
-  - configmaps
-  verbs:
-  - '*'
-- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  - daemonsets
-  - statefulsets
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - nodes
-  verbs:
-  - '*'
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  - rolebindings
-  - clusterroles
-  - clusterrolebindings
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  - secrets
-  verbs:
-  - '*'
-- apiGroups:
-  - batch
-  resources:
-  - jobs
-  - cronjobs
-  verbs:
-  - '*'
diff --git a/charts/dkube/dkube-deployer/values.schema.json b/charts/dkube/dkube-deployer/values.schema.json
deleted file mode 100644
index e0a6265d4..000000000
--- a/charts/dkube/dkube-deployer/values.schema.json
+++ /dev/null
@@ -1,205 +0,0 @@
-{
-	"$schema":"http://json-schema.org/draft-07/schema",
-	"type":"object",
-	"title":"The root schema",
-	"description":"The root schema comprises the entire JSON document.",
-	"required":[
-    "EULA",
-		"username",
-		"password",
-		"version",
-		"provider",
-		"ha",
-		"wipedata",
-		"registry",
-		"optional"
-	],
-	"properties":{
-		"provider":{
-			"$id":"#/properties/provider",
-			"enum": ["dkube", "gke", "okd", "eks", "ntnx", "tanzu"]
-		},
-		"username":{
-			"$id":"#/properties/username",
-			"type":"string",
-			"minLength":1
-		},
-		"password":{
-			"$id":"#/properties/password",
-			"type":"string",
-			"minLength":1
-		},
-    "EULA":{
-      "$id":"#/properties/EULA",
-      "type":"string",
-      "enum": ["yes"]
-    },
-		"ha":{
-			"$id":"#/properties/ha",
-			"type":"boolean"
-		},
-		"wipedata":{
-			"$id":"#/properties/wipedata",
-			"type":"string",
-			"enum": ["yes", "no"]
-		},
-		"registry":{
-			"$id":"#/properties/registry",
-			"type":"object",
-			"required": [
-				"name",
-				"username",
-				"password"
-			],
-			"properties":{
-				"name":{
-					"$id":"#/properties/registry/properties/name",
-					"type":"string",
-					"minLength":1
-				},
-				"username":{
-					"$id":"#/properties/registry/properties/username",
-					"type":"string",
-					"minLength":1
-				},
-				"password":{
-					"$id":"#/properties/registry/properties/password",
-					"type":"string",
-					"minLength":1
-				}
-			}
-		},
-		"optional":{
-			"$id":"#/properties/optional",
-			"type":"object",
-			"required": [
-				"storage"
-			],
-			"properties":{
-				"storage":{
-          "$id":"#/properties/optional/properties/storage",
-          "type":"object",
-          "properties": {
-            "type": {
-              "enum": ["disk", "pv", "sc", "nfs", "ceph"]
-            }
-          },
-          "allOf":[
-            {
-              "if": {
-                "properties": {"type": {"const": "disk"}}
-              },
-              "then": {
-                "$ref": "#/properties/optional/definitions/disk"
-              }
-            },
-            {
-              "if": {
-                "properties": {"type": {"const": "pv"}}
-              },
-              "then": {
-                "$ref": "#/properties/optional/definitions/pv"
-              }
-            },
-            {
-              "if": {
-                "properties": {"type": {"const": "sc"}}
-              },
-              "then": {
-                "$ref": "#/properties/optional/definitions/sc"
-              }
-            },
-            {
-              "if": {
-                "properties": {"type": {"const": "nfs"}}
-              },
-              "then": {
-                "$ref": "#/properties/optional/definitions/nfs"
-              }
-            },
-            {
-              "if": {
-                "properties": {"type": {"const": "ceph"}}
-              },
-              "then": {
-                "$ref": "#/properties/optional/definitions/ceph"
-              }
-            }
-          ]
-        }
-			},
-			"definitions":{
-        "disk":{
-          "properties":{
-            "path":{
-              "type":"string",
-              "pattern":"^(/[^/ ]*)+/?$"
-            },
-            "node":{
-              "type":"string",
-              "minLength": 1
-            }
-          },
-          "required":[
-            "path",
-            "node"
-          ]
-        },
-        "pv":{
-          "properties":{
-            "persistentVolume":{
-              "type":"string",
-              "minLength": 1
-            }
-          },
-          "required":[
-            "persistentVolume"
-          ]
-        },
-        "sc":{
-          "properties":{
-            "storageClass":{
-              "type":"string",
-              "minLength": 1
-            }
-          },
-          "required":[
-            "storageClass"
-          ]
-        },
-        "nfs":{
-          "properties":{
-            "nfsPath":{
-              "type":"string",
-              "pattern":"^(/[^/ ]*)+/?$"
-            },
-            "nfsServer":{
-              "type":"string",
-              "minLength": 1
-            }
-          },
-          "required":[
-            "nfsPath",
-            "nfsServer"
-          ]
-        },
-        "ceph":{
-          "properties":{
-            "cephMonitors":{
-              "type":"string"
-            },
-            "cephSecret":{
-              "type":"string"
-            },
-            "cephFilesystem":{
-              "type":"string"
-            },
-            "cephNamespace":{
-              "type":"string"
-            }
-          }
-        }
-      }
-		}
-	}
-}
diff --git a/charts/dkube/dkube-deployer/values.yaml b/charts/dkube/dkube-deployer/values.yaml
deleted file mode 100644
index 1ec6d7852..000000000
--- a/charts/dkube/dkube-deployer/values.yaml
+++ /dev/null
@@ -1,182 +0,0 @@
-# The DKube EULA is available at: www.oneconvergence.com/EULA/One-Convergence-EULA.pdf
-# By accepting this license agreement you acknowledge that you agree to the terms and conditions.
-# The installation will only proceed if the EULA is accepted by defining the EULA value as "yes".
-EULA: ""
-
-# Operator's Local Sign In Details.
-# Username cannot be same as that of a kubernetes namespace's name.
-# Names like dkube, monitoring, kubeflow are restricted.
-username: ""
-password: ""
-
-# dkube version
-version: "3.2.0.1"
-
-# Choose one of dkube/gke/okd/eks/ntnx/tanzu kube provider
-provider: "dkube"
-
-# For ha deployment, k8s cluster must have min 3 schedulable nodes
-ha: false
-
-# Wipe dkube data during helm operation install/uninstall.
-# Choose one of yes/no
-wipedata: ""
-
-# To install minimal version of dkube
-# Accepted values: yes/no
-minimal: "no"
-
-# To install air-gapped version of dkube
-# Accepted values: yes/no
-airgap: "no"
-
-# Docker registry for DKube installation
-registry:
-    # Format: registry/[repo]
-    name: "docker.io/ocdr"
-
-    # Container registry username
-    username: ""
-
-    # Container registry password
-    password: ""
-
-optional:
-    storage:
-        # Type of storage
-        # Possible values: disk, pv, sc, nfs, ceph
-        # Following are required fields for corresponding storage type
-        #    -------------------------------------------------------
-        #    STORAGE_TYPE    REQUIRED_FIELDS
-        #    -------------------------------------------------------
-        #    disk            node and path
-        #    pv              persistentVolume
-        #    sc              storageClass
-        #    nfs             nfsServer and nfsPath
-        #    ceph            cephMonitors and cephSecret
-        # For release 2.2.1.12 and later
-        #    ceph            cephFilesystem and cephNamespace
-        type: "disk"
-
-        # Localpath on the storage node
-        path: "/var/dkube"
-
-        # Nodename of the storage node
-        # Possible values: AUTO/<nodename>
-        # AUTO - Master node will be chosen for storage if KUBE_PROVIDER=dkube
-        node: ""
-
-        # Name of persistent volume
-        persistentVolume: ""
-
-        # Name of storage class name
-        # Make sure dynamic provisioner is running for the storage class name
-        storageClass: ""
-
-        # NFS server ip
-        nfsServer: ""
-
-        # NFS path (Make sure the path exists)
-        nfsPath: ""
-
-        # Only for external ceph before release 2.2.1.12
-        # Comma separated IPs of ceph monitors
-        cephMonitors: ""
-
-        # Only for external ceph before release 2.2.1.12
-        # Ceph secret
-        cephSecret: ""
-
-        # Only for external ceph from release 2.2.1.12
-        # Name of the ceph filesystem
-        # E.g: dkubefs
-        cephFilesystem: ""
-
-        # Only for external ceph from release 2.2.1.12
-        # Name of the namespace where ceph is installed
-        # E.g: rook-ceph
-        cephNamespace: ""
-
-        # Internal Ceph
-        # Internal ceph is installed when HA=true and STORAGE_TYPE is not in ("nfs", "ceph")
-
-        # Configuration path for internal ceph
-        cephPath: "/var/lib/rook"
-
-        # Only for internal ceph from release 2.2.1.12
-        # Disk name for internal ceph storage
-        # It should be a raw formatted disk
-        # E.g: sdb
-        cephDisk: ""
-
-    loadbalancer:
-        # Type of dkube proxy service, possible values are nodeport and loadbalancer
-        # Please use loadbalancer if kubeProvider is gke.
-        access: "nodeport"
-
-        # 'true' - to install MetalLB Loadbalancer
-        # Must fill LB_VIP_POOL if true
-        metallb: "false"
-
-        # Only CIDR notation is allowed. E.g: 192.168.2.0/24
-        # Valid only if installLoadbalancer is true
-        vipPool: ""
-
-    modelmonitor:
-        #To enable modelmonitor in dkube. (true / false)
-        enabled: false
-
-    DBAAS:
-        # To configure external database for dkube
-        # Supported mysql, sqlserver(mssql)
-        # Empty will pickup default sql db installed with dkube
-        database: ""
-
-        # Syntaxes here can be followed to specify dsn https://gorm.io/docs/connecting_to_the_database.html
-        dsn: ""
-
-    CICD:
-        #To enable tekton cicd with dkube. (true / false)
-        enabled: false
-
-        #Docker registry where CICD built images will be saved.
-        registryName: "docker.io/ocdr"
-        registryUsername: ""
-        registryPassword: ""
-
-        #For AWS ECR on EKS K8S cluster, enter registry as aws_account_id.dkr.ecr.region.amazonaws.com.
-        #registryName: "aws_account_id.dkr.ecr.region.amazonaws.com"
-        #Worker nodes should either have AmazonEC2ContainerRegistryFullAccess or if you are using KIAM
-        #based IAM control, provide an IAM role which has AmazonEC2ContainerRegistryFullAccess
-        #IAMRole: "arn:aws:iam::<aws_account_id>:role/<iam-role>"
-        IAMRole: ""
-
-    nodeAffinity:
-        # Nodes identified by labels on which the dkube pods must be scheduled.. Say management nodes. Unfilled means no binding. When filled there needs to be minimum of 3nodes in case of HA and one node in case of non-HA
-        # Example: DKUBE_NODES_LABEL: key1=value1
-        dkubeNodesLabel: ""
-
-        # Nodes to be tolerated by dkube control plane pods so that only they can be scheduled on the nodes
-        # Example: DKUBE_NODES_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule
-        dkubeNodesTaints: ""
-
-        # Taints of the nodes where gpu workloads must be scheduled.
-        # Example: GPU_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule
-        gpuWorkloadTaints: ""
-
-        # Taints of the nodes where production workloads must be scheduled.
-        # Example: PRODUCTION_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule
-        productionWorkloadTaints: ""
-
-    # Dockerhub Secrets for OCDR images
-    # If you don't create, this will be auto-created with default values.
-    dkubeDockerhubCredentialsSecret: "dkube-dockerhub-secret"
-
-    # AWS IAM role
-    # Valid only if KUBE_PROVIDER=eks
-    # This will be set as an annotation in few deployments
-    # Format should be like:
-    # IAMRole: "<key>: <iam role>"
-    # eg: IAMRole: "iam.amazonaws.com/role: arn:aws:iam::123456789012:role/myrole"
-    IAMRole: ""
-
diff --git a/charts/tetrate-istio/istiod-tid/Chart.yaml b/charts/tetrate-istio/istiod-tid/Chart.yaml
deleted file mode 100644
index e55413199..000000000
--- a/charts/tetrate-istio/istiod-tid/Chart.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-annotations:
-  catalog.cattle.io/certified: partner
-  catalog.cattle.io/display-name: Tetrate Istio Distro
-  catalog.cattle.io/namespace: istio-system
-  catalog.cattle.io/release-name: istiod-tid
-  catalog.cattle.io/upstream-version: 1.12.6
-apiVersion: v1
-appVersion: 1.12.6
-description: Tetrate Istio Distro Istiod is simple, safe enterprise-grade Service
-  Mesh.
-home: https://istio.tetratelabs.io
-icon: https://istio.tetratelabs.io/images/getistio-favicon.png
-keywords:
-- istio
-- istiod
-- istio-discovery
-- tid
-- tetrate
-- distribution
-- networking
-- infrastructure
-kubeVersion: '>= 1.19.0-0 < 1.23.0-0'
-maintainers:
-- email: tetrate@tetrate.io
-  name: tetrate
-name: istiod-tid
-version: 1.12.600
diff --git a/charts/tetrate-istio/istiod-tid/app-readme.md b/charts/tetrate-istio/istiod-tid/app-readme.md
deleted file mode 100644
index a55a2b851..000000000
--- a/charts/tetrate-istio/istiod-tid/app-readme.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# Tetrate Istio Distro Istiod module
-
-[Tetrate Istio Distro](https://istio.tetratelabs.io/) is simple, safe enterprise-grade Istio distro.
-
-## Installing the Chart
-
-Istio-base is being installed as part of this Chart, no need to separately deploy CRDs as they  are installed in the cluster in the form of dependancy.
-
-Please specify the correct version during next step. The full list is available at: https://istio.tetratelabs.io/download 
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/Chart.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/Chart.yaml
deleted file mode 100644
index 837175dbd..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/Chart.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-appVersion: 1.12.6
-description: Helm chart for deploying Istio cluster resources and CRDs
-icon: https://istio.io/latest/favicons/android-192x192.png
-keywords:
-- istio
-name: tid-base
-version: 1.12.6
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-all.gen.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-all.gen.yaml
deleted file mode 100644
index c2999ea16..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-all.gen.yaml
+++ /dev/null
@@ -1,5941 +0,0 @@
-# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: wasmplugins.extensions.istio.io
-spec:
-  group: extensions.istio.io
-  names:
-    categories:
-    - istio-io
-    - extensions-istio-io
-    kind: WasmPlugin
-    listKind: WasmPluginList
-    plural: wasmplugins
-    singular: wasmplugin
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Extend the functionality provided by the Istio proxy through
-              WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
-            properties:
-              imagePullPolicy:
-                description: The pull behaviour to be applied when fetching an OCI
-                  image.
-                enum:
-                - UNSPECIFIED_POLICY
-                - IfNotPresent
-                - Always
-                type: string
-              imagePullSecret:
-                description: Credentials to use for OCI image pulling.
-                type: string
-              phase:
-                description: Determines where in the filter chain this `WasmPlugin`
-                  is to be injected.
-                enum:
-                - UNSPECIFIED_PHASE
-                - AUTHN
-                - AUTHZ
-                - STATS
-                type: string
-              pluginConfig:
-                description: The configuration that will be passed on to the plugin.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              pluginName:
-                type: string
-              priority:
-                description: Determines ordering of `WasmPlugins` in the same `phase`.
-                nullable: true
-                type: integer
-              selector:
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              sha256:
-                description: SHA256 checksum that will be used to verify Wasm module
-                  or OCI container.
-                type: string
-              url:
-                description: URL of a Wasm module or OCI container.
-                type: string
-              verificationKey:
-                type: string
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: destinationrules.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: DestinationRule
-    listKind: DestinationRuleList
-    plural: destinationrules
-    shortNames:
-    - dr
-    singular: destinationrule
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: envoyfilters.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: EnvoyFilter
-    listKind: EnvoyFilterList
-    plural: envoyfilters
-    singular: envoyfilter
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Customizing Envoy configuration generated by Istio. See
-              more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
-            properties:
-              configPatches:
-                description: One or more patches with match conditions.
-                items:
-                  properties:
-                    applyTo:
-                      enum:
-                      - INVALID
-                      - LISTENER
-                      - FILTER_CHAIN
-                      - NETWORK_FILTER
-                      - HTTP_FILTER
-                      - ROUTE_CONFIGURATION
-                      - VIRTUAL_HOST
-                      - HTTP_ROUTE
-                      - CLUSTER
-                      - EXTENSION_CONFIG
-                      - BOOTSTRAP
-                      type: string
-                    match:
-                      description: Match on listener/route configuration/cluster.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - listener
-                          - required:
-                            - routeConfiguration
-                          - required:
-                            - cluster
-                      - required:
-                        - listener
-                      - required:
-                        - routeConfiguration
-                      - required:
-                        - cluster
-                      properties:
-                        cluster:
-                          description: Match on envoy cluster attributes.
-                          properties:
-                            name:
-                              description: The exact name of the cluster to match.
-                              type: string
-                            portNumber:
-                              description: The service port for which this cluster
-                                was generated.
-                              type: integer
-                            service:
-                              description: The fully qualified service name for this
-                                cluster.
-                              type: string
-                            subset:
-                              description: The subset associated with the service.
-                              type: string
-                          type: object
-                        context:
-                          description: The specific config generation context to match
-                            on.
-                          enum:
-                          - ANY
-                          - SIDECAR_INBOUND
-                          - SIDECAR_OUTBOUND
-                          - GATEWAY
-                          type: string
-                        listener:
-                          description: Match on envoy listener attributes.
-                          properties:
-                            filterChain:
-                              description: Match a specific filter chain in a listener.
-                              properties:
-                                applicationProtocols:
-                                  description: Applies only to sidecars.
-                                  type: string
-                                destinationPort:
-                                  description: The destination_port value used by
-                                    a filter chain's match condition.
-                                  type: integer
-                                filter:
-                                  description: The name of a specific filter to apply
-                                    the patch to.
-                                  properties:
-                                    name:
-                                      description: The filter name to match on.
-                                      type: string
-                                    subFilter:
-                                      properties:
-                                        name:
-                                          description: The filter name to match on.
-                                          type: string
-                                      type: object
-                                  type: object
-                                name:
-                                  description: The name assigned to the filter chain.
-                                  type: string
-                                sni:
-                                  description: The SNI value used by a filter chain's
-                                    match condition.
-                                  type: string
-                                transportProtocol:
-                                  description: Applies only to `SIDECAR_INBOUND` context.
-                                  type: string
-                              type: object
-                            name:
-                              description: Match a specific listener by its name.
-                              type: string
-                            portName:
-                              type: string
-                            portNumber:
-                              type: integer
-                          type: object
-                        proxy:
-                          description: Match on properties associated with a proxy.
-                          properties:
-                            metadata:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            proxyVersion:
-                              type: string
-                          type: object
-                        routeConfiguration:
-                          description: Match on envoy HTTP route configuration attributes.
-                          properties:
-                            gateway:
-                              type: string
-                            name:
-                              description: Route configuration name to match on.
-                              type: string
-                            portName:
-                              description: Applicable only for GATEWAY context.
-                              type: string
-                            portNumber:
-                              type: integer
-                            vhost:
-                              properties:
-                                name:
-                                  type: string
-                                route:
-                                  description: Match a specific route within the virtual
-                                    host.
-                                  properties:
-                                    action:
-                                      description: Match a route with specific action
-                                        type.
-                                      enum:
-                                      - ANY
-                                      - ROUTE
-                                      - REDIRECT
-                                      - DIRECT_RESPONSE
-                                      type: string
-                                    name:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                      type: object
-                    patch:
-                      description: The patch to apply along with the operation.
-                      properties:
-                        filterClass:
-                          description: Determines the filter insertion order.
-                          enum:
-                          - UNSPECIFIED
-                          - AUTHN
-                          - AUTHZ
-                          - STATS
-                          type: string
-                        operation:
-                          description: Determines how the patch should be applied.
-                          enum:
-                          - INVALID
-                          - MERGE
-                          - ADD
-                          - REMOVE
-                          - INSERT_BEFORE
-                          - INSERT_AFTER
-                          - INSERT_FIRST
-                          - REPLACE
-                          type: string
-                        value:
-                          description: The JSON config of the object being patched.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                      type: object
-                  type: object
-                type: array
-              priority:
-                description: Priority defines the order in which patch sets are applied
-                  within a context.
-                format: int32
-                type: integer
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: gateways.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Gateway
-    listKind: GatewayList
-    plural: gateways
-    shortNames:
-    - gw
-    singular: gateway
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: serviceentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: ServiceEntry
-    listKind: ServiceEntryList
-    plural: serviceentries
-    shortNames:
-    - se
-    singular: serviceentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: sidecars.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Sidecar
-    listKind: SidecarList
-    plural: sidecars
-    singular: sidecar
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: virtualservices.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: VirtualService
-    listKind: VirtualServiceList
-    plural: virtualservices
-    shortNames:
-    - vs
-    singular: virtualservice
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadEntry
-    listKind: WorkloadEntryList
-    plural: workloadentries
-    shortNames:
-    - we
-    singular: workloadentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadgroups.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadGroup
-    listKind: WorkloadGroupList
-    plural: workloadgroups
-    shortNames:
-    - wg
-    singular: workloadgroup
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Describes a collection of workload instances. See more details
-              at: https://istio.io/docs/reference/config/networking/workload-group.html'
-            properties:
-              metadata:
-                description: Metadata that will be used for all corresponding `WorkloadEntries`.
-                properties:
-                  annotations:
-                    additionalProperties:
-                      type: string
-                    type: object
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              probe:
-                description: '`ReadinessProbe` describes the configuration the user
-                  must provide for healthchecking on their workload.'
-                oneOf:
-                - not:
-                    anyOf:
-                    - required:
-                      - httpGet
-                    - required:
-                      - tcpSocket
-                    - required:
-                      - exec
-                - required:
-                  - httpGet
-                - required:
-                  - tcpSocket
-                - required:
-                  - exec
-                properties:
-                  exec:
-                    description: Health is determined by how the command that is executed
-                      exited.
-                    properties:
-                      command:
-                        description: Command to run.
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  failureThreshold:
-                    description: Minimum consecutive failures for the probe to be
-                      considered failed after having succeeded.
-                    format: int32
-                    type: integer
-                  httpGet:
-                    properties:
-                      host:
-                        description: Host name to connect to, defaults to the pod
-                          IP.
-                        type: string
-                      httpHeaders:
-                        description: Headers the proxy will pass on to make the request.
-                        items:
-                          properties:
-                            name:
-                              type: string
-                            value:
-                              type: string
-                          type: object
-                        type: array
-                      path:
-                        description: Path to access on the HTTP server.
-                        type: string
-                      port:
-                        description: Port on which the endpoint lives.
-                        type: integer
-                      scheme:
-                        type: string
-                    type: object
-                  initialDelaySeconds:
-                    description: Number of seconds after the container has started
-                      before readiness probes are initiated.
-                    format: int32
-                    type: integer
-                  periodSeconds:
-                    description: How often (in seconds) to perform the probe.
-                    format: int32
-                    type: integer
-                  successThreshold:
-                    description: Minimum consecutive successes for the probe to be
-                      considered successful after having failed.
-                    format: int32
-                    type: integer
-                  tcpSocket:
-                    description: Health is determined by if the proxy is able to connect.
-                    properties:
-                      host:
-                        type: string
-                      port:
-                        type: integer
-                    type: object
-                  timeoutSeconds:
-                    description: Number of seconds after which the probe times out.
-                    format: int32
-                    type: integer
-                type: object
-              template:
-                description: Template to be used for the generation of `WorkloadEntry`
-                  resources that belong to this `WorkloadGroup`.
-                properties:
-                  address:
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: One or more labels associated with the endpoint.
-                    type: object
-                  locality:
-                    description: The locality associated with the endpoint.
-                    type: string
-                  network:
-                    type: string
-                  ports:
-                    additionalProperties:
-                      type: integer
-                    description: Set of ports associated with the endpoint.
-                    type: object
-                  serviceAccount:
-                    type: string
-                  weight:
-                    description: The load balancing weight associated with the endpoint.
-                    type: integer
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: authorizationpolicies.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: AuthorizationPolicy
-    listKind: AuthorizationPolicyList
-    plural: authorizationpolicies
-    singular: authorizationpolicy
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration for access control on workloads. See more
-              details at: https://istio.io/docs/reference/config/security/authorization-policy.html'
-            oneOf:
-            - not:
-                anyOf:
-                - required:
-                  - provider
-            - required:
-              - provider
-            properties:
-              action:
-                description: Optional.
-                enum:
-                - ALLOW
-                - DENY
-                - AUDIT
-                - CUSTOM
-                type: string
-              provider:
-                description: Specifies detailed configuration of the CUSTOM action.
-                properties:
-                  name:
-                    description: Specifies the name of the extension provider.
-                    type: string
-                type: object
-              rules:
-                description: Optional.
-                items:
-                  properties:
-                    from:
-                      description: Optional.
-                      items:
-                        properties:
-                          source:
-                            description: Source specifies the source of a request.
-                            properties:
-                              ipBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              namespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notNamespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRemoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRequestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              principals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              remoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              requestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    to:
-                      description: Optional.
-                      items:
-                        properties:
-                          operation:
-                            description: Operation specifies the operation of a request.
-                            properties:
-                              hosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              methods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notHosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notMethods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPaths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPorts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              paths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              ports:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    when:
-                      description: Optional.
-                      items:
-                        properties:
-                          key:
-                            description: The name of an Istio attribute.
-                            type: string
-                          notValues:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                          values:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: peerauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: PeerAuthentication
-    listKind: PeerAuthenticationList
-    plural: peerauthentications
-    shortNames:
-    - pa
-    singular: peerauthentication
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Defines the mTLS mode used for peer authentication.
-      jsonPath: .spec.mtls.mode
-      name: Mode
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: PeerAuthentication defines how traffic will be tunneled (or
-              not) to the sidecar.
-            properties:
-              mtls:
-                description: Mutual TLS settings for workload.
-                properties:
-                  mode:
-                    description: Defines the mTLS mode used for peer authentication.
-                    enum:
-                    - UNSET
-                    - DISABLE
-                    - PERMISSIVE
-                    - STRICT
-                    type: string
-                type: object
-              portLevelMtls:
-                additionalProperties:
-                  properties:
-                    mode:
-                      description: Defines the mTLS mode used for peer authentication.
-                      enum:
-                      - UNSET
-                      - DISABLE
-                      - PERMISSIVE
-                      - STRICT
-                      type: string
-                  type: object
-                description: Port specific mutual TLS settings.
-                type: object
-              selector:
-                description: The selector determines the workloads to apply the ChannelAuthentication
-                  on.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: requestauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: RequestAuthentication
-    listKind: RequestAuthenticationList
-    plural: requestauthentications
-    shortNames:
-    - ra
-    singular: requestauthentication
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: RequestAuthentication defines what request authentication
-              methods are supported by a workload.
-            properties:
-              jwtRules:
-                description: Define the list of JWTs that can be validated at the
-                  selected workloads' proxy.
-                items:
-                  properties:
-                    audiences:
-                      items:
-                        type: string
-                      type: array
-                    forwardOriginalToken:
-                      description: If set to true, the original token will be kept
-                        for the upstream request.
-                      type: boolean
-                    fromHeaders:
-                      description: List of header locations from which JWT is expected.
-                      items:
-                        properties:
-                          name:
-                            description: The HTTP header name.
-                            type: string
-                          prefix:
-                            description: The prefix that should be stripped before
-                              decoding the token.
-                            type: string
-                        type: object
-                      type: array
-                    fromParams:
-                      description: List of query parameters from which JWT is expected.
-                      items:
-                        type: string
-                      type: array
-                    issuer:
-                      description: Identifies the issuer that issued the JWT.
-                      type: string
-                    jwks:
-                      description: JSON Web Key Set of public keys to validate signature
-                        of the JWT.
-                      type: string
-                    jwks_uri:
-                      type: string
-                    jwksUri:
-                      type: string
-                    outputPayloadToHeader:
-                      type: string
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: telemetry
-    release: istio
-  name: telemetries.telemetry.istio.io
-spec:
-  group: telemetry.istio.io
-  names:
-    categories:
-    - istio-io
-    - telemetry-istio-io
-    kind: Telemetry
-    listKind: TelemetryList
-    plural: telemetries
-    shortNames:
-    - telemetry
-    singular: telemetry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Telemetry configuration for workloads. See more details
-              at: https://istio.io/docs/reference/config/telemetry.html'
-            properties:
-              accessLogging:
-                description: Optional.
-                items:
-                  properties:
-                    disabled:
-                      description: Controls logging.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              metrics:
-                description: Optional.
-                items:
-                  properties:
-                    overrides:
-                      description: Optional.
-                      items:
-                        properties:
-                          disabled:
-                            description: Optional.
-                            nullable: true
-                            type: boolean
-                          match:
-                            description: Match allows provides the scope of the override.
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - metric
-                                - required:
-                                  - customMetric
-                            - required:
-                              - metric
-                            - required:
-                              - customMetric
-                            properties:
-                              customMetric:
-                                description: Allows free-form specification of a metric.
-                                type: string
-                              metric:
-                                description: One of the well-known Istio Standard
-                                  Metrics.
-                                enum:
-                                - ALL_METRICS
-                                - REQUEST_COUNT
-                                - REQUEST_DURATION
-                                - REQUEST_SIZE
-                                - RESPONSE_SIZE
-                                - TCP_OPENED_CONNECTIONS
-                                - TCP_CLOSED_CONNECTIONS
-                                - TCP_SENT_BYTES
-                                - TCP_RECEIVED_BYTES
-                                - GRPC_REQUEST_MESSAGES
-                                - GRPC_RESPONSE_MESSAGES
-                                type: string
-                              mode:
-                                description: 'Controls which mode of metrics generation
-                                  is selected: CLIENT and/or SERVER.'
-                                enum:
-                                - CLIENT_AND_SERVER
-                                - CLIENT
-                                - SERVER
-                                type: string
-                            type: object
-                          tagOverrides:
-                            additionalProperties:
-                              properties:
-                                operation:
-                                  description: Operation controls whether or not to
-                                    update/add a tag, or to remove it.
-                                  enum:
-                                  - UPSERT
-                                  - REMOVE
-                                  type: string
-                                value:
-                                  description: Value is only considered if the operation
-                                    is `UPSERT`.
-                                  type: string
-                              type: object
-                            description: Optional.
-                            type: object
-                        type: object
-                      type: array
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              tracing:
-                description: Optional.
-                items:
-                  properties:
-                    customTags:
-                      additionalProperties:
-                        oneOf:
-                        - not:
-                            anyOf:
-                            - required:
-                              - literal
-                            - required:
-                              - environment
-                            - required:
-                              - header
-                        - required:
-                          - literal
-                        - required:
-                          - environment
-                        - required:
-                          - header
-                        properties:
-                          environment:
-                            description: Environment adds the value of an environment
-                              variable to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the environment variable from
-                                  which to extract the tag value.
-                                type: string
-                            type: object
-                          header:
-                            description: RequestHeader adds the value of an header
-                              from the request to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the header from which to extract
-                                  the tag value.
-                                type: string
-                            type: object
-                          literal:
-                            description: Literal adds the same, hard-coded value to
-                              each span.
-                            properties:
-                              value:
-                                description: The tag value to use.
-                                type: string
-                            type: object
-                        type: object
-                      description: Optional.
-                      type: object
-                    disableSpanReporting:
-                      description: Controls span reporting.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                    randomSamplingPercentage:
-                      nullable: true
-                      type: number
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-operator.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-operator.yaml
deleted file mode 100644
index 2a80f4186..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/crds/crd-operator.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-# SYNC WITH manifests/charts/istio-operator/templates
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: istiooperators.install.istio.io
-  labels:
-    release: istio
-spec:
-  conversion:
-    strategy: None
-  group: install.istio.io
-  names:
-    kind: IstioOperator
-    listKind: IstioOperatorList
-    plural: istiooperators
-    singular: istiooperator
-    shortNames:
-    - iop
-    - io
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Istio control plane revision
-      jsonPath: .spec.revision
-      name: Revision
-      type: string
-    - description: IOP current state
-      jsonPath: .status.status
-      name: Status
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    subresources:
-      status: {}
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    served: true
-    storage: true
----
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/files/gen-istio-cluster.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/files/gen-istio-cluster.yaml
deleted file mode 100644
index da4025a7d..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/files/gen-istio-cluster.yaml
+++ /dev/null
@@ -1,6301 +0,0 @@
----
-# Source: crds/crd-all.gen.yaml
-# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: wasmplugins.extensions.istio.io
-spec:
-  group: extensions.istio.io
-  names:
-    categories:
-    - istio-io
-    - extensions-istio-io
-    kind: WasmPlugin
-    listKind: WasmPluginList
-    plural: wasmplugins
-    singular: wasmplugin
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Extend the functionality provided by the Istio proxy through
-              WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
-            properties:
-              imagePullPolicy:
-                description: The pull behaviour to be applied when fetching an OCI
-                  image.
-                enum:
-                - UNSPECIFIED_POLICY
-                - IfNotPresent
-                - Always
-                type: string
-              imagePullSecret:
-                description: Credentials to use for OCI image pulling.
-                type: string
-              phase:
-                description: Determines where in the filter chain this `WasmPlugin`
-                  is to be injected.
-                enum:
-                - UNSPECIFIED_PHASE
-                - AUTHN
-                - AUTHZ
-                - STATS
-                type: string
-              pluginConfig:
-                description: The configuration that will be passed on to the plugin.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              pluginName:
-                type: string
-              priority:
-                description: Determines ordering of `WasmPlugins` in the same `phase`.
-                nullable: true
-                type: integer
-              selector:
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              sha256:
-                description: SHA256 checksum that will be used to verify Wasm module
-                  or OCI container.
-                type: string
-              url:
-                description: URL of a Wasm module or OCI container.
-                type: string
-              verificationKey:
-                type: string
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: destinationrules.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: DestinationRule
-    listKind: DestinationRuleList
-    plural: destinationrules
-    shortNames:
-    - dr
-    singular: destinationrule
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: envoyfilters.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: EnvoyFilter
-    listKind: EnvoyFilterList
-    plural: envoyfilters
-    singular: envoyfilter
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Customizing Envoy configuration generated by Istio. See
-              more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
-            properties:
-              configPatches:
-                description: One or more patches with match conditions.
-                items:
-                  properties:
-                    applyTo:
-                      enum:
-                      - INVALID
-                      - LISTENER
-                      - FILTER_CHAIN
-                      - NETWORK_FILTER
-                      - HTTP_FILTER
-                      - ROUTE_CONFIGURATION
-                      - VIRTUAL_HOST
-                      - HTTP_ROUTE
-                      - CLUSTER
-                      - EXTENSION_CONFIG
-                      - BOOTSTRAP
-                      type: string
-                    match:
-                      description: Match on listener/route configuration/cluster.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - listener
-                          - required:
-                            - routeConfiguration
-                          - required:
-                            - cluster
-                      - required:
-                        - listener
-                      - required:
-                        - routeConfiguration
-                      - required:
-                        - cluster
-                      properties:
-                        cluster:
-                          description: Match on envoy cluster attributes.
-                          properties:
-                            name:
-                              description: The exact name of the cluster to match.
-                              type: string
-                            portNumber:
-                              description: The service port for which this cluster
-                                was generated.
-                              type: integer
-                            service:
-                              description: The fully qualified service name for this
-                                cluster.
-                              type: string
-                            subset:
-                              description: The subset associated with the service.
-                              type: string
-                          type: object
-                        context:
-                          description: The specific config generation context to match
-                            on.
-                          enum:
-                          - ANY
-                          - SIDECAR_INBOUND
-                          - SIDECAR_OUTBOUND
-                          - GATEWAY
-                          type: string
-                        listener:
-                          description: Match on envoy listener attributes.
-                          properties:
-                            filterChain:
-                              description: Match a specific filter chain in a listener.
-                              properties:
-                                applicationProtocols:
-                                  description: Applies only to sidecars.
-                                  type: string
-                                destinationPort:
-                                  description: The destination_port value used by
-                                    a filter chain's match condition.
-                                  type: integer
-                                filter:
-                                  description: The name of a specific filter to apply
-                                    the patch to.
-                                  properties:
-                                    name:
-                                      description: The filter name to match on.
-                                      type: string
-                                    subFilter:
-                                      properties:
-                                        name:
-                                          description: The filter name to match on.
-                                          type: string
-                                      type: object
-                                  type: object
-                                name:
-                                  description: The name assigned to the filter chain.
-                                  type: string
-                                sni:
-                                  description: The SNI value used by a filter chain's
-                                    match condition.
-                                  type: string
-                                transportProtocol:
-                                  description: Applies only to `SIDECAR_INBOUND` context.
-                                  type: string
-                              type: object
-                            name:
-                              description: Match a specific listener by its name.
-                              type: string
-                            portName:
-                              type: string
-                            portNumber:
-                              type: integer
-                          type: object
-                        proxy:
-                          description: Match on properties associated with a proxy.
-                          properties:
-                            metadata:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            proxyVersion:
-                              type: string
-                          type: object
-                        routeConfiguration:
-                          description: Match on envoy HTTP route configuration attributes.
-                          properties:
-                            gateway:
-                              type: string
-                            name:
-                              description: Route configuration name to match on.
-                              type: string
-                            portName:
-                              description: Applicable only for GATEWAY context.
-                              type: string
-                            portNumber:
-                              type: integer
-                            vhost:
-                              properties:
-                                name:
-                                  type: string
-                                route:
-                                  description: Match a specific route within the virtual
-                                    host.
-                                  properties:
-                                    action:
-                                      description: Match a route with specific action
-                                        type.
-                                      enum:
-                                      - ANY
-                                      - ROUTE
-                                      - REDIRECT
-                                      - DIRECT_RESPONSE
-                                      type: string
-                                    name:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                      type: object
-                    patch:
-                      description: The patch to apply along with the operation.
-                      properties:
-                        filterClass:
-                          description: Determines the filter insertion order.
-                          enum:
-                          - UNSPECIFIED
-                          - AUTHN
-                          - AUTHZ
-                          - STATS
-                          type: string
-                        operation:
-                          description: Determines how the patch should be applied.
-                          enum:
-                          - INVALID
-                          - MERGE
-                          - ADD
-                          - REMOVE
-                          - INSERT_BEFORE
-                          - INSERT_AFTER
-                          - INSERT_FIRST
-                          - REPLACE
-                          type: string
-                        value:
-                          description: The JSON config of the object being patched.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                      type: object
-                  type: object
-                type: array
-              priority:
-                description: Priority defines the order in which patch sets are applied
-                  within a context.
-                format: int32
-                type: integer
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: gateways.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Gateway
-    listKind: GatewayList
-    plural: gateways
-    shortNames:
-    - gw
-    singular: gateway
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: serviceentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: ServiceEntry
-    listKind: ServiceEntryList
-    plural: serviceentries
-    shortNames:
-    - se
-    singular: serviceentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: sidecars.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Sidecar
-    listKind: SidecarList
-    plural: sidecars
-    singular: sidecar
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: virtualservices.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: VirtualService
-    listKind: VirtualServiceList
-    plural: virtualservices
-    shortNames:
-    - vs
-    singular: virtualservice
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadEntry
-    listKind: WorkloadEntryList
-    plural: workloadentries
-    shortNames:
-    - we
-    singular: workloadentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadgroups.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadGroup
-    listKind: WorkloadGroupList
-    plural: workloadgroups
-    shortNames:
-    - wg
-    singular: workloadgroup
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Describes a collection of workload instances. See more details
-              at: https://istio.io/docs/reference/config/networking/workload-group.html'
-            properties:
-              metadata:
-                description: Metadata that will be used for all corresponding `WorkloadEntries`.
-                properties:
-                  annotations:
-                    additionalProperties:
-                      type: string
-                    type: object
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              probe:
-                description: '`ReadinessProbe` describes the configuration the user
-                  must provide for healthchecking on their workload.'
-                oneOf:
-                - not:
-                    anyOf:
-                    - required:
-                      - httpGet
-                    - required:
-                      - tcpSocket
-                    - required:
-                      - exec
-                - required:
-                  - httpGet
-                - required:
-                  - tcpSocket
-                - required:
-                  - exec
-                properties:
-                  exec:
-                    description: Health is determined by how the command that is executed
-                      exited.
-                    properties:
-                      command:
-                        description: Command to run.
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  failureThreshold:
-                    description: Minimum consecutive failures for the probe to be
-                      considered failed after having succeeded.
-                    format: int32
-                    type: integer
-                  httpGet:
-                    properties:
-                      host:
-                        description: Host name to connect to, defaults to the pod
-                          IP.
-                        type: string
-                      httpHeaders:
-                        description: Headers the proxy will pass on to make the request.
-                        items:
-                          properties:
-                            name:
-                              type: string
-                            value:
-                              type: string
-                          type: object
-                        type: array
-                      path:
-                        description: Path to access on the HTTP server.
-                        type: string
-                      port:
-                        description: Port on which the endpoint lives.
-                        type: integer
-                      scheme:
-                        type: string
-                    type: object
-                  initialDelaySeconds:
-                    description: Number of seconds after the container has started
-                      before readiness probes are initiated.
-                    format: int32
-                    type: integer
-                  periodSeconds:
-                    description: How often (in seconds) to perform the probe.
-                    format: int32
-                    type: integer
-                  successThreshold:
-                    description: Minimum consecutive successes for the probe to be
-                      considered successful after having failed.
-                    format: int32
-                    type: integer
-                  tcpSocket:
-                    description: Health is determined by if the proxy is able to connect.
-                    properties:
-                      host:
-                        type: string
-                      port:
-                        type: integer
-                    type: object
-                  timeoutSeconds:
-                    description: Number of seconds after which the probe times out.
-                    format: int32
-                    type: integer
-                type: object
-              template:
-                description: Template to be used for the generation of `WorkloadEntry`
-                  resources that belong to this `WorkloadGroup`.
-                properties:
-                  address:
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: One or more labels associated with the endpoint.
-                    type: object
-                  locality:
-                    description: The locality associated with the endpoint.
-                    type: string
-                  network:
-                    type: string
-                  ports:
-                    additionalProperties:
-                      type: integer
-                    description: Set of ports associated with the endpoint.
-                    type: object
-                  serviceAccount:
-                    type: string
-                  weight:
-                    description: The load balancing weight associated with the endpoint.
-                    type: integer
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: authorizationpolicies.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: AuthorizationPolicy
-    listKind: AuthorizationPolicyList
-    plural: authorizationpolicies
-    singular: authorizationpolicy
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration for access control on workloads. See more
-              details at: https://istio.io/docs/reference/config/security/authorization-policy.html'
-            oneOf:
-            - not:
-                anyOf:
-                - required:
-                  - provider
-            - required:
-              - provider
-            properties:
-              action:
-                description: Optional.
-                enum:
-                - ALLOW
-                - DENY
-                - AUDIT
-                - CUSTOM
-                type: string
-              provider:
-                description: Specifies detailed configuration of the CUSTOM action.
-                properties:
-                  name:
-                    description: Specifies the name of the extension provider.
-                    type: string
-                type: object
-              rules:
-                description: Optional.
-                items:
-                  properties:
-                    from:
-                      description: Optional.
-                      items:
-                        properties:
-                          source:
-                            description: Source specifies the source of a request.
-                            properties:
-                              ipBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              namespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notNamespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRemoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRequestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              principals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              remoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              requestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    to:
-                      description: Optional.
-                      items:
-                        properties:
-                          operation:
-                            description: Operation specifies the operation of a request.
-                            properties:
-                              hosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              methods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notHosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notMethods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPaths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPorts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              paths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              ports:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    when:
-                      description: Optional.
-                      items:
-                        properties:
-                          key:
-                            description: The name of an Istio attribute.
-                            type: string
-                          notValues:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                          values:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: peerauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: PeerAuthentication
-    listKind: PeerAuthenticationList
-    plural: peerauthentications
-    shortNames:
-    - pa
-    singular: peerauthentication
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Defines the mTLS mode used for peer authentication.
-      jsonPath: .spec.mtls.mode
-      name: Mode
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: PeerAuthentication defines how traffic will be tunneled (or
-              not) to the sidecar.
-            properties:
-              mtls:
-                description: Mutual TLS settings for workload.
-                properties:
-                  mode:
-                    description: Defines the mTLS mode used for peer authentication.
-                    enum:
-                    - UNSET
-                    - DISABLE
-                    - PERMISSIVE
-                    - STRICT
-                    type: string
-                type: object
-              portLevelMtls:
-                additionalProperties:
-                  properties:
-                    mode:
-                      description: Defines the mTLS mode used for peer authentication.
-                      enum:
-                      - UNSET
-                      - DISABLE
-                      - PERMISSIVE
-                      - STRICT
-                      type: string
-                  type: object
-                description: Port specific mutual TLS settings.
-                type: object
-              selector:
-                description: The selector determines the workloads to apply the ChannelAuthentication
-                  on.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: requestauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: RequestAuthentication
-    listKind: RequestAuthenticationList
-    plural: requestauthentications
-    shortNames:
-    - ra
-    singular: requestauthentication
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: RequestAuthentication defines what request authentication
-              methods are supported by a workload.
-            properties:
-              jwtRules:
-                description: Define the list of JWTs that can be validated at the
-                  selected workloads' proxy.
-                items:
-                  properties:
-                    audiences:
-                      items:
-                        type: string
-                      type: array
-                    forwardOriginalToken:
-                      description: If set to true, the original token will be kept
-                        for the upstream request.
-                      type: boolean
-                    fromHeaders:
-                      description: List of header locations from which JWT is expected.
-                      items:
-                        properties:
-                          name:
-                            description: The HTTP header name.
-                            type: string
-                          prefix:
-                            description: The prefix that should be stripped before
-                              decoding the token.
-                            type: string
-                        type: object
-                      type: array
-                    fromParams:
-                      description: List of query parameters from which JWT is expected.
-                      items:
-                        type: string
-                      type: array
-                    issuer:
-                      description: Identifies the issuer that issued the JWT.
-                      type: string
-                    jwks:
-                      description: JSON Web Key Set of public keys to validate signature
-                        of the JWT.
-                      type: string
-                    jwks_uri:
-                      type: string
-                    jwksUri:
-                      type: string
-                    outputPayloadToHeader:
-                      type: string
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: telemetry
-    release: istio
-  name: telemetries.telemetry.istio.io
-spec:
-  group: telemetry.istio.io
-  names:
-    categories:
-    - istio-io
-    - telemetry-istio-io
-    kind: Telemetry
-    listKind: TelemetryList
-    plural: telemetries
-    shortNames:
-    - telemetry
-    singular: telemetry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Telemetry configuration for workloads. See more details
-              at: https://istio.io/docs/reference/config/telemetry.html'
-            properties:
-              accessLogging:
-                description: Optional.
-                items:
-                  properties:
-                    disabled:
-                      description: Controls logging.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              metrics:
-                description: Optional.
-                items:
-                  properties:
-                    overrides:
-                      description: Optional.
-                      items:
-                        properties:
-                          disabled:
-                            description: Optional.
-                            nullable: true
-                            type: boolean
-                          match:
-                            description: Match allows provides the scope of the override.
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - metric
-                                - required:
-                                  - customMetric
-                            - required:
-                              - metric
-                            - required:
-                              - customMetric
-                            properties:
-                              customMetric:
-                                description: Allows free-form specification of a metric.
-                                type: string
-                              metric:
-                                description: One of the well-known Istio Standard
-                                  Metrics.
-                                enum:
-                                - ALL_METRICS
-                                - REQUEST_COUNT
-                                - REQUEST_DURATION
-                                - REQUEST_SIZE
-                                - RESPONSE_SIZE
-                                - TCP_OPENED_CONNECTIONS
-                                - TCP_CLOSED_CONNECTIONS
-                                - TCP_SENT_BYTES
-                                - TCP_RECEIVED_BYTES
-                                - GRPC_REQUEST_MESSAGES
-                                - GRPC_RESPONSE_MESSAGES
-                                type: string
-                              mode:
-                                description: 'Controls which mode of metrics generation
-                                  is selected: CLIENT and/or SERVER.'
-                                enum:
-                                - CLIENT_AND_SERVER
-                                - CLIENT
-                                - SERVER
-                                type: string
-                            type: object
-                          tagOverrides:
-                            additionalProperties:
-                              properties:
-                                operation:
-                                  description: Operation controls whether or not to
-                                    update/add a tag, or to remove it.
-                                  enum:
-                                  - UPSERT
-                                  - REMOVE
-                                  type: string
-                                value:
-                                  description: Value is only considered if the operation
-                                    is `UPSERT`.
-                                  type: string
-                              type: object
-                            description: Optional.
-                            type: object
-                        type: object
-                      type: array
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              tracing:
-                description: Optional.
-                items:
-                  properties:
-                    customTags:
-                      additionalProperties:
-                        oneOf:
-                        - not:
-                            anyOf:
-                            - required:
-                              - literal
-                            - required:
-                              - environment
-                            - required:
-                              - header
-                        - required:
-                          - literal
-                        - required:
-                          - environment
-                        - required:
-                          - header
-                        properties:
-                          environment:
-                            description: Environment adds the value of an environment
-                              variable to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the environment variable from
-                                  which to extract the tag value.
-                                type: string
-                            type: object
-                          header:
-                            description: RequestHeader adds the value of an header
-                              from the request to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the header from which to extract
-                                  the tag value.
-                                type: string
-                            type: object
-                          literal:
-                            description: Literal adds the same, hard-coded value to
-                              each span.
-                            properties:
-                              value:
-                                description: The tag value to use.
-                                type: string
-                            type: object
-                        type: object
-                      description: Optional.
-                      type: object
-                    disableSpanReporting:
-                      description: Controls span reporting.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                    randomSamplingPercentage:
-                      nullable: true
-                      type: number
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-
----
-# Source: crds/crd-operator.yaml
-# SYNC WITH manifests/charts/istio-operator/templates
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: istiooperators.install.istio.io
-  labels:
-    release: istio
-spec:
-  conversion:
-    strategy: None
-  group: install.istio.io
-  names:
-    kind: IstioOperator
-    listKind: IstioOperatorList
-    plural: istiooperators
-    singular: istiooperator
-    shortNames:
-    - iop
-    - io
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Istio control plane revision
-      jsonPath: .spec.revision
-      name: Revision
-      type: string
-    - description: IOP current state
-      jsonPath: .status.status
-      name: Status
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    subresources:
-      status: {}
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    served: true
-    storage: true
----
-
----
-# Source: base/templates/reader-serviceaccount.yaml
-# This service account aggregates reader permissions for the revisions in a given cluster
-# Should be used for remote secret creation.
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: istio-reader-service-account
-  namespace: istio-system
-  labels:
-    app: istio-reader
-    release: istio
----
-# Source: base/templates/serviceaccount.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: istiod-service-account
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
----
-# Source: base/templates/clusterrole.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-  # sidecar injection controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-
-  # configuration validation webhook controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-
-  # istio configuration
-  # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
-  # please proceed with caution
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
-    verbs: ["get", "watch", "list"]
-    resources: ["*"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries/status" ]
-
-  # auto-detect installed CRD definitions
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-
-  # discovery and routing
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-
-  # ingress controller
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-
-  # required for CA's namespace controller
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-
-  # Istiod and bootstrap.
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs: ["update", "create", "get", "delete", "watch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "signers"
-    resourceNames:
-    - "kubernetes.io/legacy-unknown"
-    verbs: ["approve"]
-
-  # Used by Istiod to verify the JWT tokens
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-
-  # Used by Istiod to verify gateway SDS
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
-  # Use for Kubernetes Service APIs
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"] # TODO: should be on just */status but wildcard is not supported
-    verbs: ["update"]
-
-  # Needed for multicluster secret reading, possibly ingress certs in the future
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "watch", "list"]
-
-  # Used for MCS serviceexport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list", "create", "delete"]
-
-  # Used for MCS serviceimport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-# Source: base/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istio-reader-istio-system
-  labels:
-    app: istio-reader
-    release: istio
-rules:
-  - apiGroups:
-      - "config.istio.io"
-      - "security.istio.io"
-      - "networking.istio.io"
-      - "authentication.istio.io"
-      - "rbac.istio.io"
-    resources: ["*"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-# Source: base/templates/clusterrolebinding.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istio-reader-istio-system
-  labels:
-    app: istio-reader
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istio-reader-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istio-reader-service-account
-    namespace: istio-system
----
-# Source: base/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: istio-system
----
-# Source: base/templates/role.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: istiod-istio-system
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-# permissions to verify the webhook is ready and rejecting
-# invalid config. We use --server-dry-run so no config is persisted.
-- apiGroups: ["networking.istio.io"]
-  verbs: ["create"]
-  resources: ["gateways"]
-
-# For storing CA secret
-- apiGroups: [""]
-  resources: ["secrets"]
-  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
-  verbs: ["create", "get", "watch", "list", "update", "delete"]
----
-# Source: base/templates/rolebinding.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: istiod-istio-system
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: istiod-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: istio-system
----
-# Source: base/templates/default.yaml
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: istiod-default-validator
-  labels:
-    app: istiod
-    release: istio
-    istio: istiod
-    istio.io/rev: default
-webhooks:
-  - name: validation.istio.io
-    clientConfig:
-      service:
-        name: istiod
-        namespace: istio-system
-        path: "/validate"
-    rules:
-      - operations:
-          - CREATE
-          - UPDATE
-        apiGroups:
-          - security.istio.io
-          - networking.istio.io
-        apiVersions:
-          - "*"
-        resources:
-          - "*"
-    # Fail open until the validation webhook is ready. The webhook controller
-    # will update this to `Fail` and patch in the `caBundle` when the webhook
-    # endpoint is ready.
-    failurePolicy: Ignore
-    sideEffects: None
-    admissionReviewVersions: ["v1beta1", "v1"]
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/kustomization.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/kustomization.yaml
deleted file mode 100644
index dbde62f0a..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - files/gen-istio-cluster.yaml
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/NOTES.txt b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/NOTES.txt
deleted file mode 100644
index 006450167..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/NOTES.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Istio base successfully installed!
-
-To learn more about the release, try:
-  $ helm status {{ .Release.Name }}
-  $ helm get all {{ .Release.Name }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrole.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrole.yaml
deleted file mode 100644
index ef3300348..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrole.yaml
+++ /dev/null
@@ -1,178 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-  # sidecar injection controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-
-  # configuration validation webhook controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-
-  # istio configuration
-  # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
-  # please proceed with caution
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
-    verbs: ["get", "watch", "list"]
-    resources: ["*"]
-{{- if .Values.global.istiod.enableAnalysis }}
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
-    verbs: ["update"]
-    # TODO: should be on just */status but wildcard is not supported
-    resources: ["*"]
-{{- end }}
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries/status" ]
-
-  # auto-detect installed CRD definitions
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-
-  # discovery and routing
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-
-  # ingress controller
-{{- if .Values.global.istiod.enableAnalysis }}
-  - apiGroups: ["extensions", "networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["extensions", "networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-{{- end}}
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-
-  # required for CA's namespace controller
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-
-  # Istiod and bootstrap.
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs: ["update", "create", "get", "delete", "watch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "signers"
-    resourceNames:
-    - "kubernetes.io/legacy-unknown"
-    verbs: ["approve"]
-
-  # Used by Istiod to verify the JWT tokens
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-
-  # Used by Istiod to verify gateway SDS
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
-  # Use for Kubernetes Service APIs
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"] # TODO: should be on just */status but wildcard is not supported
-    verbs: ["update"]
-
-  # Needed for multicluster secret reading, possibly ingress certs in the future
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "watch", "list"]
-
-  # Used for MCS serviceexport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list", "create", "delete"]
-
-  # Used for MCS serviceimport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istio-reader-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - "config.istio.io"
-      - "security.istio.io"
-      - "networking.istio.io"
-      - "authentication.istio.io"
-      - "rbac.istio.io"
-    resources: ["*"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
-{{- if or .Values.global.externalIstiod }}
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-{{- end}}
----
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrolebinding.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrolebinding.yaml
deleted file mode 100644
index d61729b29..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istio-reader-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istio-reader-{{ .Values.global.istioNamespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istio-reader-service-account
-    namespace: {{ .Values.global.istioNamespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-{{ .Values.global.istioNamespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: {{ .Values.global.istioNamespace }}
----
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/crds.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/crds.yaml
deleted file mode 100644
index 871ee2a6b..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/crds.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-{{- if .Values.base.enableCRDTemplates }}
-{{ .Files.Get "crds/crd-all.gen.yaml" }}
-{{ .Files.Get "crds/crd-operator.yaml" }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/default.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/default.yaml
deleted file mode 100644
index 9e85a3bad..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/default.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{- if not (eq .Values.defaultRevision "") }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: istiod-default-validator
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-    istio: istiod
-    istio.io/rev: {{ .Values.defaultRevision }}
-webhooks:
-  - name: validation.istio.io
-    clientConfig:
-      {{- if .Values.base.validationURL }}
-      url: {{ .Values.base.validationURL }}
-      {{- else }}
-      service:
-        {{- if (eq .Values.defaultRevision "default") }}
-        name: istiod
-        {{- else }}
-        name: istiod-{{ .Values.defaultRevision }}
-        {{- end }}
-        namespace: {{ .Values.global.istioNamespace }}
-        path: "/validate"
-      {{- end }}
-    rules:
-      - operations:
-          - CREATE
-          - UPDATE
-        apiGroups:
-          - security.istio.io
-          - networking.istio.io
-        apiVersions:
-          - "*"
-        resources:
-          - "*"
-    # Fail open until the validation webhook is ready. The webhook controller
-    # will update this to `Fail` and patch in the `caBundle` when the webhook
-    # endpoint is ready.
-    failurePolicy: Ignore
-    sideEffects: None
-    admissionReviewVersions: ["v1beta1", "v1"]
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/endpoints.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/endpoints.yaml
deleted file mode 100644
index 996152bb0..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/endpoints.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- if .Values.global.remotePilotAddress }}
-  {{- if not .Values.global.externalIstiod }}
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: istiod-remote
-  namespace: {{ .Release.Namespace }}
-subsets:
-- addresses:
-  - ip: {{ .Values.global.remotePilotAddress }}
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  {{- else if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }}
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: istiod
-  namespace: {{ .Release.Namespace }}
-subsets:
-- addresses:
-  - ip: {{ .Values.global.remotePilotAddress }}
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  {{- end }}
----
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/reader-serviceaccount.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/reader-serviceaccount.yaml
deleted file mode 100644
index d9ce18c27..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/reader-serviceaccount.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-# This service account aggregates reader permissions for the revisions in a given cluster
-# Should be used for remote secret creation.
-apiVersion: v1
-kind: ServiceAccount
-  {{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-    {{- end }}
-    {{- end }}
-metadata:
-  name: istio-reader-service-account
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/role.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/role.yaml
deleted file mode 100644
index ca1a4243f..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/role.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-# permissions to verify the webhook is ready and rejecting
-# invalid config. We use --server-dry-run so no config is persisted.
-- apiGroups: ["networking.istio.io"]
-  verbs: ["create"]
-  resources: ["gateways"]
-
-# For storing CA secret
-- apiGroups: [""]
-  resources: ["secrets"]
-  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
-  verbs: ["create", "get", "watch", "list", "update", "delete"]
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/rolebinding.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/rolebinding.yaml
deleted file mode 100644
index 2b591fb89..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/rolebinding.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: istiod-{{ .Values.global.istioNamespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: {{ .Values.global.istioNamespace }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/serviceaccount.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/serviceaccount.yaml
deleted file mode 100644
index ec25fd250..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: v1
-kind: ServiceAccount
-  {{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-  {{- end }}
-  {{- end }}
-metadata:
-  name: istiod-service-account
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/services.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/services.yaml
deleted file mode 100644
index 606fd4459..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/templates/services.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-{{- if .Values.global.remotePilotAddress }}
-  {{- if not .Values.global.externalIstiod }}
-# when istiod is enabled in remote cluster, we can't use istiod service name
-apiVersion: v1
-kind: Service
-metadata:
-  name: istiod-remote
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  clusterIP: None
-  {{- else }}
-# when istiod isn't enabled in remote cluster, we can use istiod service name
-apiVersion: v1
-kind: Service
-metadata:
-  name: istiod
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  # if the remotePilotAddress is IP addr, we use clusterIP: None.
-  # else, we use externalName
-  {{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }}
-  clusterIP: None
-  {{- else }}
-  type: ExternalName
-  externalName: {{ .Values.global.remotePilotAddress }}
-  {{- end }}
-  {{- end }}
----
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/charts/tid-base/values.yaml b/charts/tetrate-istio/istiod-tid/charts/tid-base/values.yaml
deleted file mode 100644
index 96a74562e..000000000
--- a/charts/tetrate-istio/istiod-tid/charts/tid-base/values.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-global:
-
-  # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace
-  # to use for pulling any images in pods that reference this ServiceAccount.
-  # Must be set for any cluster configured with private docker registry.
-  imagePullSecrets: []
-
-  # Used to locate istiod.
-  istioNamespace: istio-system
-
-  istiod:
-    enableAnalysis: false
-
-  configValidation: true
-  externalIstiod: false
-  remotePilotAddress: ""
-
-base:
-  # Used for helm2 to add the CRDs to templates.
-  enableCRDTemplates: false
-
-  # Validation webhook configuration url
-  # For example: https://$remotePilotAddress:15017/validate
-  validationURL: ""
-
-  # For istioctl usage to disable istio config crds in base
-  enableIstioConfigCRDs: true
-
-defaultRevision: "default"
diff --git a/charts/tetrate-istio/istiod-tid/files/gateway-injection-template.yaml b/charts/tetrate-istio/istiod-tid/files/gateway-injection-template.yaml
deleted file mode 100644
index 9ce002a5b..000000000
--- a/charts/tetrate-istio/istiod-tid/files/gateway-injection-template.yaml
+++ /dev/null
@@ -1,215 +0,0 @@
-{{- $containers := list }}
-{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
-metadata:
-  labels:
-    service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name  | quote }}
-    service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest"  | quote }}
-    istio.io/rev: {{ .Revision | default "default" | quote }}
-  annotations: {
-    {{- if eq (len $containers) 1 }}
-    kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
-    kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
-    {{ end }}
-  }
-spec:
-  containers:
-  - name: istio-proxy
-  {{- if contains "/" .Values.global.proxy.image }}
-    image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
-  {{- else }}
-    image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-  {{- end }}
-    ports:
-    - containerPort: 15090
-      protocol: TCP
-      name: http-envoy-prom
-    args:
-    - proxy
-    - router
-    - --domain
-    - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
-    - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }}
-    - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }}
-    - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}
-  {{- if .Values.global.sts.servicePort }}
-    - --stsPort={{ .Values.global.sts.servicePort }}
-  {{- end }}
-  {{- if .Values.global.logAsJson }}
-    - --log_as_json
-  {{- end }}
-  {{- if .Values.global.proxy.lifecycle }}
-    lifecycle:
-      {{ toYaml .Values.global.proxy.lifecycle | indent 6 }}
-  {{- end }}
-    env:
-    - name: JWT_POLICY
-      value: {{ .Values.global.jwtPolicy }}
-    - name: PILOT_CERT_PROVIDER
-      value: {{ .Values.global.pilotCertProvider }}
-    - name: CA_ADDR
-    {{- if .Values.global.caAddress }}
-      value: {{ .Values.global.caAddress }}
-    {{- else }}
-      value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
-    {{- end }}
-    - name: POD_NAME
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.name
-    - name: POD_NAMESPACE
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.namespace
-    - name: INSTANCE_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.podIP
-    - name: SERVICE_ACCOUNT
-      valueFrom:
-        fieldRef:
-          fieldPath: spec.serviceAccountName
-    - name: HOST_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.hostIP
-    - name: PROXY_CONFIG
-      value: |
-             {{ protoToJSON .ProxyConfig }}
-    - name: ISTIO_META_POD_PORTS
-      value: |-
-        [
-        {{- $first := true }}
-        {{- range $index1, $c := .Spec.Containers }}
-          {{- range $index2, $p := $c.Ports }}
-            {{- if (structToJSON $p) }}
-            {{if not $first}},{{end}}{{ structToJSON $p }}
-            {{- $first = false }}
-            {{- end }}
-          {{- end}}
-        {{- end}}
-        ]
-    - name: ISTIO_META_APP_CONTAINERS
-      value: "{{ $containers | join "," }}"
-    - name: ISTIO_META_CLUSTER_ID
-      value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
-    - name: ISTIO_META_INTERCEPTION_MODE
-      value: "{{ .ProxyConfig.InterceptionMode.String }}"
-    {{- if .Values.global.network }}
-    - name: ISTIO_META_NETWORK
-      value: "{{ .Values.global.network }}"
-    {{- end }}
-    {{- if .DeploymentMeta.Name }}
-    - name: ISTIO_META_WORKLOAD_NAME
-      value: "{{ .DeploymentMeta.Name }}"
-    {{ end }}
-    {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
-    - name: ISTIO_META_OWNER
-      value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
-    {{- end}}
-    {{- if .Values.global.meshID }}
-    - name: ISTIO_META_MESH_ID
-      value: "{{ .Values.global.meshID }}"
-    {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
-    - name: ISTIO_META_MESH_ID
-      value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
-    {{- end }}
-    {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain)  }}
-    - name: TRUST_DOMAIN
-      value: "{{ . }}"
-    {{- end }}
-    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-    - name: {{ $key }}
-      value: "{{ $value }}"
-    {{- end }}
-    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-    readinessProbe:
-      httpGet:
-        path: /healthz/ready
-        port: 15021
-      initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }}
-      periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }}
-      timeoutSeconds: 3
-      failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }}
-    volumeMounts:
-    {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-    - name: gke-workload-certificate
-      mountPath: /var/run/secrets/workload-spiffe-credentials
-      readOnly: true
-    {{- end }}
-    {{- if eq .Values.global.pilotCertProvider "istiod" }}
-    - mountPath: /var/run/secrets/istio
-      name: istiod-ca-cert
-    {{- end }}
-    - mountPath: /var/lib/istio/data
-      name: istio-data
-    # SDS channel between istioagent and Envoy
-    - mountPath: /etc/istio/proxy
-      name: istio-envoy
-    {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-    - mountPath: /var/run/secrets/tokens
-      name: istio-token
-    {{- end }}
-    {{- if .Values.global.mountMtlsCerts }}
-    # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-    - mountPath: /etc/certs/
-      name: istio-certs
-      readOnly: true
-    {{- end }}
-    - name: istio-podinfo
-      mountPath: /etc/istio/pod
-  volumes:
-  {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-  - name: gke-workload-certificate
-    csi:
-      driver: workloadcertificates.security.cloud.google.com
-  {{- end }}
-  # SDS channel between istioagent and Envoy
-  - emptyDir:
-      medium: Memory
-    name: istio-envoy
-  - name: istio-data
-    emptyDir: {}
-  - name: istio-podinfo
-    downwardAPI:
-      items:
-        - path: "labels"
-          fieldRef:
-            fieldPath: metadata.labels
-        - path: "annotations"
-          fieldRef:
-            fieldPath: metadata.annotations
-  {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-  - name: istio-token
-    projected:
-      sources:
-      - serviceAccountToken:
-          path: istio-token
-          expirationSeconds: 43200
-          audience: {{ .Values.global.sds.token.aud }}
-  {{- end }}
-  {{- if eq .Values.global.pilotCertProvider "istiod" }}
-  - name: istiod-ca-cert
-    configMap:
-      name: istio-ca-root-cert
-  {{- end }}
-  {{- if .Values.global.mountMtlsCerts }}
-  # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-  - name: istio-certs
-    secret:
-      optional: true
-      {{ if eq .Spec.ServiceAccountName "" }}
-      secretName: istio.default
-      {{ else -}}
-      secretName: {{  printf "istio.%s" .Spec.ServiceAccountName }}
-      {{  end -}}
-  {{- end }}
-  {{- if .Values.global.imagePullSecrets }}
-  imagePullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-    - name: {{ . }}
-    {{- end }}
-  {{- end }}
-  {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }}
-  securityContext:
-    fsGroup: 1337
-  {{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/files/gen-istio.yaml b/charts/tetrate-istio/istiod-tid/files/gen-istio.yaml
deleted file mode 100644
index d8ca33b91..000000000
--- a/charts/tetrate-istio/istiod-tid/files/gen-istio.yaml
+++ /dev/null
@@ -1,2544 +0,0 @@
----
-# Source: istiod/templates/poddisruptionbudget.yaml
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    app: istiod
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-    release: istio
-    istio: pilot
-spec:
-  minAvailable: 1
-  selector:
-    matchLabels:
-      app: istiod
-      istio: pilot
----
-# Source: istiod/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
----
-# Source: istiod/templates/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: istio
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-    release: istio
-data:
-
-  # Configuration file for the mesh networks to be used by the Split Horizon EDS.
-  meshNetworks: |-
-    networks: {}
-
-  mesh: |-
-    defaultConfig:
-      discoveryAddress: istiod.istio-system.svc:15012
-      tracing:
-        zipkin:
-          address: zipkin.istio-system:9411
-    enablePrometheusMerge: true
-    rootNamespace: istio-system
-    trustDomain: cluster.local
----
-# Source: istiod/templates/istiod-injector-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: istio-sidecar-injector
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-    release: istio
-data:
-
-  values: |-
-    {
-      "global": {
-        "caAddress": "",
-        "caName": "",
-        "configCluster": false,
-        "defaultPodDisruptionBudget": {
-          "enabled": true
-        },
-        "defaultResources": {
-          "requests": {
-            "cpu": "10m"
-          }
-        },
-        "externalIstiod": false,
-        "hub": "gcr.io/istio-testing",
-        "imagePullPolicy": "",
-        "imagePullSecrets": [],
-        "istioNamespace": "istio-system",
-        "istiod": {
-          "enableAnalysis": false
-        },
-        "jwtPolicy": "third-party-jwt",
-        "logAsJson": false,
-        "logging": {
-          "level": "default:info"
-        },
-        "meshID": "",
-        "meshNetworks": {},
-        "mountMtlsCerts": false,
-        "multiCluster": {
-          "clusterName": "",
-          "enabled": false
-        },
-        "network": "",
-        "omitSidecarInjectorConfigMap": false,
-        "oneNamespace": false,
-        "operatorManageWebhooks": false,
-        "pilotCertProvider": "istiod",
-        "priorityClassName": "",
-        "proxy": {
-          "autoInject": "enabled",
-          "clusterDomain": "cluster.local",
-          "componentLogLevel": "misc:error",
-          "enableCoreDump": false,
-          "excludeIPRanges": "",
-          "excludeInboundPorts": "",
-          "excludeOutboundPorts": "",
-          "holdApplicationUntilProxyStarts": false,
-          "image": "proxyv2",
-          "includeIPRanges": "*",
-          "includeInboundPorts": "*",
-          "includeOutboundPorts": "",
-          "logLevel": "warning",
-          "privileged": false,
-          "readinessFailureThreshold": 30,
-          "readinessInitialDelaySeconds": 1,
-          "readinessPeriodSeconds": 2,
-          "resources": {
-            "limits": {
-              "cpu": "2000m",
-              "memory": "1024Mi"
-            },
-            "requests": {
-              "cpu": "100m",
-              "memory": "128Mi"
-            }
-          },
-          "statusPort": 15020,
-          "tracer": "zipkin"
-        },
-        "proxy_init": {
-          "image": "proxyv2",
-          "resources": {
-            "limits": {
-              "cpu": "2000m",
-              "memory": "1024Mi"
-            },
-            "requests": {
-              "cpu": "10m",
-              "memory": "10Mi"
-            }
-          }
-        },
-        "remotePilotAddress": "",
-        "sds": {
-          "token": {
-            "aud": "istio-ca"
-          }
-        },
-        "sts": {
-          "servicePort": 0
-        },
-        "tag": "latest",
-        "tracer": {
-          "datadog": {
-            "address": "$(HOST_IP):8126"
-          },
-          "lightstep": {
-            "accessToken": "",
-            "address": ""
-          },
-          "stackdriver": {
-            "debug": false,
-            "maxNumberOfAnnotations": 200,
-            "maxNumberOfAttributes": 200,
-            "maxNumberOfMessageEvents": 200
-          },
-          "zipkin": {
-            "address": ""
-          }
-        },
-        "useMCP": false
-      },
-      "revision": "",
-      "sidecarInjectorWebhook": {
-        "alwaysInjectSelector": [],
-        "defaultTemplates": [],
-        "enableNamespacesByDefault": false,
-        "injectedAnnotations": {},
-        "neverInjectSelector": [],
-        "objectSelector": {
-          "autoInject": true,
-          "enabled": true
-        },
-        "rewriteAppHTTPProbe": true,
-        "templates": {}
-      }
-    }
-
-  # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching
-  # and istiod webhook functionality.
-  #
-  # New fields should not use Values - it is a 'primary' config object, users should be able
-  # to fine tune it or use it with kube-inject.
-  config: |-
-    # defaultTemplates defines the default template to use for pods that do not explicitly specify a template
-    defaultTemplates: [sidecar]
-    policy: enabled
-    alwaysInjectSelector:
-      []
-    neverInjectSelector:
-      []
-    injectedAnnotations:
-    template: "{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}"
-    templates:
-      sidecar: |
-        {{- $containers := list }}
-        {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
-        metadata:
-          labels:
-            security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio"  | quote }}
-            service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name  | quote }}
-            service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest"  | quote }}
-          annotations: {
-            {{- if eq (len $containers) 1 }}
-            kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
-            kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
-            {{ end }}
-        {{- if .Values.istio_cni.enabled }}
-            {{- if not .Values.istio_cni.chained }}
-            k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `istio-cni` }}',
-            {{- end }}
-            sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}",
-            {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }}
-            {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }}
-            {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}traffic.sidecar.istio.io/includeInboundPorts: "{{.}}",{{ end }}
-            traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}",
-            {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }}
-            traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}",
-            {{- end }}
-            {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }}
-            traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}",
-            {{- end }}
-            {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }}
-        {{- end }}
-          }
-        spec:
-          {{- $holdProxy := or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts }}
-          initContainers:
-          {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
-          {{ if .Values.istio_cni.enabled -}}
-          - name: istio-validation
-          {{ else -}}
-          - name: istio-init
-          {{ end -}}
-          {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }}
-            image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}"
-          {{- else }}
-            image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
-          {{- end }}
-            args:
-            - istio-iptables
-            - "-p"
-            - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }}
-            - "-z"
-            - "15006"
-            - "-u"
-            - "1337"
-            - "-m"
-            - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}"
-            - "-i"
-            - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}"
-            - "-x"
-            - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}"
-            - "-b"
-            - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}"
-            - "-d"
-          {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}
-            - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}"
-          {{- else }}
-            - "15090,15021"
-          {{- end }}
-            {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}}
-            - "-q"
-            - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}"
-            {{ end -}}
-            {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}}
-            - "-o"
-            - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
-            {{ end -}}
-            {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}
-            - "-k"
-            - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
-            {{ end -}}
-            {{ if .Values.istio_cni.enabled -}}
-            - "--run-validation"
-            - "--skip-rule-apply"
-            {{ end -}}
-            {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-          {{- if .ProxyConfig.ProxyMetadata }}
-            env:
-            {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-            - name: {{ $key }}
-              value: "{{ $value }}"
-            {{- end }}
-          {{- end }}
-            resources:
-          {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-            {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
-              requests:
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
-                cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
-                {{ end }}
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
-                memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
-                {{ end }}
-            {{- end }}
-            {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-              limits:
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
-                cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
-                {{ end }}
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
-                memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
-                {{ end }}
-            {{- end }}
-          {{- else }}
-            {{- if .Values.global.proxy.resources }}
-              {{ toYaml .Values.global.proxy.resources | indent 6 }}
-            {{- end }}
-          {{- end }}
-            securityContext:
-              allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }}
-              privileged: {{ .Values.global.proxy.privileged }}
-              capabilities:
-            {{- if not .Values.istio_cni.enabled }}
-                add:
-                - NET_ADMIN
-                - NET_RAW
-            {{- end }}
-                drop:
-                - ALL
-            {{- if not .Values.istio_cni.enabled }}
-              readOnlyRootFilesystem: false
-              runAsGroup: 0
-              runAsNonRoot: false
-              runAsUser: 0
-            {{- else }}
-              readOnlyRootFilesystem: true
-              runAsGroup: 1337
-              runAsUser: 1337
-              runAsNonRoot: true
-            {{- end }}
-            restartPolicy: Always
-          {{ end -}}
-          {{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }}
-          - name: enable-core-dump
-            args:
-            - -c
-            - sysctl -w kernel.core_pattern=/var/lib/istio/data/core.proxy && ulimit -c unlimited
-            command:
-              - /bin/sh
-          {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }}
-            image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}"
-          {{- else }}
-            image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
-          {{- end }}
-            {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-            resources: {}
-            securityContext:
-              allowPrivilegeEscalation: true
-              capabilities:
-                add:
-                - SYS_ADMIN
-                drop:
-                - ALL
-              privileged: true
-              readOnlyRootFilesystem: false
-              runAsGroup: 0
-              runAsNonRoot: false
-              runAsUser: 0
-          {{ end }}
-          containers:
-          - name: istio-proxy
-          {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
-            image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
-          {{- else }}
-            image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-          {{- end }}
-            ports:
-            - containerPort: 15090
-              protocol: TCP
-              name: http-envoy-prom
-            args:
-            - proxy
-            - sidecar
-            - --domain
-            - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
-            - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }}
-            - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }}
-            - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}
-          {{- if .Values.global.sts.servicePort }}
-            - --stsPort={{ .Values.global.sts.servicePort }}
-          {{- end }}
-          {{- if .Values.global.logAsJson }}
-            - --log_as_json
-          {{- end }}
-          {{- if gt .EstimatedConcurrency 0 }}
-            - --concurrency
-            - "{{ .EstimatedConcurrency }}"
-          {{- end -}}
-          {{- if .Values.global.proxy.lifecycle }}
-            lifecycle:
-              {{ toYaml .Values.global.proxy.lifecycle | indent 6 }}
-          {{- else if $holdProxy }}
-            lifecycle:
-              postStart:
-                exec:
-                  command:
-                  - pilot-agent
-                  - wait
-          {{- end }}
-            env:
-            {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }}
-            - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION
-              value: "true"
-            {{- end }}
-            - name: JWT_POLICY
-              value: {{ .Values.global.jwtPolicy }}
-            - name: PILOT_CERT_PROVIDER
-              value: {{ .Values.global.pilotCertProvider }}
-            - name: CA_ADDR
-            {{- if .Values.global.caAddress }}
-              value: {{ .Values.global.caAddress }}
-            {{- else }}
-              value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
-            {{- end }}
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: INSTANCE_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: SERVICE_ACCOUNT
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.serviceAccountName
-            - name: HOST_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: PROXY_CONFIG
-              value: |
-                     {{ protoToJSON .ProxyConfig }}
-            - name: ISTIO_META_POD_PORTS
-              value: |-
-                [
-                {{- $first := true }}
-                {{- range $index1, $c := .Spec.Containers }}
-                  {{- range $index2, $p := $c.Ports }}
-                    {{- if (structToJSON $p) }}
-                    {{if not $first}},{{end}}{{ structToJSON $p }}
-                    {{- $first = false }}
-                    {{- end }}
-                  {{- end}}
-                {{- end}}
-                ]
-            - name: ISTIO_META_APP_CONTAINERS
-              value: "{{ $containers | join "," }}"
-            - name: ISTIO_META_CLUSTER_ID
-              value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
-            - name: ISTIO_META_INTERCEPTION_MODE
-              value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
-            {{- if .Values.global.network }}
-            - name: ISTIO_META_NETWORK
-              value: "{{ .Values.global.network }}"
-            {{- end }}
-            {{- if .DeploymentMeta.Name }}
-            - name: ISTIO_META_WORKLOAD_NAME
-              value: "{{ .DeploymentMeta.Name }}"
-            {{ end }}
-            {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
-            - name: ISTIO_META_OWNER
-              value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
-            {{- end}}
-            {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
-            - name: ISTIO_BOOTSTRAP_OVERRIDE
-              value: "/etc/istio/custom-bootstrap/custom_bootstrap.json"
-            {{- end }}
-            {{- if .Values.global.meshID }}
-            - name: ISTIO_META_MESH_ID
-              value: "{{ .Values.global.meshID }}"
-            {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
-            - name: ISTIO_META_MESH_ID
-              value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
-            {{- end }}
-            {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain)  }}
-            - name: TRUST_DOMAIN
-              value: "{{ . }}"
-            {{- end }}
-            {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
-            {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
-            - name: {{ $key }}
-              value: "{{ $value }}"
-            {{- end }}
-            {{- end }}
-            {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-            - name: {{ $key }}
-              value: "{{ $value }}"
-            {{- end }}
-            {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-            {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }}
-            readinessProbe:
-              httpGet:
-                path: /healthz/ready
-                port: 15021
-              initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}
-              periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}
-              timeoutSeconds: 3
-              failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}
-            {{ end -}}
-            securityContext:
-              {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }}
-              allowPrivilegeEscalation: true
-              capabilities:
-                add:
-                - NET_ADMIN
-                drop:
-                - ALL
-              privileged: true
-              readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }}
-              runAsGroup: 1337
-              fsGroup: 1337
-              runAsNonRoot: false
-              runAsUser: 0
-              {{- else }}
-              allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }}
-              capabilities:
-                {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
-                add:
-                {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}}
-                - NET_ADMIN
-                {{- end }}
-                {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}}
-                - NET_BIND_SERVICE
-                {{- end }}
-                {{- end }}
-                drop:
-                - ALL
-              privileged: {{ .Values.global.proxy.privileged }}
-              readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }}
-              runAsGroup: 1337
-              fsGroup: 1337
-              {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
-              runAsNonRoot: false
-              runAsUser: 0
-              {{- else -}}
-              runAsNonRoot: true
-              runAsUser: 1337
-              {{- end }}
-              {{- end }}
-            resources:
-          {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-            {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
-              requests:
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
-                cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
-                {{ end }}
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
-                memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
-                {{ end }}
-            {{- end }}
-            {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-              limits:
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
-                cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
-                {{ end }}
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
-                memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
-                {{ end }}
-            {{- end }}
-          {{- else }}
-            {{- if .Values.global.proxy.resources }}
-              {{ toYaml .Values.global.proxy.resources | indent 6 }}
-            {{- end }}
-          {{- end }}
-            volumeMounts:
-            {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-            - name: gke-workload-certificate
-              mountPath: /var/run/secrets/workload-spiffe-credentials
-              readOnly: true
-            {{- end }}
-            {{- if eq .Values.global.pilotCertProvider "istiod" }}
-            - mountPath: /var/run/secrets/istio
-              name: istiod-ca-cert
-            {{- end }}
-            - mountPath: /var/lib/istio/data
-              name: istio-data
-            {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
-            - mountPath: /etc/istio/custom-bootstrap
-              name: custom-bootstrap-volume
-            {{- end }}
-            # SDS channel between istioagent and Envoy
-            - mountPath: /etc/istio/proxy
-              name: istio-envoy
-            {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-            - mountPath: /var/run/secrets/tokens
-              name: istio-token
-            {{- end }}
-            {{- if .Values.global.mountMtlsCerts }}
-            # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-            - mountPath: /etc/certs/
-              name: istio-certs
-              readOnly: true
-            {{- end }}
-            - name: istio-podinfo
-              mountPath: /etc/istio/pod
-             {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }}
-            - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }}
-              name: lightstep-certs
-              readOnly: true
-            {{- end }}
-              {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}
-              {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}
-            - name: "{{  $index }}"
-              {{ toYaml $value | indent 6 }}
-              {{ end }}
-              {{- end }}
-          volumes:
-          {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-          - name: gke-workload-certificate
-            csi:
-              driver: workloadcertificates.security.cloud.google.com
-          {{- end }}
-          {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
-          - name: custom-bootstrap-volume
-            configMap:
-              name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }}
-          {{- end }}
-          # SDS channel between istioagent and Envoy
-          - emptyDir:
-              medium: Memory
-            name: istio-envoy
-          - name: istio-data
-            emptyDir: {}
-          - name: istio-podinfo
-            downwardAPI:
-              items:
-                - path: "labels"
-                  fieldRef:
-                    fieldPath: metadata.labels
-                - path: "annotations"
-                  fieldRef:
-                    fieldPath: metadata.annotations
-          {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-          - name: istio-token
-            projected:
-              sources:
-              - serviceAccountToken:
-                  path: istio-token
-                  expirationSeconds: 43200
-                  audience: {{ .Values.global.sds.token.aud }}
-          {{- end }}
-          {{- if eq .Values.global.pilotCertProvider "istiod" }}
-          - name: istiod-ca-cert
-            configMap:
-              name: istio-ca-root-cert
-          {{- end }}
-          {{- if .Values.global.mountMtlsCerts }}
-          # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-          - name: istio-certs
-            secret:
-              optional: true
-              {{ if eq .Spec.ServiceAccountName "" }}
-              secretName: istio.default
-              {{ else -}}
-              secretName: {{  printf "istio.%s" .Spec.ServiceAccountName }}
-              {{  end -}}
-          {{- end }}
-            {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}
-            {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}
-          - name: "{{ $index }}"
-            {{ toYaml $value | indent 4 }}
-            {{ end }}
-            {{ end }}
-          {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }}
-          - name: lightstep-certs
-            secret:
-              optional: true
-              secretName: lightstep.cacert
-          {{- end }}
-          {{- if .Values.global.imagePullSecrets }}
-          imagePullSecrets:
-            {{- range .Values.global.imagePullSecrets }}
-            - name: {{ . }}
-            {{- end }}
-          {{- end }}
-          {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }}
-          securityContext:
-            fsGroup: 1337
-          {{- end }}
-      gateway: |
-        {{- $containers := list }}
-        {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
-        metadata:
-          labels:
-            service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name  | quote }}
-            service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest"  | quote }}
-            istio.io/rev: {{ .Revision | default "default" | quote }}
-          annotations: {
-            {{- if eq (len $containers) 1 }}
-            kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
-            kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
-            {{ end }}
-          }
-        spec:
-          containers:
-          - name: istio-proxy
-          {{- if contains "/" .Values.global.proxy.image }}
-            image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
-          {{- else }}
-            image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-          {{- end }}
-            ports:
-            - containerPort: 15090
-              protocol: TCP
-              name: http-envoy-prom
-            args:
-            - proxy
-            - router
-            - --domain
-            - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
-            - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }}
-            - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }}
-            - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}
-          {{- if .Values.global.sts.servicePort }}
-            - --stsPort={{ .Values.global.sts.servicePort }}
-          {{- end }}
-          {{- if .Values.global.logAsJson }}
-            - --log_as_json
-          {{- end }}
-          {{- if .Values.global.proxy.lifecycle }}
-            lifecycle:
-              {{ toYaml .Values.global.proxy.lifecycle | indent 6 }}
-          {{- end }}
-            env:
-            - name: JWT_POLICY
-              value: {{ .Values.global.jwtPolicy }}
-            - name: PILOT_CERT_PROVIDER
-              value: {{ .Values.global.pilotCertProvider }}
-            - name: CA_ADDR
-            {{- if .Values.global.caAddress }}
-              value: {{ .Values.global.caAddress }}
-            {{- else }}
-              value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
-            {{- end }}
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: INSTANCE_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: SERVICE_ACCOUNT
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.serviceAccountName
-            - name: HOST_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: PROXY_CONFIG
-              value: |
-                     {{ protoToJSON .ProxyConfig }}
-            - name: ISTIO_META_POD_PORTS
-              value: |-
-                [
-                {{- $first := true }}
-                {{- range $index1, $c := .Spec.Containers }}
-                  {{- range $index2, $p := $c.Ports }}
-                    {{- if (structToJSON $p) }}
-                    {{if not $first}},{{end}}{{ structToJSON $p }}
-                    {{- $first = false }}
-                    {{- end }}
-                  {{- end}}
-                {{- end}}
-                ]
-            - name: ISTIO_META_APP_CONTAINERS
-              value: "{{ $containers | join "," }}"
-            - name: ISTIO_META_CLUSTER_ID
-              value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
-            - name: ISTIO_META_INTERCEPTION_MODE
-              value: "{{ .ProxyConfig.InterceptionMode.String }}"
-            {{- if .Values.global.network }}
-            - name: ISTIO_META_NETWORK
-              value: "{{ .Values.global.network }}"
-            {{- end }}
-            {{- if .DeploymentMeta.Name }}
-            - name: ISTIO_META_WORKLOAD_NAME
-              value: "{{ .DeploymentMeta.Name }}"
-            {{ end }}
-            {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
-            - name: ISTIO_META_OWNER
-              value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
-            {{- end}}
-            {{- if .Values.global.meshID }}
-            - name: ISTIO_META_MESH_ID
-              value: "{{ .Values.global.meshID }}"
-            {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
-            - name: ISTIO_META_MESH_ID
-              value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
-            {{- end }}
-            {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain)  }}
-            - name: TRUST_DOMAIN
-              value: "{{ . }}"
-            {{- end }}
-            {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-            - name: {{ $key }}
-              value: "{{ $value }}"
-            {{- end }}
-            {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-            readinessProbe:
-              httpGet:
-                path: /healthz/ready
-                port: 15021
-              initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }}
-              periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }}
-              timeoutSeconds: 3
-              failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }}
-            volumeMounts:
-            {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-            - name: gke-workload-certificate
-              mountPath: /var/run/secrets/workload-spiffe-credentials
-              readOnly: true
-            {{- end }}
-            {{- if eq .Values.global.pilotCertProvider "istiod" }}
-            - mountPath: /var/run/secrets/istio
-              name: istiod-ca-cert
-            {{- end }}
-            - mountPath: /var/lib/istio/data
-              name: istio-data
-            # SDS channel between istioagent and Envoy
-            - mountPath: /etc/istio/proxy
-              name: istio-envoy
-            {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-            - mountPath: /var/run/secrets/tokens
-              name: istio-token
-            {{- end }}
-            {{- if .Values.global.mountMtlsCerts }}
-            # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-            - mountPath: /etc/certs/
-              name: istio-certs
-              readOnly: true
-            {{- end }}
-            - name: istio-podinfo
-              mountPath: /etc/istio/pod
-          volumes:
-          {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-          - name: gke-workload-certificate
-            csi:
-              driver: workloadcertificates.security.cloud.google.com
-          {{- end }}
-          # SDS channel between istioagent and Envoy
-          - emptyDir:
-              medium: Memory
-            name: istio-envoy
-          - name: istio-data
-            emptyDir: {}
-          - name: istio-podinfo
-            downwardAPI:
-              items:
-                - path: "labels"
-                  fieldRef:
-                    fieldPath: metadata.labels
-                - path: "annotations"
-                  fieldRef:
-                    fieldPath: metadata.annotations
-          {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-          - name: istio-token
-            projected:
-              sources:
-              - serviceAccountToken:
-                  path: istio-token
-                  expirationSeconds: 43200
-                  audience: {{ .Values.global.sds.token.aud }}
-          {{- end }}
-          {{- if eq .Values.global.pilotCertProvider "istiod" }}
-          - name: istiod-ca-cert
-            configMap:
-              name: istio-ca-root-cert
-          {{- end }}
-          {{- if .Values.global.mountMtlsCerts }}
-          # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-          - name: istio-certs
-            secret:
-              optional: true
-              {{ if eq .Spec.ServiceAccountName "" }}
-              secretName: istio.default
-              {{ else -}}
-              secretName: {{  printf "istio.%s" .Spec.ServiceAccountName }}
-              {{  end -}}
-          {{- end }}
-          {{- if .Values.global.imagePullSecrets }}
-          imagePullSecrets:
-            {{- range .Values.global.imagePullSecrets }}
-            - name: {{ . }}
-            {{- end }}
-          {{- end }}
-          {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }}
-          securityContext:
-            fsGroup: 1337
-          {{- end }}
-      grpc-simple: |
-        metadata:
-          sidecar.istio.io/rewriteAppHTTPProbers: "false"
-        spec:
-          initContainers:
-            - name: grpc-bootstrap-init
-              image: busybox:1.28
-              volumeMounts:
-                - mountPath: /var/lib/grpc/data/
-                  name: grpc-io-proxyless-bootstrap
-              env:
-                - name: INSTANCE_IP
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: status.podIP
-                - name: POD_NAME
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.name
-                - name: POD_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.namespace
-                - name: ISTIO_NAMESPACE
-                  value: |
-                     {{ .Values.global.istioNamespace }}
-              command:
-                - sh
-                - "-c"
-                - |-
-                  NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local"
-                  SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010"
-                  echo '
-                  {
-                    "xds_servers": [
-                      {
-                        "server_uri": "'${SERVER_URI}'",
-                        "channel_creds": [{"type": "insecure"}],
-                        "server_features" : ["xds_v3"]
-                      }
-                    ],
-                    "node": {
-                      "id": "'${NODE_ID}'",
-                      "metadata": {
-                        "GENERATOR": "grpc"
-                      }
-                    }
-                  }' > /var/lib/grpc/data/bootstrap.json
-          containers:
-          {{- range $index, $container := .Spec.Containers }}
-          - name: {{ $container.Name }}
-            env:
-              - name: GRPC_XDS_BOOTSTRAP
-                value: /var/lib/grpc/data/bootstrap.json
-              - name: GRPC_GO_LOG_VERBOSITY_LEVEL
-                value: "99"
-              - name: GRPC_GO_LOG_SEVERITY_LEVEL
-                value: info
-            volumeMounts:
-              - mountPath: /var/lib/grpc/data/
-                name: grpc-io-proxyless-bootstrap
-          {{- end }}
-          volumes:
-            - name: grpc-io-proxyless-bootstrap
-              emptyDir: {}
-      grpc-agent: |
-        {{- $containers := list }}
-        {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
-        metadata:
-          annotations: {
-            {{- if eq (len $containers) 1 }}
-            kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
-            kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
-            {{ end }}
-            sidecar.istio.io/rewriteAppHTTPProbers: "false",
-          }
-        spec:
-          containers:
-          {{- range $index, $container := .Spec.Containers  }}
-          {{ if not (eq $container.Name "istio-proxy") }}
-          - name: {{ $container.Name }}
-            env:
-            - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"
-              value: "true"
-            - name: "GRPC_XDS_BOOTSTRAP"
-              value: "/etc/istio/proxy/grpc-bootstrap.json"
-            volumeMounts:
-            - mountPath: /var/lib/istio/data
-              name: istio-data
-            # UDS channel between istioagent and gRPC client for XDS/SDS
-            - mountPath: /etc/istio/proxy
-              name: istio-xds
-          {{- end }}
-          {{- end }}
-          - name: istio-proxy
-          {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
-            image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
-          {{- else }}
-            image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-          {{- end }}
-            args:
-            - proxy
-            - sidecar
-            - --domain
-            - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
-            - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}
-          {{- if .Values.global.sts.servicePort }}
-            - --stsPort={{ .Values.global.sts.servicePort }}
-          {{- end }}
-          {{- if .Values.global.logAsJson }}
-            - --log_as_json
-          {{- end }}
-            env:
-            - name: ISTIO_META_GENERATOR
-              value: grpc
-            - name: OUTPUT_CERTS
-              value: /var/lib/istio/data
-            {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }}
-            - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION
-              value: "true"
-            {{- end }}
-            - name: JWT_POLICY
-              value: {{ .Values.global.jwtPolicy }}
-            - name: PILOT_CERT_PROVIDER
-              value: {{ .Values.global.pilotCertProvider }}
-            - name: CA_ADDR
-            {{- if .Values.global.caAddress }}
-              value: {{ .Values.global.caAddress }}
-            {{- else }}
-              value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
-            {{- end }}
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: INSTANCE_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: SERVICE_ACCOUNT
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.serviceAccountName
-            - name: HOST_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: PROXY_CONFIG
-              value: |
-                     {{ protoToJSON .ProxyConfig }}
-            - name: ISTIO_META_POD_PORTS
-              value: |-
-                [
-                {{- $first := true }}
-                {{- range $index1, $c := .Spec.Containers }}
-                  {{- range $index2, $p := $c.Ports }}
-                    {{- if (structToJSON $p) }}
-                    {{if not $first}},{{end}}{{ structToJSON $p }}
-                    {{- $first = false }}
-                    {{- end }}
-                  {{- end}}
-                {{- end}}
-                ]
-            - name: ISTIO_META_APP_CONTAINERS
-              value: "{{ $containers | join "," }}"
-            - name: ISTIO_META_CLUSTER_ID
-              value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
-            - name: ISTIO_META_INTERCEPTION_MODE
-              value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
-            {{- if .Values.global.network }}
-            - name: ISTIO_META_NETWORK
-              value: "{{ .Values.global.network }}"
-            {{- end }}
-            {{- if .DeploymentMeta.Name }}
-            - name: ISTIO_META_WORKLOAD_NAME
-              value: "{{ .DeploymentMeta.Name }}"
-            {{ end }}
-            {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
-            - name: ISTIO_META_OWNER
-              value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
-            {{- end}}
-            {{- if .Values.global.meshID }}
-            - name: ISTIO_META_MESH_ID
-              value: "{{ .Values.global.meshID }}"
-            {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
-            - name: ISTIO_META_MESH_ID
-              value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
-            {{- end }}
-            {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain)  }}
-            - name: TRUST_DOMAIN
-              value: "{{ . }}"
-            {{- end }}
-            {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-            - name: {{ $key }}
-              value: "{{ $value }}"
-            {{- end }}
-            # grpc uses xds:/// to resolve – no need to resolve VIP
-            - name: ISTIO_META_DNS_CAPTURE
-              value: "false"
-            - name: DISABLE_ENVOY
-              value: "true"
-            {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-            {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }}
-            readinessProbe:
-              httpGet:
-                path: /healthz/ready
-                port: {{ .Values.global.proxy.statusPort }}
-              initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}
-              periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}
-              timeoutSeconds: 3
-              failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}
-            {{ end -}}
-            resources:
-          {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-            {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
-              requests:
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
-                cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
-                {{ end }}
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
-                memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
-                {{ end }}
-            {{- end }}
-            {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-              limits:
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
-                cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
-                {{ end }}
-                {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
-                memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
-                {{ end }}
-            {{- end }}
-          {{- else }}
-            {{- if .Values.global.proxy.resources }}
-              {{ toYaml .Values.global.proxy.resources | indent 6 }}
-            {{- end }}
-          {{- end }}
-            volumeMounts:
-            {{- if eq .Values.global.pilotCertProvider "istiod" }}
-            - mountPath: /var/run/secrets/istio
-              name: istiod-ca-cert
-            {{- end }}
-            - mountPath: /var/lib/istio/data
-              name: istio-data
-            # UDS channel between istioagent and gRPC client for XDS/SDS
-            - mountPath: /etc/istio/proxy
-              name: istio-xds
-            {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-            - mountPath: /var/run/secrets/tokens
-              name: istio-token
-            {{- end }}
-            - name: istio-podinfo
-              mountPath: /etc/istio/pod
-            {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}
-            {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}
-            - name: "{{  $index }}"
-            {{ toYaml $value | indent 6 }}
-            {{ end }}
-            {{- end }}
-          volumes:
-          # UDS channel between istioagent and gRPC client for XDS/SDS
-          - emptyDir:
-              medium: Memory
-            name: istio-xds
-          - name: istio-data
-            emptyDir: {}
-          - name: istio-podinfo
-            downwardAPI:
-              items:
-                - path: "labels"
-                  fieldRef:
-                    fieldPath: metadata.labels
-                - path: "annotations"
-                  fieldRef:
-                    fieldPath: metadata.annotations
-        {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-          - name: istio-token
-            projected:
-              sources:
-              - serviceAccountToken:
-                  path: istio-token
-                  expirationSeconds: 43200
-                  audience: {{ .Values.global.sds.token.aud }}
-        {{- end }}
-          {{- if eq .Values.global.pilotCertProvider "istiod" }}
-          - name: istiod-ca-cert
-            configMap:
-              name: istio-ca-root-cert
-          {{- end }}
-          {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}
-          {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}
-          - name: "{{ $index }}"
-          {{ toYaml $value | indent 4 }}
-          {{ end }}
-          {{ end }}
----
-# Source: istiod/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-clusterrole-istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-  # sidecar injection controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-
-  # configuration validation webhook controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-
-  # istio configuration
-  # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
-  # please proceed with caution
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"]
-    verbs: ["get", "watch", "list"]
-    resources: ["*"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries/status" ]
-
-  # auto-detect installed CRD definitions
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-
-  # discovery and routing
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-
-  # ingress controller
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-
-  # required for CA's namespace controller
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-
-  # Istiod and bootstrap.
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs: ["update", "create", "get", "delete", "watch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "signers"
-    resourceNames:
-    - "kubernetes.io/legacy-unknown"
-    verbs: ["approve"]
-
-  # Used by Istiod to verify the JWT tokens
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-
-  # Used by Istiod to verify gateway SDS
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
-  # Use for Kubernetes Service APIs
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"] # TODO: should be on just */status but wildcard is not supported
-    verbs: ["update", "patch"]
-
-  # Needed for multicluster secret reading, possibly ingress certs in the future
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "watch", "list"]
-
-  # Used for MCS serviceexport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: [ "get", "watch", "list", "create", "delete"]
-
-  # Used for MCS serviceimport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-# Source: istiod/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-gateway-controller-istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-  - apiGroups: ["apps"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "deployments" ]
-  - apiGroups: [""]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "services" ]
----
-# Source: istiod/templates/reader-clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istio-reader-clusterrole-istio-system
-  labels:
-    app: istio-reader
-    release: istio
-rules:
-  - apiGroups:
-      - "config.istio.io"
-      - "security.istio.io"
-      - "networking.istio.io"
-      - "authentication.istio.io"
-      - "rbac.istio.io"
-    resources: ["*"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
----
-# Source: istiod/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-clusterrole-istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-clusterrole-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istiod
-    namespace: istio-system
----
-# Source: istiod/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-gateway-controller-istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-gateway-controller-istio-system
-subjects:
-- kind: ServiceAccount
-  name: istiod
-  namespace: istio-system
----
-# Source: istiod/templates/reader-clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istio-reader-clusterrole-istio-system
-  labels:
-    app: istio-reader
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istio-reader-clusterrole-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istio-reader-service-account
-    namespace: istio-system
----
-# Source: istiod/templates/role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-# permissions to verify the webhook is ready and rejecting
-# invalid config. We use --server-dry-run so no config is persisted.
-- apiGroups: ["networking.istio.io"]
-  verbs: ["create"]
-  resources: ["gateways"]
-
-# For storing CA secret
-- apiGroups: [""]
-  resources: ["secrets"]
-  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
-  verbs: ["create", "get", "watch", "list", "update", "delete"]
----
-# Source: istiod/templates/rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: istiod
-subjects:
-  - kind: ServiceAccount
-    name: istiod
-    namespace: istio-system
----
-# Source: istiod/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-    app: istiod
-    istio: pilot
-    release: istio
-spec:
-  ports:
-    - port: 15010
-      name: grpc-xds # plaintext
-      protocol: TCP
-    - port: 15012
-      name: https-dns # mTLS with k8s-signed cert
-      protocol: TCP
-    - port: 443
-      name: https-webhook # validation and injection
-      targetPort: 15017
-      protocol: TCP
-    - port: 15014
-      name: http-monitoring # prometheus stats
-      protocol: TCP
-  selector:
-    app: istiod
-    # Label used by the 'default' service. For versioned deployments we match with app and version.
-    # This avoids default deployment picking the canary
-    istio: pilot
----
-# Source: istiod/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    app: istiod
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-    istio: pilot
-    release: istio
-spec:
-  strategy:
-    rollingUpdate:
-      maxSurge: 100%
-      maxUnavailable: 25%
-  selector:
-    matchLabels:
-      istio: pilot
-  template:
-    metadata:
-      labels:
-        app: istiod
-        istio.io/rev: default
-        install.operator.istio.io/owning-resource: unknown
-        sidecar.istio.io/inject: "false"
-        operator.istio.io/component: "Pilot"
-        istio: pilot
-      annotations:
-        prometheus.io/port: "15014"
-        prometheus.io/scrape: "true"
-        sidecar.istio.io/inject: "false"
-    spec:
-      serviceAccountName: istiod
-      securityContext:
-        fsGroup: 1337
-      containers:
-        - name: discovery
-          image: "gcr.io/istio-testing/pilot:latest"
-          args:
-          - "discovery"
-          - --monitoringAddr=:15014
-          - --log_output_level=default:info
-          - --domain
-          - cluster.local
-          - --keepaliveMaxServerConnectionAge
-          - "30m"
-          ports:
-          - containerPort: 8080
-            protocol: TCP
-          - containerPort: 15010
-            protocol: TCP
-          - containerPort: 15017
-            protocol: TCP
-          readinessProbe:
-            httpGet:
-              path: /ready
-              port: 8080
-            initialDelaySeconds: 1
-            periodSeconds: 3
-            timeoutSeconds: 5
-          env:
-          - name: REVISION
-            value: "default"
-          - name: JWT_POLICY
-            value: third-party-jwt
-          - name: PILOT_CERT_PROVIDER
-            value: istiod
-          - name: POD_NAME
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.name
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-          - name: SERVICE_ACCOUNT
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: spec.serviceAccountName
-          - name: KUBECONFIG
-            value: /var/run/secrets/remote/config
-          - name: PILOT_TRACE_SAMPLING
-            value: "1"
-          - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
-            value: "true"
-          - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
-            value: "true"
-          - name: ISTIOD_ADDR
-            value: istiod.istio-system.svc:15012
-          - name: PILOT_ENABLE_ANALYSIS
-            value: "false"
-          - name: CLUSTER_ID
-            value: "Kubernetes"
-          resources:
-            requests:
-              cpu: 500m
-              memory: 2048Mi
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsUser: 1337
-            runAsGroup: 1337
-            runAsNonRoot: true
-            capabilities:
-              drop:
-              - ALL
-          volumeMounts:
-          - name: istio-token
-            mountPath: /var/run/secrets/tokens
-            readOnly: true
-          - name: local-certs
-            mountPath: /var/run/secrets/istio-dns
-          - name: cacerts
-            mountPath: /etc/cacerts
-            readOnly: true
-          - name: istio-kubeconfig
-            mountPath: /var/run/secrets/remote
-            readOnly: true
-      volumes:
-      # Technically not needed on this pod - but it helps debugging/testing SDS
-      # Should be removed after everything works.
-      - emptyDir:
-          medium: Memory
-        name: local-certs
-      - name: istio-token
-        projected:
-          sources:
-            - serviceAccountToken:
-                audience: istio-ca
-                expirationSeconds: 43200
-                path: istio-token
-      # Optional: user-generated root
-      - name: cacerts
-        secret:
-          secretName: cacerts
-          optional: true
-      - name: istio-kubeconfig
-        secret:
-          secretName: istio-kubeconfig
-          optional: true
----
-# Source: istiod/templates/autoscale.yaml
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: istiod
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-spec:
-  maxReplicas: 5
-  minReplicas: 1
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: istiod
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      targetAverageUtilization: 80
----
-# Source: istiod/templates/revision-tags.yaml
-# Adapted from istio-discovery/templates/mutatingwebhook.yaml
-# Removed paths for legacy and default selectors since a revision tag
-# is inherently created from a specific revision
----
-# Source: istiod/templates/telemetryv2_1.10.yaml
-# Note: http stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stats-filter-1.10
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true,
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                vm_config:
-                  vm_id: stats_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true
-                    }
-                vm_config:
-                  vm_id: stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
----
-# Source: istiod/templates/telemetryv2_1.10.yaml
-# Note: tcp stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stats-filter-1.10
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-spec:
-  configPatches:
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                vm_config:
-                  vm_id: tcp_stats_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-    - applyTo: NETWORK_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
----
-# Source: istiod/templates/telemetryv2_1.11.yaml
-# Note: http stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stats-filter-1.11
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true,
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                vm_config:
-                  vm_id: stats_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true
-                    }
-                vm_config:
-                  vm_id: stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
----
-# Source: istiod/templates/telemetryv2_1.11.yaml
-# Note: tcp stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stats-filter-1.11
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-spec:
-  configPatches:
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                vm_config:
-                  vm_id: tcp_stats_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-    - applyTo: NETWORK_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
----
-# Source: istiod/templates/telemetryv2_1.12.yaml
-# Note: http stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stats-filter-1.12
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true,
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                vm_config:
-                  vm_id: stats_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true
-                    }
-                vm_config:
-                  vm_id: stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
----
-# Source: istiod/templates/telemetryv2_1.12.yaml
-# Note: tcp stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stats-filter-1.12
-  namespace: istio-system
-  labels:
-    istio.io/rev: default
-spec:
-  configPatches:
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                vm_config:
-                  vm_id: tcp_stats_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-    - applyTo: NETWORK_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
----
-# Source: istiod/templates/mutatingwebhook.yaml
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: istio-sidecar-injector
-  labels:
-    istio.io/rev: default
-    install.operator.istio.io/owning-resource: unknown
-    operator.istio.io/component: "Pilot"
-    app: sidecar-injector
-    release: istio
-webhooks:
-- name: rev.namespace.sidecar-injector.istio.io
-  clientConfig:
-    service:
-      name: istiod
-      namespace: istio-system
-      path: "/inject"
-      port: 443
-    caBundle: ""
-  sideEffects: None
-  rules:
-  - operations: [ "CREATE" ]
-    apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-  failurePolicy: Fail
-  admissionReviewVersions: ["v1beta1", "v1"]
-  namespaceSelector:
-    matchExpressions:
-    - key: istio.io/rev
-      operator: In
-      values:
-      - "default"
-    - key: istio-injection
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-- name: rev.object.sidecar-injector.istio.io
-  clientConfig:
-    service:
-      name: istiod
-      namespace: istio-system
-      path: "/inject"
-      port: 443
-    caBundle: ""
-  sideEffects: None
-  rules:
-  - operations: [ "CREATE" ]
-    apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-  failurePolicy: Fail
-  admissionReviewVersions: ["v1beta1", "v1"]
-  namespaceSelector:
-    matchExpressions:
-    - key: istio.io/rev
-      operator: DoesNotExist
-    - key: istio-injection
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-    - key: istio.io/rev
-      operator: In
-      values:
-      - "default"
-- name: namespace.sidecar-injector.istio.io
-  clientConfig:
-    service:
-      name: istiod
-      namespace: istio-system
-      path: "/inject"
-      port: 443
-    caBundle: ""
-  sideEffects: None
-  rules:
-  - operations: [ "CREATE" ]
-    apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-  failurePolicy: Fail
-  admissionReviewVersions: ["v1beta1", "v1"]
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: In
-      values:
-      - enabled
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-- name: object.sidecar-injector.istio.io
-  clientConfig:
-    service:
-      name: istiod
-      namespace: istio-system
-      path: "/inject"
-      port: 443
-    caBundle: ""
-  sideEffects: None
-  rules:
-  - operations: [ "CREATE" ]
-    apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-  failurePolicy: Fail
-  admissionReviewVersions: ["v1beta1", "v1"]
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: In
-      values:
-      - "true"
-    - key: istio.io/rev
-      operator: DoesNotExist
diff --git a/charts/tetrate-istio/istiod-tid/files/grpc-agent.yaml b/charts/tetrate-istio/istiod-tid/files/grpc-agent.yaml
deleted file mode 100644
index 547e03e0c..000000000
--- a/charts/tetrate-istio/istiod-tid/files/grpc-agent.yaml
+++ /dev/null
@@ -1,233 +0,0 @@
-{{- $containers := list }}
-{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
-metadata:
-  annotations: {
-    {{- if eq (len $containers) 1 }}
-    kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
-    kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
-    {{ end }}
-    sidecar.istio.io/rewriteAppHTTPProbers: "false",
-  }
-spec:
-  containers:
-  {{- range $index, $container := .Spec.Containers  }}
-  {{ if not (eq $container.Name "istio-proxy") }}
-  - name: {{ $container.Name }}
-    env:
-    - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"
-      value: "true"
-    - name: "GRPC_XDS_BOOTSTRAP"
-      value: "/etc/istio/proxy/grpc-bootstrap.json"
-    volumeMounts:
-    - mountPath: /var/lib/istio/data
-      name: istio-data
-    # UDS channel between istioagent and gRPC client for XDS/SDS
-    - mountPath: /etc/istio/proxy
-      name: istio-xds
-  {{- end }}
-  {{- end }}
-  - name: istio-proxy
-  {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
-    image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
-  {{- else }}
-    image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-  {{- end }}
-    args:
-    - proxy
-    - sidecar
-    - --domain
-    - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
-    - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}
-  {{- if .Values.global.sts.servicePort }}
-    - --stsPort={{ .Values.global.sts.servicePort }}
-  {{- end }}
-  {{- if .Values.global.logAsJson }}
-    - --log_as_json
-  {{- end }}
-    env:
-    - name: ISTIO_META_GENERATOR
-      value: grpc
-    - name: OUTPUT_CERTS
-      value: /var/lib/istio/data
-    {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }}
-    - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION
-      value: "true"
-    {{- end }}
-    - name: JWT_POLICY
-      value: {{ .Values.global.jwtPolicy }}
-    - name: PILOT_CERT_PROVIDER
-      value: {{ .Values.global.pilotCertProvider }}
-    - name: CA_ADDR
-    {{- if .Values.global.caAddress }}
-      value: {{ .Values.global.caAddress }}
-    {{- else }}
-      value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
-    {{- end }}
-    - name: POD_NAME
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.name
-    - name: POD_NAMESPACE
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.namespace
-    - name: INSTANCE_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.podIP
-    - name: SERVICE_ACCOUNT
-      valueFrom:
-        fieldRef:
-          fieldPath: spec.serviceAccountName
-    - name: HOST_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.hostIP
-    - name: PROXY_CONFIG
-      value: |
-             {{ protoToJSON .ProxyConfig }}
-    - name: ISTIO_META_POD_PORTS
-      value: |-
-        [
-        {{- $first := true }}
-        {{- range $index1, $c := .Spec.Containers }}
-          {{- range $index2, $p := $c.Ports }}
-            {{- if (structToJSON $p) }}
-            {{if not $first}},{{end}}{{ structToJSON $p }}
-            {{- $first = false }}
-            {{- end }}
-          {{- end}}
-        {{- end}}
-        ]
-    - name: ISTIO_META_APP_CONTAINERS
-      value: "{{ $containers | join "," }}"
-    - name: ISTIO_META_CLUSTER_ID
-      value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
-    - name: ISTIO_META_INTERCEPTION_MODE
-      value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
-    {{- if .Values.global.network }}
-    - name: ISTIO_META_NETWORK
-      value: "{{ .Values.global.network }}"
-    {{- end }}
-    {{- if .DeploymentMeta.Name }}
-    - name: ISTIO_META_WORKLOAD_NAME
-      value: "{{ .DeploymentMeta.Name }}"
-    {{ end }}
-    {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
-    - name: ISTIO_META_OWNER
-      value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
-    {{- end}}
-    {{- if .Values.global.meshID }}
-    - name: ISTIO_META_MESH_ID
-      value: "{{ .Values.global.meshID }}"
-    {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
-    - name: ISTIO_META_MESH_ID
-      value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
-    {{- end }}
-    {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain)  }}
-    - name: TRUST_DOMAIN
-      value: "{{ . }}"
-    {{- end }}
-    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-    - name: {{ $key }}
-      value: "{{ $value }}"
-    {{- end }}
-    # grpc uses xds:/// to resolve – no need to resolve VIP
-    - name: ISTIO_META_DNS_CAPTURE
-      value: "false"
-    - name: DISABLE_ENVOY
-      value: "true"
-    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-    {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }}
-    readinessProbe:
-      httpGet:
-        path: /healthz/ready
-        port: {{ .Values.global.proxy.statusPort }}
-      initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}
-      periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}
-      timeoutSeconds: 3
-      failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}
-    {{ end -}}
-    resources:
-  {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
-      requests:
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
-        cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
-        {{ end }}
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
-        memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
-        {{ end }}
-    {{- end }}
-    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-      limits:
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
-        cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
-        {{ end }}
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
-        memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
-        {{ end }}
-    {{- end }}
-  {{- else }}
-    {{- if .Values.global.proxy.resources }}
-      {{ toYaml .Values.global.proxy.resources | indent 6 }}
-    {{- end }}
-  {{- end }}
-    volumeMounts:
-    {{- if eq .Values.global.pilotCertProvider "istiod" }}
-    - mountPath: /var/run/secrets/istio
-      name: istiod-ca-cert
-    {{- end }}
-    - mountPath: /var/lib/istio/data
-      name: istio-data
-    # UDS channel between istioagent and gRPC client for XDS/SDS
-    - mountPath: /etc/istio/proxy
-      name: istio-xds
-    {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-    - mountPath: /var/run/secrets/tokens
-      name: istio-token
-    {{- end }}
-    - name: istio-podinfo
-      mountPath: /etc/istio/pod
-    {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}
-    {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}
-    - name: "{{  $index }}"
-    {{ toYaml $value | indent 6 }}
-    {{ end }}
-    {{- end }}
-  volumes:
-  # UDS channel between istioagent and gRPC client for XDS/SDS
-  - emptyDir:
-      medium: Memory
-    name: istio-xds
-  - name: istio-data
-    emptyDir: {}
-  - name: istio-podinfo
-    downwardAPI:
-      items:
-        - path: "labels"
-          fieldRef:
-            fieldPath: metadata.labels
-        - path: "annotations"
-          fieldRef:
-            fieldPath: metadata.annotations
-{{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-  - name: istio-token
-    projected:
-      sources:
-      - serviceAccountToken:
-          path: istio-token
-          expirationSeconds: 43200
-          audience: {{ .Values.global.sds.token.aud }}
-{{- end }}
-  {{- if eq .Values.global.pilotCertProvider "istiod" }}
-  - name: istiod-ca-cert
-    configMap:
-      name: istio-ca-root-cert
-  {{- end }}
-  {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}
-  {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}
-  - name: "{{ $index }}"
-  {{ toYaml $value | indent 4 }}
-  {{ end }}
-  {{ end }}
diff --git a/charts/tetrate-istio/istiod-tid/files/grpc-simple.yaml b/charts/tetrate-istio/istiod-tid/files/grpc-simple.yaml
deleted file mode 100644
index 4346a41c6..000000000
--- a/charts/tetrate-istio/istiod-tid/files/grpc-simple.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-metadata:
-  sidecar.istio.io/rewriteAppHTTPProbers: "false"
-spec:
-  initContainers:
-    - name: grpc-bootstrap-init
-      image: busybox:1.28
-      volumeMounts:
-        - mountPath: /var/lib/grpc/data/
-          name: grpc-io-proxyless-bootstrap
-      env:
-        - name: INSTANCE_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: ISTIO_NAMESPACE
-          value: |
-             {{ .Values.global.istioNamespace }}
-      command:
-        - sh
-        - "-c"
-        - |-
-          NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local"
-          SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010"
-          echo '
-          {
-            "xds_servers": [
-              {
-                "server_uri": "'${SERVER_URI}'",
-                "channel_creds": [{"type": "insecure"}],
-                "server_features" : ["xds_v3"]
-              }
-            ],
-            "node": {
-              "id": "'${NODE_ID}'",
-              "metadata": {
-                "GENERATOR": "grpc"
-              }
-            }
-          }' > /var/lib/grpc/data/bootstrap.json
-  containers:
-  {{- range $index, $container := .Spec.Containers }}
-  - name: {{ $container.Name }}
-    env:
-      - name: GRPC_XDS_BOOTSTRAP
-        value: /var/lib/grpc/data/bootstrap.json
-      - name: GRPC_GO_LOG_VERBOSITY_LEVEL
-        value: "99"
-      - name: GRPC_GO_LOG_SEVERITY_LEVEL
-        value: info
-    volumeMounts:
-      - mountPath: /var/lib/grpc/data/
-        name: grpc-io-proxyless-bootstrap
-  {{- end }}
-  volumes:
-    - name: grpc-io-proxyless-bootstrap
-      emptyDir: {}
diff --git a/charts/tetrate-istio/istiod-tid/files/injection-template.yaml b/charts/tetrate-istio/istiod-tid/files/injection-template.yaml
deleted file mode 100644
index f338913aa..000000000
--- a/charts/tetrate-istio/istiod-tid/files/injection-template.yaml
+++ /dev/null
@@ -1,491 +0,0 @@
-{{- $containers := list }}
-{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
-metadata:
-  labels:
-    security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio"  | quote }}
-    service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name  | quote }}
-    service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest"  | quote }}
-  annotations: {
-    {{- if eq (len $containers) 1 }}
-    kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
-    kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
-    {{ end }}
-{{- if .Values.istio_cni.enabled }}
-    {{- if not .Values.istio_cni.chained }}
-    k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `istio-cni` }}',
-    {{- end }}
-    sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}",
-    {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }}
-    {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }}
-    {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}traffic.sidecar.istio.io/includeInboundPorts: "{{.}}",{{ end }}
-    traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}",
-    {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }}
-    traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}",
-    {{- end }}
-    {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }}
-    traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}",
-    {{- end }}
-    {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }}
-{{- end }}
-  }
-spec:
-  {{- $holdProxy := or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts }}
-  initContainers:
-  {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
-  {{ if .Values.istio_cni.enabled -}}
-  - name: istio-validation
-  {{ else -}}
-  - name: istio-init
-  {{ end -}}
-  {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }}
-    image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}"
-  {{- else }}
-    image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
-  {{- end }}
-    args:
-    - istio-iptables
-    - "-p"
-    - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }}
-    - "-z"
-    - "15006"
-    - "-u"
-    - "1337"
-    - "-m"
-    - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}"
-    - "-i"
-    - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}"
-    - "-x"
-    - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}"
-    - "-b"
-    - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}"
-    - "-d"
-  {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}
-    - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}"
-  {{- else }}
-    - "15090,15021"
-  {{- end }}
-    {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}}
-    - "-q"
-    - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}"
-    {{ end -}}
-    {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}}
-    - "-o"
-    - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
-    {{ end -}}
-    {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}
-    - "-k"
-    - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
-    {{ end -}}
-    {{ if .Values.istio_cni.enabled -}}
-    - "--run-validation"
-    - "--skip-rule-apply"
-    {{ end -}}
-    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-  {{- if .ProxyConfig.ProxyMetadata }}
-    env:
-    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-    - name: {{ $key }}
-      value: "{{ $value }}"
-    {{- end }}
-  {{- end }}
-    resources:
-  {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
-      requests:
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
-        cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
-        {{ end }}
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
-        memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
-        {{ end }}
-    {{- end }}
-    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-      limits:
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
-        cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
-        {{ end }}
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
-        memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
-        {{ end }}
-    {{- end }}
-  {{- else }}
-    {{- if .Values.global.proxy.resources }}
-      {{ toYaml .Values.global.proxy.resources | indent 6 }}
-    {{- end }}
-  {{- end }}
-    securityContext:
-      allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }}
-      privileged: {{ .Values.global.proxy.privileged }}
-      capabilities:
-    {{- if not .Values.istio_cni.enabled }}
-        add:
-        - NET_ADMIN
-        - NET_RAW
-    {{- end }}
-        drop:
-        - ALL
-    {{- if not .Values.istio_cni.enabled }}
-      readOnlyRootFilesystem: false
-      runAsGroup: 0
-      runAsNonRoot: false
-      runAsUser: 0
-    {{- else }}
-      readOnlyRootFilesystem: true
-      runAsGroup: 1337
-      runAsUser: 1337
-      runAsNonRoot: true
-    {{- end }}
-    restartPolicy: Always
-  {{ end -}}
-  {{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }}
-  - name: enable-core-dump
-    args:
-    - -c
-    - sysctl -w kernel.core_pattern=/var/lib/istio/data/core.proxy && ulimit -c unlimited
-    command:
-      - /bin/sh
-  {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }}
-    image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}"
-  {{- else }}
-    image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
-  {{- end }}
-    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: true
-      capabilities:
-        add:
-        - SYS_ADMIN
-        drop:
-        - ALL
-      privileged: true
-      readOnlyRootFilesystem: false
-      runAsGroup: 0
-      runAsNonRoot: false
-      runAsUser: 0
-  {{ end }}
-  containers:
-  - name: istio-proxy
-  {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
-    image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
-  {{- else }}
-    image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-  {{- end }}
-    ports:
-    - containerPort: 15090
-      protocol: TCP
-      name: http-envoy-prom
-    args:
-    - proxy
-    - sidecar
-    - --domain
-    - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
-    - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }}
-    - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }}
-    - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}
-  {{- if .Values.global.sts.servicePort }}
-    - --stsPort={{ .Values.global.sts.servicePort }}
-  {{- end }}
-  {{- if .Values.global.logAsJson }}
-    - --log_as_json
-  {{- end }}
-  {{- if gt .EstimatedConcurrency 0 }}
-    - --concurrency
-    - "{{ .EstimatedConcurrency }}"
-  {{- end -}}
-  {{- if .Values.global.proxy.lifecycle }}
-    lifecycle:
-      {{ toYaml .Values.global.proxy.lifecycle | indent 6 }}
-  {{- else if $holdProxy }}
-    lifecycle:
-      postStart:
-        exec:
-          command:
-          - pilot-agent
-          - wait
-  {{- end }}
-    env:
-    {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }}
-    - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION
-      value: "true"
-    {{- end }}
-    - name: JWT_POLICY
-      value: {{ .Values.global.jwtPolicy }}
-    - name: PILOT_CERT_PROVIDER
-      value: {{ .Values.global.pilotCertProvider }}
-    - name: CA_ADDR
-    {{- if .Values.global.caAddress }}
-      value: {{ .Values.global.caAddress }}
-    {{- else }}
-      value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
-    {{- end }}
-    - name: POD_NAME
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.name
-    - name: POD_NAMESPACE
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.namespace
-    - name: INSTANCE_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.podIP
-    - name: SERVICE_ACCOUNT
-      valueFrom:
-        fieldRef:
-          fieldPath: spec.serviceAccountName
-    - name: HOST_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.hostIP
-    - name: PROXY_CONFIG
-      value: |
-             {{ protoToJSON .ProxyConfig }}
-    - name: ISTIO_META_POD_PORTS
-      value: |-
-        [
-        {{- $first := true }}
-        {{- range $index1, $c := .Spec.Containers }}
-          {{- range $index2, $p := $c.Ports }}
-            {{- if (structToJSON $p) }}
-            {{if not $first}},{{end}}{{ structToJSON $p }}
-            {{- $first = false }}
-            {{- end }}
-          {{- end}}
-        {{- end}}
-        ]
-    - name: ISTIO_META_APP_CONTAINERS
-      value: "{{ $containers | join "," }}"
-    - name: ISTIO_META_CLUSTER_ID
-      value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
-    - name: ISTIO_META_INTERCEPTION_MODE
-      value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
-    {{- if .Values.global.network }}
-    - name: ISTIO_META_NETWORK
-      value: "{{ .Values.global.network }}"
-    {{- end }}
-    {{- if .DeploymentMeta.Name }}
-    - name: ISTIO_META_WORKLOAD_NAME
-      value: "{{ .DeploymentMeta.Name }}"
-    {{ end }}
-    {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
-    - name: ISTIO_META_OWNER
-      value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
-    {{- end}}
-    {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
-    - name: ISTIO_BOOTSTRAP_OVERRIDE
-      value: "/etc/istio/custom-bootstrap/custom_bootstrap.json"
-    {{- end }}
-    {{- if .Values.global.meshID }}
-    - name: ISTIO_META_MESH_ID
-      value: "{{ .Values.global.meshID }}"
-    {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
-    - name: ISTIO_META_MESH_ID
-      value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
-    {{- end }}
-    {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain)  }}
-    - name: TRUST_DOMAIN
-      value: "{{ . }}"
-    {{- end }}
-    {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
-    {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
-    - name: {{ $key }}
-      value: "{{ $value }}"
-    {{- end }}
-    {{- end }}
-    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}
-    - name: {{ $key }}
-      value: "{{ $value }}"
-    {{- end }}
-    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
-    {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }}
-    readinessProbe:
-      httpGet:
-        path: /healthz/ready
-        port: 15021
-      initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}
-      periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}
-      timeoutSeconds: 3
-      failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}
-    {{ end -}}
-    securityContext:
-      {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }}
-      allowPrivilegeEscalation: true
-      capabilities:
-        add:
-        - NET_ADMIN
-        drop:
-        - ALL
-      privileged: true
-      readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }}
-      runAsGroup: 1337
-      fsGroup: 1337
-      runAsNonRoot: false
-      runAsUser: 0
-      {{- else }}
-      allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }}
-      capabilities:
-        {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
-        add:
-        {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}}
-        - NET_ADMIN
-        {{- end }}
-        {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}}
-        - NET_BIND_SERVICE
-        {{- end }}
-        {{- end }}
-        drop:
-        - ALL
-      privileged: {{ .Values.global.proxy.privileged }}
-      readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }}
-      runAsGroup: 1337
-      fsGroup: 1337
-      {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
-      runAsNonRoot: false
-      runAsUser: 0
-      {{- else -}}
-      runAsNonRoot: true
-      runAsUser: 1337
-      {{- end }}
-      {{- end }}
-    resources:
-  {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
-      requests:
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
-        cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
-        {{ end }}
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
-        memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
-        {{ end }}
-    {{- end }}
-    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
-      limits:
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
-        cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
-        {{ end }}
-        {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
-        memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
-        {{ end }}
-    {{- end }}
-  {{- else }}
-    {{- if .Values.global.proxy.resources }}
-      {{ toYaml .Values.global.proxy.resources | indent 6 }}
-    {{- end }}
-  {{- end }}
-    volumeMounts:
-    {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-    - name: gke-workload-certificate
-      mountPath: /var/run/secrets/workload-spiffe-credentials
-      readOnly: true
-    {{- end }}
-    {{- if eq .Values.global.pilotCertProvider "istiod" }}
-    - mountPath: /var/run/secrets/istio
-      name: istiod-ca-cert
-    {{- end }}
-    - mountPath: /var/lib/istio/data
-      name: istio-data
-    {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
-    - mountPath: /etc/istio/custom-bootstrap
-      name: custom-bootstrap-volume
-    {{- end }}
-    # SDS channel between istioagent and Envoy
-    - mountPath: /etc/istio/proxy
-      name: istio-envoy
-    {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-    - mountPath: /var/run/secrets/tokens
-      name: istio-token
-    {{- end }}
-    {{- if .Values.global.mountMtlsCerts }}
-    # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-    - mountPath: /etc/certs/
-      name: istio-certs
-      readOnly: true
-    {{- end }}
-    - name: istio-podinfo
-      mountPath: /etc/istio/pod
-     {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }}
-    - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }}
-      name: lightstep-certs
-      readOnly: true
-    {{- end }}
-      {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}
-      {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}
-    - name: "{{  $index }}"
-      {{ toYaml $value | indent 6 }}
-      {{ end }}
-      {{- end }}
-  volumes:
-  {{- if eq .Values.global.caName "GkeWorkloadCertificate" }}
-  - name: gke-workload-certificate
-    csi:
-      driver: workloadcertificates.security.cloud.google.com
-  {{- end }}
-  {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
-  - name: custom-bootstrap-volume
-    configMap:
-      name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }}
-  {{- end }}
-  # SDS channel between istioagent and Envoy
-  - emptyDir:
-      medium: Memory
-    name: istio-envoy
-  - name: istio-data
-    emptyDir: {}
-  - name: istio-podinfo
-    downwardAPI:
-      items:
-        - path: "labels"
-          fieldRef:
-            fieldPath: metadata.labels
-        - path: "annotations"
-          fieldRef:
-            fieldPath: metadata.annotations
-  {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-  - name: istio-token
-    projected:
-      sources:
-      - serviceAccountToken:
-          path: istio-token
-          expirationSeconds: 43200
-          audience: {{ .Values.global.sds.token.aud }}
-  {{- end }}
-  {{- if eq .Values.global.pilotCertProvider "istiod" }}
-  - name: istiod-ca-cert
-    configMap:
-      name: istio-ca-root-cert
-  {{- end }}
-  {{- if .Values.global.mountMtlsCerts }}
-  # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
-  - name: istio-certs
-    secret:
-      optional: true
-      {{ if eq .Spec.ServiceAccountName "" }}
-      secretName: istio.default
-      {{ else -}}
-      secretName: {{  printf "istio.%s" .Spec.ServiceAccountName }}
-      {{  end -}}
-  {{- end }}
-    {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}
-    {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}
-  - name: "{{ $index }}"
-    {{ toYaml $value | indent 4 }}
-    {{ end }}
-    {{ end }}
-  {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }}
-  - name: lightstep-certs
-    secret:
-      optional: true
-      secretName: lightstep.cacert
-  {{- end }}
-  {{- if .Values.global.imagePullSecrets }}
-  imagePullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-    - name: {{ . }}
-    {{- end }}
-  {{- end }}
-  {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }}
-  securityContext:
-    fsGroup: 1337
-  {{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/kustomization.yaml b/charts/tetrate-istio/istiod-tid/kustomization.yaml
deleted file mode 100644
index 7f9bbc394..000000000
--- a/charts/tetrate-istio/istiod-tid/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - files/gen-istio.yaml
diff --git a/charts/tetrate-istio/istiod-tid/questions.yaml b/charts/tetrate-istio/istiod-tid/questions.yaml
deleted file mode 100644
index 110735cfe..000000000
--- a/charts/tetrate-istio/istiod-tid/questions.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-questions:
-- variable: global.tag
-  default: "1.12.6-tetrate-v0"
-  description: "Istiod-tag"
-  type: enum
-  label: Operator image tag
-  group: "Image version"
-  required: true
-  options:
-    - "1.12.6-tetrate-v0"
-    - "1.12.6-tetratefips-v0"
-    - "1.12.6-istio-v0"
\ No newline at end of file
diff --git a/charts/tetrate-istio/istiod-tid/templates/NOTES.txt b/charts/tetrate-istio/istiod-tid/templates/NOTES.txt
deleted file mode 100644
index f369b56da..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/NOTES.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed!
-
-To learn more about the release, try:
-  $ helm status {{ .Release.Name }}
-  $ helm get all {{ .Release.Name }}
-
-Next steps:
-  * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/
-  * Try out our tasks to get started on common configurations:
-    * https://istio.io/latest/docs/tasks/traffic-management
-    * https://istio.io/latest/docs/tasks/security/
-    * https://istio.io/latest/docs/tasks/policy-enforcement/
-    * https://istio.io/latest/docs/tasks/policy-enforcement/
-  * Review the list of actively supported releases, CVE publications and our hardening guide:
-    * https://istio.io/latest/docs/releases/supported-releases/
-    * https://istio.io/latest/news/security/
-    * https://istio.io/latest/docs/ops/best-practices/security/
-
-For further documentation see https://istio.io website
-
-Tell us how your install/upgrade experience went at https://forms.gle/FegQbc9UvePd4Z9z7
diff --git a/charts/tetrate-istio/istiod-tid/templates/autoscale.yaml b/charts/tetrate-istio/istiod-tid/templates/autoscale.yaml
deleted file mode 100644
index b8b14ad0b..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/autoscale.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{- if and .Values.pilot.autoscaleEnabled .Values.pilot.autoscaleMin .Values.pilot.autoscaleMax }}
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-spec:
-  maxReplicas: {{ .Values.pilot.autoscaleMax }}
-  minReplicas: {{ .Values.pilot.autoscaleMin }}
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      targetAverageUtilization: {{ .Values.pilot.cpu.targetAverageUtilization }}
----
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/clusterrole.yaml b/charts/tetrate-istio/istiod-tid/templates/clusterrole.yaml
deleted file mode 100644
index 67d29fd18..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/clusterrole.yaml
+++ /dev/null
@@ -1,134 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-  # sidecar injection controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-
-  # configuration validation webhook controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-
-  # istio configuration
-  # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
-  # please proceed with caution
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"]
-    verbs: ["get", "watch", "list"]
-    resources: ["*"]
-{{- if .Values.global.istiod.enableAnalysis }}
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"]
-    verbs: ["update"]
-    # TODO: should be on just */status but wildcard is not supported
-    resources: ["*"]
-{{- end }}
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries/status" ]
-
-  # auto-detect installed CRD definitions
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-
-  # discovery and routing
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-
-  # ingress controller
-{{- if .Values.global.istiod.enableAnalysis }}
-  - apiGroups: ["extensions", "networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["extensions", "networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-{{- end}}
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-
-  # required for CA's namespace controller
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-
-  # Istiod and bootstrap.
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs: ["update", "create", "get", "delete", "watch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "signers"
-    resourceNames:
-    - "kubernetes.io/legacy-unknown"
-    verbs: ["approve"]
-
-  # Used by Istiod to verify the JWT tokens
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-
-  # Used by Istiod to verify gateway SDS
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
-  # Use for Kubernetes Service APIs
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"] # TODO: should be on just */status but wildcard is not supported
-    verbs: ["update", "patch"]
-
-  # Needed for multicluster secret reading, possibly ingress certs in the future
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "watch", "list"]
-
-  # Used for MCS serviceexport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: [ "get", "watch", "list", "create", "delete"]
-
-  # Used for MCS serviceimport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-{{- if not (eq (toString .Values.pilot.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-  - apiGroups: ["apps"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "deployments" ]
-  - apiGroups: [""]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "services" ]
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/clusterrolebinding.yaml b/charts/tetrate-istio/istiod-tid/templates/clusterrolebinding.yaml
deleted file mode 100644
index f6e425210..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}
-    namespace: {{ .Values.global.istioNamespace }}
----
-{{- if not (eq (toString .Values.pilot.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-subjects:
-- kind: ServiceAccount
-  name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Values.global.istioNamespace }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/tetrate-istio/istiod-tid/templates/configmap-jwks.yaml b/charts/tetrate-istio/istiod-tid/templates/configmap-jwks.yaml
deleted file mode 100644
index 7b719ac7e..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/configmap-jwks.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if .Values.pilot.jwksResolverExtraRootCA }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    release: {{ .Release.Name }}
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-data:
-  extra.pem: {{ .Values.pilot.jwksResolverExtraRootCA | quote }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/configmap.yaml b/charts/tetrate-istio/istiod-tid/templates/configmap.yaml
deleted file mode 100644
index 17b52f101..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/configmap.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
-{{- define "mesh" }}
-    # The trust domain corresponds to the trust root of a system.
-    # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
-    trustDomain: "cluster.local"
-
-    # The namespace to treat as the administrative root namespace for Istio configuration.
-    # When processing a leaf namespace Istio will search for declarations in that namespace first
-    # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace
-    # is processed as if it were declared in the leaf namespace.
-    rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }}
-
-    defaultConfig:
-      {{- if .Values.global.meshID }}
-      meshId: {{ .Values.global.meshID }}
-      {{- end }}
-      tracing:
-      {{- if eq .Values.global.proxy.tracer "lightstep" }}
-        lightstep:
-          # Address of the LightStep Satellite pool
-          address: {{ .Values.global.tracer.lightstep.address }}
-          # Access Token used to communicate with the Satellite pool
-          accessToken: {{ .Values.global.tracer.lightstep.accessToken }}
-      {{- else if eq .Values.global.proxy.tracer "zipkin" }}
-        zipkin:
-          # Address of the Zipkin collector
-          address: {{ .Values.global.tracer.zipkin.address | default (print "zipkin." .Values.global.istioNamespace ":9411") }}
-      {{- else if eq .Values.global.proxy.tracer "datadog" }}
-        datadog:
-          # Address of the Datadog Agent
-          address: {{ .Values.global.tracer.datadog.address | default "$(HOST_IP):8126" }}
-      {{- else if eq .Values.global.proxy.tracer "stackdriver" }}
-        stackdriver:
-          # enables trace output to stdout.
-        {{- if $.Values.global.tracer.stackdriver.debug }}
-          debug: {{ $.Values.global.tracer.stackdriver.debug }}
-        {{- end }}
-        {{- if $.Values.global.tracer.stackdriver.maxNumberOfAttributes }}
-          # The global default max number of attributes per span.
-          maxNumberOfAttributes: {{ $.Values.global.tracer.stackdriver.maxNumberOfAttributes | default "200" }}
-        {{- end }}
-        {{- if $.Values.global.tracer.stackdriver.maxNumberOfAnnotations }}
-          # The global default max number of annotation events per span.
-          maxNumberOfAnnotations: {{ $.Values.global.tracer.stackdriver.maxNumberOfAnnotations | default "200" }}
-        {{- end }}
-        {{- if $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents }}
-          # The global default max number of message events per span.
-          maxNumberOfMessageEvents: {{ $.Values.global.tracer.stackdriver.maxNumberOfMessageEvents | default "200" }}
-        {{- end }}
-      {{- else if eq .Values.global.proxy.tracer "openCensusAgent" }}
-      {{/* Fill in openCensusAgent configuration from meshConfig so it isn't overwritten below */}}
-{{ toYaml $.Values.meshConfig.defaultConfig.tracing | indent 8 }}
-      {{- else }}
-        {}
-      {{- end }}
-      {{- if .Values.global.remotePilotAddress }}
-      {{- if not .Values.global.externalIstiod }}
-      discoveryAddress: {{ printf "istiod-remote.%s.svc" .Release.Namespace }}:15012
-      {{- else }}
-      discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012
-      {{- end }}
-      {{- else }}
-      discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012
-      {{- end }}
-{{- end }}
-
-{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}}
-{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}}
-{{- $originalMesh := include "mesh" . | fromYaml }}
-{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }}
-
-{{- if .Values.pilot.configMap }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    release: {{ .Release.Name }}
-data:
-
-  # Configuration file for the mesh networks to be used by the Split Horizon EDS.
-  meshNetworks: |-
-  {{- if .Values.global.meshNetworks }}
-    networks:
-{{ toYaml .Values.global.meshNetworks | trim | indent 6 }}
-  {{- else }}
-    networks: {}
-  {{- end }}
-
-  mesh: |-
-{{- if .Values.meshConfig }}
-{{ $mesh | toYaml | indent 4 }}
-{{- else }}
-{{- include "mesh" . }}
-{{- end }}
----
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/deployment.yaml b/charts/tetrate-istio/istiod-tid/templates/deployment.yaml
deleted file mode 100644
index 434d102b4..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/deployment.yaml
+++ /dev/null
@@ -1,219 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: istiod
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    istio: pilot
-    release: {{ .Release.Name }}
-{{- range $key, $val := .Values.pilot.deploymentLabels }}
-    {{ $key }}: "{{ $val }}"
-{{- end }}
-spec:
-{{- if not .Values.pilot.autoscaleEnabled }}
-{{- if .Values.pilot.replicaCount }}
-  replicas: {{ .Values.pilot.replicaCount }}
-{{- end }}
-{{- end }}
-  strategy:
-    rollingUpdate:
-      maxSurge: {{ .Values.pilot.rollingMaxSurge }}
-      maxUnavailable: {{ .Values.pilot.rollingMaxUnavailable }}
-  selector:
-    matchLabels:
-      {{- if ne .Values.revision "" }}
-      app: istiod
-      istio.io/rev: {{ .Values.revision | default "default" }}
-      {{- else }}
-      istio: pilot
-      {{- end }}
-  template:
-    metadata:
-      labels:
-        app: istiod
-        istio.io/rev: {{ .Values.revision | default "default" }}
-        install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-        sidecar.istio.io/inject: "false"
-        operator.istio.io/component: "Pilot"
-        {{- if ne .Values.revision "" }}
-        istio: istiod
-        {{- else }}
-        istio: pilot
-        {{- end }}
-        {{- range $key, $val := .Values.pilot.podLabels }}
-        {{ $key }}: "{{ $val }}"
-        {{- end }}
-      annotations:
-        {{- if .Values.meshConfig.enablePrometheusMerge }}
-        prometheus.io/port: "15014"
-        prometheus.io/scrape: "true"
-        {{- end }}
-        sidecar.istio.io/inject: "false"
-        {{- if .Values.pilot.podAnnotations }}
-{{ toYaml .Values.pilot.podAnnotations | indent 8 }}
-        {{- end }}
-    spec:
-{{- if .Values.pilot.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.pilot.nodeSelector | indent 8 }}
-{{- end }}
-      serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-{{- if .Values.global.priorityClassName }}
-      priorityClassName: "{{ .Values.global.priorityClassName }}"
-{{- end }}
-      securityContext:
-        fsGroup: 1337
-      containers:
-        - name: discovery
-{{- if contains "/" .Values.pilot.image }}
-          image: "{{ .Values.pilot.image }}"
-{{- else }}
-          image: "{{ .Values.pilot.hub | default .Values.global.hub }}/{{ .Values.pilot.image | default "pilot" }}:{{ .Values.pilot.tag | default .Values.global.tag }}"
-{{- end }}
-{{- if .Values.global.imagePullPolicy }}
-          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
-{{- end }}
-          args:
-          - "discovery"
-          - --monitoringAddr=:15014
-{{- if .Values.global.logging.level }}
-          - --log_output_level={{ .Values.global.logging.level }}
-{{- end}}
-{{- if .Values.global.logAsJson }}
-          - --log_as_json
-{{- end }}
-          - --domain
-          - {{ .Values.global.proxy.clusterDomain }}
-{{- if .Values.global.oneNamespace }}
-          - "-a"
-          - {{ .Release.Namespace }}
-{{- end }}
-{{- if .Values.pilot.plugins }}
-          - --plugins={{ .Values.pilot.plugins }}
-{{- end }}
-          - --keepaliveMaxServerConnectionAge
-          - "{{ .Values.pilot.keepaliveMaxServerConnectionAge }}"
-          ports:
-          - containerPort: 8080
-            protocol: TCP
-          - containerPort: 15010
-            protocol: TCP
-          - containerPort: 15017
-            protocol: TCP
-          readinessProbe:
-            httpGet:
-              path: /ready
-              port: 8080
-            initialDelaySeconds: 1
-            periodSeconds: 3
-            timeoutSeconds: 5
-          env:
-          - name: REVISION
-            value: "{{ .Values.revision | default `default` }}"
-          - name: JWT_POLICY
-            value: {{ .Values.global.jwtPolicy }}
-          - name: PILOT_CERT_PROVIDER
-            value: {{ .Values.global.pilotCertProvider }}
-          - name: POD_NAME
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.name
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-          - name: SERVICE_ACCOUNT
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: spec.serviceAccountName
-          - name: KUBECONFIG
-            value: /var/run/secrets/remote/config
-          {{- if .Values.pilot.env }}
-          {{- range $key, $val := .Values.pilot.env }}
-          - name: {{ $key }}
-            value: "{{ $val }}"
-          {{- end }}
-          {{- end }}
-{{- if .Values.pilot.traceSampling }}
-          - name: PILOT_TRACE_SAMPLING
-            value: "{{ .Values.pilot.traceSampling }}"
-{{- end }}
-          - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
-            value: "{{ .Values.pilot.enableProtocolSniffingForOutbound }}"
-          - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
-            value: "{{ .Values.pilot.enableProtocolSniffingForInbound }}"
-          - name: ISTIOD_ADDR
-            value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Release.Namespace }}.svc:15012
-          - name: PILOT_ENABLE_ANALYSIS
-            value: "{{ .Values.global.istiod.enableAnalysis }}"
-          - name: CLUSTER_ID
-            value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}"
-          resources:
-{{- if .Values.pilot.resources }}
-{{ toYaml .Values.pilot.resources | trim | indent 12 }}
-{{- else }}
-{{ toYaml .Values.global.defaultResources | trim | indent 12 }}
-{{- end }}
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsUser: 1337
-            runAsGroup: 1337
-            runAsNonRoot: true
-            capabilities:
-              drop:
-              - ALL
-          volumeMounts:
-          {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-          - name: istio-token
-            mountPath: /var/run/secrets/tokens
-            readOnly: true
-          {{- end }}
-          - name: local-certs
-            mountPath: /var/run/secrets/istio-dns
-          - name: cacerts
-            mountPath: /etc/cacerts
-            readOnly: true
-          - name: istio-kubeconfig
-            mountPath: /var/run/secrets/remote
-            readOnly: true
-          {{- if .Values.pilot.jwksResolverExtraRootCA }}
-          - name: extracacerts
-            mountPath: /cacerts
-          {{- end }}
-      volumes:
-      # Technically not needed on this pod - but it helps debugging/testing SDS
-      # Should be removed after everything works.
-      - emptyDir:
-          medium: Memory
-        name: local-certs
-      {{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
-      - name: istio-token
-        projected:
-          sources:
-            - serviceAccountToken:
-                audience: {{ .Values.global.sds.token.aud }}
-                expirationSeconds: 43200
-                path: istio-token
-      {{- end }}
-      # Optional: user-generated root
-      - name: cacerts
-        secret:
-          secretName: cacerts
-          optional: true
-      - name: istio-kubeconfig
-        secret:
-          secretName: istio-kubeconfig
-          optional: true
-  {{- if .Values.pilot.jwksResolverExtraRootCA }}
-      - name: extracacerts
-        configMap:
-          name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- end }}
----
diff --git a/charts/tetrate-istio/istiod-tid/templates/istiod-injector-configmap.yaml b/charts/tetrate-istio/istiod-tid/templates/istiod-injector-configmap.yaml
deleted file mode 100644
index b6b1fa8e8..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/istiod-injector-configmap.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-{{- if not .Values.global.omitSidecarInjectorConfigMap }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    release: {{ .Release.Name }}
-data:
-{{/* Scope the values to just top level fields used in the template, to reduce the size. */}}
-  values: |-
-{{ pick .Values "global" "istio_cni" "sidecarInjectorWebhook" "revision" | toPrettyJson | indent 4 }}
-
-  # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching
-  # and istiod webhook functionality.
-  #
-  # New fields should not use Values - it is a 'primary' config object, users should be able
-  # to fine tune it or use it with kube-inject.
-  config: |-
-    # defaultTemplates defines the default template to use for pods that do not explicitly specify a template
-    {{- if .Values.sidecarInjectorWebhook.defaultTemplates }}
-    defaultTemplates:
-{{- range .Values.sidecarInjectorWebhook.defaultTemplates}}
-    - {{ . }}
-{{- end }}
-    {{- else }}
-    defaultTemplates: [sidecar]
-    {{- end }}
-    policy: {{ .Values.global.proxy.autoInject }}
-    alwaysInjectSelector:
-{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }}
-    neverInjectSelector:
-{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }}
-    injectedAnnotations:
-      {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }}
-      "{{ $key }}": "{{ $val }}"
-      {{- end }}
-    {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template
-         which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined".
-         This should make it obvious that their installation is broken.
-     */}}
-    template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }}
-    templates:
-{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }}
-      sidecar: |
-{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }}
-{{- end }}
-{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }}
-      gateway: |
-{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }}
-{{- end }}
-{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }}
-      grpc-simple: |
-{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }}
-{{- end }}
-{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }}
-      grpc-agent: |
-{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }}
-{{- end }}
-{{- with .Values.sidecarInjectorWebhook.templates }}
-{{ toYaml . | trim | indent 6 }}
-{{- end }}
-
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/mutatingwebhook.yaml b/charts/tetrate-istio/istiod-tid/templates/mutatingwebhook.yaml
deleted file mode 100644
index dcb84dde3..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/mutatingwebhook.yaml
+++ /dev/null
@@ -1,144 +0,0 @@
-{{- /* Core defines the common configuration used by all webhook segments */}}
-{{- define "core" }}
-{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign
-a unique prefix to each. */}}
-- name: {{.Prefix}}sidecar-injector.istio.io
-  clientConfig:
-    {{- if .Values.istiodRemote.injectionURL }}
-    url: "{{ .Values.istiodRemote.injectionURL }}"
-    {{- else }}
-    service:
-      name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-      namespace: {{ .Release.Namespace }}
-      path: "{{ .Values.istiodRemote.injectionPath }}"
-      port: 443
-    {{- end }}
-    caBundle: ""
-  sideEffects: None
-  rules:
-  - operations: [ "CREATE" ]
-    apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-  failurePolicy: Fail
-  admissionReviewVersions: ["v1beta1", "v1"]
-{{- end }}
-{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}}
-{{- if not .Values.global.operatorManageWebhooks }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-{{- if eq .Release.Namespace "istio-system"}}
-  name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-{{- else }}
-  name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-{{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    app: sidecar-injector
-    release: {{ .Release.Name }}
-webhooks:
-{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}}
-
-{{- /* Case 1: namespace selector matches, and object doesn't disable */}}
-{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}}
-{{- include "core" (mergeOverwrite (deepCopy .) (dict "Prefix" "rev.namespace.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio.io/rev
-      operator: In
-      values:
-      {{- if (eq .Values.revision "") }}
-      - "default"
-      {{- else }}
-      - "{{ .Values.revision }}"
-      {{- end }}
-    - key: istio-injection
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-
-{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}}
-{{- include "core" (mergeOverwrite (deepCopy .) (dict "Prefix" "rev.object.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio.io/rev
-      operator: DoesNotExist
-    - key: istio-injection
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-    - key: istio.io/rev
-      operator: In
-      values:
-      {{- if (eq .Values.revision "") }}
-      - "default"
-      {{- else }}
-      - "{{ .Values.revision }}"
-      {{- end }}
-
-
-{{- /* Webhooks for default revision */}}
-{{- if (eq .Values.revision "") }}
-
-{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}}
-{{- include "core" (mergeOverwrite (deepCopy .) (dict "Prefix" "namespace.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: In
-      values:
-      - enabled
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-
-{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}}
-{{- include "core" (mergeOverwrite (deepCopy .) (dict "Prefix" "object.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: In
-      values:
-      - "true"
-    - key: istio.io/rev
-      operator: DoesNotExist
-
-{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }}
-{{- /* Special case 3: no labels at all */}}
-{{- include "core" (mergeOverwrite (deepCopy .) (dict "Prefix" "auto.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-{{- end }}
-
-{{- end }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/poddisruptionbudget.yaml b/charts/tetrate-istio/istiod-tid/templates/poddisruptionbudget.yaml
deleted file mode 100644
index 40b2e6015..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/poddisruptionbudget.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.global.defaultPodDisruptionBudget.enabled }}
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: istiod
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    release: {{ .Release.Name }}
-    istio: pilot
-spec:
-  minAvailable: 1
-  selector:
-    matchLabels:
-      app: istiod
-      {{- if ne .Values.revision "" }}
-      istio.io/rev: {{ .Values.revision }}
-      {{- else }}
-      istio: pilot
-      {{- end }}
----
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/reader-clusterrole.yaml b/charts/tetrate-istio/istiod-tid/templates/reader-clusterrole.yaml
deleted file mode 100644
index 69e4dd381..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/reader-clusterrole.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - "config.istio.io"
-      - "security.istio.io"
-      - "networking.istio.io"
-      - "authentication.istio.io"
-      - "rbac.istio.io"
-    resources: ["*"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-{{- if .Values.global.externalIstiod }}
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-{{- end}}
diff --git a/charts/tetrate-istio/istiod-tid/templates/reader-clusterrolebinding.yaml b/charts/tetrate-istio/istiod-tid/templates/reader-clusterrolebinding.yaml
deleted file mode 100644
index 4f9925c9d..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/reader-clusterrolebinding.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istio-reader-service-account
-    namespace: {{ .Values.global.istioNamespace }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/revision-tags.yaml b/charts/tetrate-istio/istiod-tid/templates/revision-tags.yaml
deleted file mode 100644
index 2ec985f04..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/revision-tags.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-# Adapted from istio-discovery/templates/mutatingwebhook.yaml
-# Removed paths for legacy and default selectors since a revision tag
-# is inherently created from a specific revision
-{{- define "core" }}
-- name: {{.Prefix}}sidecar-injector.istio.io
-  clientConfig:
-    {{- if .Values.istiodRemote.injectionURL }}
-    url: "{{ .Values.istiodRemote.injectionURL }}"
-    {{- else }}
-    service:
-      name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-      namespace: {{ .Release.Namespace }}
-      path: "{{ .Values.istiodRemote.injectionPath }}"
-    {{- end }}
-    caBundle: ""
-  sideEffects: None
-  rules:
-    - operations: [ "CREATE" ]
-      apiGroups: [""]
-      apiVersions: ["v1"]
-      resources: ["pods"]
-  failurePolicy: Fail
-  admissionReviewVersions: ["v1beta1", "v1"]
-{{- end }}
-
-{{- range $tagName := $.Values.revisionTags }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-{{- if eq $.Release.Namespace "istio-system"}}
-  name: istio-revision-tag-{{ $tagName }}
-{{- else }}
-  name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }}
-{{- end }}
-  labels:
-    istio.io/tag: {{ $tagName }}
-    istio.io/rev: {{ $.Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ $.Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    app: sidecar-injector
-    release: {{ $.Release.Name }}
-webhooks:
-{{- include "core" (mergeOverwrite (deepCopy $) (dict "Prefix" "rev.namespace.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio.io/rev
-      operator: In
-      values:
-      - "{{ $tagName }}"
-    - key: istio-injection
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-{{- include "core" (mergeOverwrite (deepCopy $) (dict "Prefix" "rev.object.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio.io/rev
-      operator: DoesNotExist
-    - key: istio-injection
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-    - key: istio.io/rev
-      operator: In
-      values:
-      - "{{ $tagName }}"
-
-{{- /* When the tag is "default" we want to create webhooks for the default revision */}}
-{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}}
-{{- if (eq $tagName "default") }}
-
-{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}}
-{{- include "core" (mergeOverwrite (deepCopy $) (dict "Prefix" "namespace.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: In
-      values:
-      - enabled
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: NotIn
-      values:
-      - "false"
-
-{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}}
-{{- include "core" (mergeOverwrite (deepCopy $) (dict "Prefix" "object.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: In
-      values:
-      - "true"
-    - key: istio.io/rev
-      operator: DoesNotExist
-
-{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }}
-{{- /* Special case 3: no labels at all */}}
-{{- include "core" (mergeOverwrite (deepCopy $) (dict "Prefix" "auto.") ) }}
-  namespaceSelector:
-    matchExpressions:
-    - key: istio-injection
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-  objectSelector:
-    matchExpressions:
-    - key: sidecar.istio.io/inject
-      operator: DoesNotExist
-    - key: istio.io/rev
-      operator: DoesNotExist
-{{- end }}
-
-{{- end }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/role.yaml b/charts/tetrate-istio/istiod-tid/templates/role.yaml
deleted file mode 100644
index 25c4f5c3b..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/role.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-# permissions to verify the webhook is ready and rejecting
-# invalid config. We use --server-dry-run so no config is persisted.
-- apiGroups: ["networking.istio.io"]
-  verbs: ["create"]
-  resources: ["gateways"]
-
-# For storing CA secret
-- apiGroups: [""]
-  resources: ["secrets"]
-  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
-  verbs: ["create", "get", "watch", "list", "update", "delete"]
diff --git a/charts/tetrate-istio/istiod-tid/templates/rolebinding.yaml b/charts/tetrate-istio/istiod-tid/templates/rolebinding.yaml
deleted file mode 100644
index 0d700f008..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/rolebinding.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}
-subjects:
-  - kind: ServiceAccount
-    name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-    namespace: {{ .Values.global.istioNamespace }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/service.yaml b/charts/tetrate-istio/istiod-tid/templates/service.yaml
deleted file mode 100644
index b5ddf5b6e..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/service.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Release.Namespace }}
-  {{- if .Values.pilot.serviceAnnotations }}
-  annotations:
-{{ toYaml .Values.pilot.serviceAnnotations | indent 4 }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
-    operator.istio.io/component: "Pilot"
-    app: istiod
-    istio: pilot
-    release: {{ .Release.Name }}
-spec:
-  ports:
-    - port: 15010
-      name: grpc-xds # plaintext
-      protocol: TCP
-    - port: 15012
-      name: https-dns # mTLS with k8s-signed cert
-      protocol: TCP
-    - port: 443
-      name: https-webhook # validation and injection
-      targetPort: 15017
-      protocol: TCP
-    - port: 15014
-      name: http-monitoring # prometheus stats
-      protocol: TCP
-  selector:
-    app: istiod
-    {{- if ne .Values.revision "" }}
-    istio.io/rev: {{ .Values.revision }}
-    {{- else }}
-    # Label used by the 'default' service. For versioned deployments we match with app and version.
-    # This avoids default deployment picking the canary
-    istio: pilot
-    {{- end }}
----
diff --git a/charts/tetrate-istio/istiod-tid/templates/serviceaccount.yaml b/charts/tetrate-istio/istiod-tid/templates/serviceaccount.yaml
deleted file mode 100644
index ee6cbc326..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-  {{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-  {{- end }}
-  {{- end }}
-metadata:
-  name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
----
diff --git a/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.10.yaml b/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.10.yaml
deleted file mode 100644
index 65f0eddf8..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.10.yaml
+++ /dev/null
@@ -1,601 +0,0 @@
-{{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }}
----
-# Note: http stats filter is wasm enabled only in sidecars.
-{{- if .Values.telemetry.v2.prometheus.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stats-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true,
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_inbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
----
-# Note: tcp stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stats-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_inbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
-    - applyTo: NETWORK_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
----
-{{- end }}
-{{- if .Values.telemetry.v2.stackdriver.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stackdriver-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-{{- if not .Values.telemetry.v2.stackdriver.disableOutbound }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
-{{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}", "disable_host_header_fallback": true}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}", "disable_host_header_fallback": true}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
----
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stackdriver-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-  {{- if not .Values.telemetry.v2.stackdriver.disableOutbound }}
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_OUTBOUND
-      proxy:
-        proxyVersion: '^1\.10.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_outbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_outbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
-    {{- end }}
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_INBOUND
-      proxy:
-        proxyVersion: '^1\.10.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_inbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_inbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
-  - applyTo: NETWORK_FILTER
-    match:
-      context: GATEWAY
-      proxy:
-        proxyVersion: '^1\.10.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_outbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_outbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
----
-{{- if .Values.telemetry.v2.accessLogPolicy.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stackdriver-sampling-accesslog-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '1\.10.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "istio.stackdriver"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.access_log
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "log_window_duration": "{{ .Values.telemetry.v2.accessLogPolicy.logWindowDuration }}"
-                    }
-                vm_config:
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: "envoy.wasm.access_log_policy" }
----
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.11.yaml b/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.11.yaml
deleted file mode 100644
index fba3a5ec2..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.11.yaml
+++ /dev/null
@@ -1,601 +0,0 @@
-{{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }}
----
-# Note: http stats filter is wasm enabled only in sidecars.
-{{- if .Values.telemetry.v2.prometheus.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stats-filter-1.11{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true,
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_inbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
----
-# Note: tcp stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stats-filter-1.11{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_inbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
-    - applyTo: NETWORK_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
----
-{{- end }}
-{{- if .Values.telemetry.v2.stackdriver.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stackdriver-filter-1.11{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-{{- if not .Values.telemetry.v2.stackdriver.disableOutbound }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
-{{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}", "disable_host_header_fallback": true}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}", "disable_host_header_fallback": true}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
----
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stackdriver-filter-1.11{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-  {{- if not .Values.telemetry.v2.stackdriver.disableOutbound }}
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_OUTBOUND
-      proxy:
-        proxyVersion: '^1\.11.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_outbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_outbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
-    {{- end }}
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_INBOUND
-      proxy:
-        proxyVersion: '^1\.11.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_inbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_inbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
-  - applyTo: NETWORK_FILTER
-    match:
-      context: GATEWAY
-      proxy:
-        proxyVersion: '^1\.11.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_outbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_outbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
----
-{{- if .Values.telemetry.v2.accessLogPolicy.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stackdriver-sampling-accesslog-filter-1.11{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '1\.11.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "istio.stackdriver"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.access_log
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "log_window_duration": "{{ .Values.telemetry.v2.accessLogPolicy.logWindowDuration }}"
-                    }
-                vm_config:
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: "envoy.wasm.access_log_policy" }
----
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.12.yaml b/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.12.yaml
deleted file mode 100644
index aeb987f23..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/telemetryv2_1.12.yaml
+++ /dev/null
@@ -1,601 +0,0 @@
-{{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }}
----
-# Note: http stats filter is wasm enabled only in sidecars.
-{{- if .Values.telemetry.v2.prometheus.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stats-filter-1.12{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true,
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_inbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "disable_host_header_fallback": true
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: envoy.wasm.stats
-                  {{- end }}
----
-# Note: tcp stats filter is wasm enabled only in sidecars.
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stats-filter-1.12{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio",
-                      "metrics": [
-                        {
-                          "dimensions": {
-                            "destination_cluster": "node.metadata['CLUSTER_ID']",
-                            "source_cluster": "downstream_peer.cluster_id"
-                          }
-                        }
-                      ]
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_inbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
-    - applyTo: NETWORK_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
-    - applyTo: NETWORK_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.tcp_proxy"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stats
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stats_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }}
-                    {
-                      "debug": "false",
-                      "stat_prefix": "istio"
-                    }
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: tcp_stats_outbound
-                  {{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
-                  runtime: envoy.wasm.runtime.v8
-                  allow_precompiled: true
-                  code:
-                    local:
-                      filename: /etc/istio/extensions/stats-filter.compiled.wasm
-                  {{- else }}
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local:
-                      inline_string: "envoy.wasm.stats"
-                  {{- end }}
----
-{{- end }}
-{{- if .Values.telemetry.v2.stackdriver.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stackdriver-filter-1.12{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-{{- if not .Values.telemetry.v2.stackdriver.disableOutbound }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_OUTBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
-{{- end }}
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_inbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}", "disable_host_header_fallback": true}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_inbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
-    - applyTo: HTTP_FILTER
-      match:
-        context: GATEWAY
-        proxy:
-          proxyVersion: '^1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "envoy.filters.http.router"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.stackdriver
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                root_id: stackdriver_outbound
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                    {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}", "disable_host_header_fallback": true}
-                    {{- else }}
-                    {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                    {{- end }}
-                vm_config:
-                  vm_id: stackdriver_outbound
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: envoy.wasm.null.stackdriver }
----
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: tcp-stackdriver-filter-1.12{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-  {{- if not .Values.telemetry.v2.stackdriver.disableOutbound }}
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_OUTBOUND
-      proxy:
-        proxyVersion: '^1\.12.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_outbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_outbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
-    {{- end }}
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_INBOUND
-      proxy:
-        proxyVersion: '^1\.12.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_inbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_inbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
-  - applyTo: NETWORK_FILTER
-    match:
-      context: GATEWAY
-      proxy:
-        proxyVersion: '^1\.12.*'
-      listener:
-        filterChain:
-          filter:
-            name: "envoy.filters.network.tcp_proxy"
-    patch:
-      operation: INSERT_BEFORE
-      value:
-        name: istio.stackdriver
-        typed_config:
-          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-          type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
-          value:
-            config:
-              root_id: stackdriver_outbound
-              configuration:
-                "@type": "type.googleapis.com/google.protobuf.StringValue"
-                value: |
-                  {{- if not .Values.telemetry.v2.stackdriver.configOverride }}
-                  {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"}
-                  {{- else }}
-                  {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }}
-                  {{- end }}
-              vm_config:
-                vm_id: stackdriver_outbound
-                runtime: envoy.wasm.runtime.null
-                code:
-                  local: { inline_string: envoy.wasm.null.stackdriver }
----
-{{- if .Values.telemetry.v2.accessLogPolicy.enabled }}
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: stackdriver-sampling-accesslog-filter-1.12{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-  {{- if .Values.meshConfig.rootNamespace }}
-  namespace: {{ .Values.meshConfig.rootNamespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-    istio.io/rev: {{ .Values.revision | default "default" }}
-spec:
-  configPatches:
-    - applyTo: HTTP_FILTER
-      match:
-        context: SIDECAR_INBOUND
-        proxy:
-          proxyVersion: '1\.12.*'
-        listener:
-          filterChain:
-            filter:
-              name: "envoy.filters.network.http_connection_manager"
-              subFilter:
-                name: "istio.stackdriver"
-      patch:
-        operation: INSERT_BEFORE
-        value:
-          name: istio.access_log
-          typed_config:
-            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
-            type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
-            value:
-              config:
-                configuration:
-                  "@type": "type.googleapis.com/google.protobuf.StringValue"
-                  value: |
-                    {
-                      "log_window_duration": "{{ .Values.telemetry.v2.accessLogPolicy.logWindowDuration }}"
-                    }
-                vm_config:
-                  runtime: envoy.wasm.runtime.null
-                  code:
-                    local: { inline_string: "envoy.wasm.access_log_policy" }
----
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/templates/validatingwebhookconfiguration.yaml b/charts/tetrate-istio/istiod-tid/templates/validatingwebhookconfiguration.yaml
deleted file mode 100644
index 15102a174..000000000
--- a/charts/tetrate-istio/istiod-tid/templates/validatingwebhookconfiguration.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-{{- if .Values.global.configValidation }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-    istio: istiod
-    istio.io/rev: {{ .Values.revision | default "default" }}
-webhooks:
-  # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks
-  # are rejecting invalid configs on a per-revision basis.
-  - name: rev.validation.istio.io
-    clientConfig:
-      # Should change from base but cannot for API compat
-      {{- if .Values.base.validationURL }}
-      url: {{ .Values.base.validationURL }}
-      {{- else }}
-      service:
-        name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-        namespace: {{ .Values.global.istioNamespace }}
-        path: "/validate"
-      {{- end }}
-      caBundle: "" # patched at runtime when the webhook is ready.
-    rules:
-      - operations:
-          - CREATE
-          - UPDATE
-        apiGroups:
-          - security.istio.io
-          - networking.istio.io
-          - telemetry.istio.io
-          - extensions.istio.io
-        apiVersions:
-          - "*"
-        resources:
-          - "*"
-    # Fail open until the validation webhook is ready. The webhook controller
-    # will update this to `Fail` and patch in the `caBundle` when the webhook
-    # endpoint is ready.
-    failurePolicy: Ignore
-    sideEffects: None
-    admissionReviewVersions: ["v1beta1", "v1"]
-    objectSelector:
-      matchExpressions:
-        - key: istio.io/rev
-          operator: In
-          values:
-          {{- if (eq .Values.revision "") }}
-          - "default"
-          {{- else }}
-          - "{{ .Values.revision }}"
-          {{- end }}
----
-{{- end }}
diff --git a/charts/tetrate-istio/istiod-tid/values.yaml b/charts/tetrate-istio/istiod-tid/values.yaml
deleted file mode 100644
index bdfe79c4f..000000000
--- a/charts/tetrate-istio/istiod-tid/values.yaml
+++ /dev/null
@@ -1,536 +0,0 @@
-#.Values.pilot for discovery and mesh wide config
-
-## Discovery Settings
-pilot:
-  autoscaleEnabled: true
-  autoscaleMin: 1
-  autoscaleMax: 5
-  replicaCount: 1
-  rollingMaxSurge: 100%
-  rollingMaxUnavailable: 25%
-
-  hub: ""
-  tag: ""
-
-  # Can be a full hub/image:tag
-  image: pilot
-  traceSampling: 1.0
-
-  # Resources for a small pilot install
-  resources:
-    requests:
-      cpu: 500m
-      memory: 2048Mi
-
-  env: {}
-
-  cpu:
-    targetAverageUtilization: 80
-
-  # if protocol sniffing is enabled for outbound
-  enableProtocolSniffingForOutbound: true
-  # if protocol sniffing is enabled for inbound
-  enableProtocolSniffingForInbound: true
-
-  nodeSelector: {}
-  podAnnotations: {}
-  serviceAnnotations: {}
-
-  # You can use jwksResolverExtraRootCA to provide a root certificate
-  # in PEM format. This will then be trusted by pilot when resolving
-  # JWKS URIs.
-  jwksResolverExtraRootCA: ""
-
-  # This is used to set the source of configuration for
-  # the associated address in configSource, if nothing is specificed
-  # the default MCP is assumed.
-  configSource:
-    subscribedResources: []
-
-  plugins: []
-
-  # The following is used to limit how long a sidecar can be connected
-  # to a pilot. It balances out load across pilot instances at the cost of
-  # increasing system churn.
-  keepaliveMaxServerConnectionAge: 30m
-
-  # Additional labels to apply to the deployment.
-  deploymentLabels: {}
-
-
-  ## Mesh config settings
-
-  # Install the mesh config map, generated from values.yaml.
-  # If false, pilot wil use default values (by default) or user-supplied values.
-  configMap: true
-
-  # Additional labels to apply on the pod level for monitoring and logging configuration.
-  podLabels: {}
-
-
-sidecarInjectorWebhook:
-  # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or
-  # always skip the injection on pods that match that label selector, regardless of the global policy.
-  # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions
-  neverInjectSelector: []
-  alwaysInjectSelector: []
-
-  # injectedAnnotations are additional annotations that will be added to the pod spec after injection
-  # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations:
-  #
-  # annotations:
-  #   apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
-  #   apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
-  #
-  # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before
-  # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify:
-  # injectedAnnotations:
-  #   container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default
-  #   container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default
-  injectedAnnotations: {}
-
-  # This enables injection of sidecar in all namespaces,
-  # with the exception of namespaces with "istio-injection:disabled" annotation
-  # Only one environment should have this enabled.
-  enableNamespacesByDefault: false
-
-  # Enable objectSelector to filter out pods with no need for sidecar before calling istiod.
-  # It is enabled by default as the minimum supported Kubernetes version is 1.15+
-  objectSelector:
-    enabled: true
-    autoInject: true
-
-  rewriteAppHTTPProbe: true
-
-  # Templates defines a set of custom injection templates that can be used. For example, defining:
-  #
-  # templates:
-  #   hello: |
-  #     metadata:
-  #       labels:
-  #         hello: world
-  #
-  # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod
-  # being injected with the hello=world labels.
-  # This is intended for advanced configuration only; most users should use the built in template
-  templates: {}
-
-  # Default templates specifies a set of default templates that are used in sidecar injection.
-  # By default, a template `sidecar` is always provided, which contains the template of default sidecar. 
-  # To inject other additional templates, define it using the `templates` option, and add it to 
-  # the default templates list.
-  # For example:
-  #
-  # templates:
-  #   hello: |
-  #     metadata:
-  #       labels:
-  #         hello: world
-  #
-  # defaultTemplates: ["sidecar", "hello"]
-  defaultTemplates: []
-istiodRemote:
-  # Sidecar injector mutating webhook configuration clientConfig.url value.
-  # For example: https://$remotePilotAddress:15017/inject
-  # The host should not refer to a service running in the cluster; use a service reference by specifying
-  # the clientConfig.service field instead.
-  injectionURL: ""
-
-  # Sidecar injector mutating webhook configuration path value for the clientConfig.service field.
-  # Override to pass env variables, for example: /inject/cluster/remote/net/network2
-  injectionPath: "/inject"
-telemetry:
-  enabled: true
-  v2:
-    # For Null VM case now.
-    # This also enables metadata exchange.
-    enabled: true
-    metadataExchange:
-      # Indicates whether to enable WebAssembly runtime for metadata exchange filter.
-      wasmEnabled: false
-    # Indicate if prometheus stats filter is enabled or not
-    prometheus:
-      enabled: true
-      # Indicates whether to enable WebAssembly runtime for stats filter.
-      wasmEnabled: false
-      # overrides stats EnvoyFilter configuration.
-      configOverride:
-        gateway: {}
-        inboundSidecar: {}
-        outboundSidecar: {}
-    # stackdriver filter settings.
-    stackdriver:
-      enabled: false
-      logging: false
-      monitoring: false
-      topology: false # deprecated. setting this to true will have no effect, as this option is no longer supported.
-      disableOutbound: false
-      #  configOverride parts give you the ability to override the low level configuration params passed to envoy filter.
-
-      configOverride: {}
-      #  e.g.
-      #  disable_server_access_logging: false
-      #  disable_host_header_fallback: true
-    # Access Log Policy Filter Settings. This enables filtering of access logs from stackdriver.
-    accessLogPolicy:
-      enabled: false
-      # To reduce the number of successful logs, default log window duration is
-      # set to 12 hours.
-      logWindowDuration: "43200s"
-# Revision is set as 'version' label and part of the resource names when installing multiple control planes.
-revision: ""
-
-# Revision tags are aliases to Istio control plane revisions
-revisionTags: []
-
-# For Helm compatibility.
-ownerName: ""
-
-# meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior
-# See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options
-meshConfig:
-  enablePrometheusMerge: true
-  # Config for the default ProxyConfig.
-  # Initially using directly the proxy metadata - can also be activated using annotations
-  # on the pod. This is an unsupported low-level API, pending review and decisions on
-  # enabling the feature. Enabling the DNS listener is safe - and allows further testing
-  # and gradual adoption by setting capture only on specific workloads. It also allows
-  # VMs to use other DNS options, like dnsmasq or unbound.
-
-  # The namespace to treat as the administrative root namespace for Istio configuration.
-  # When processing a leaf namespace Istio will search for declarations in that namespace first
-  # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace
-  # is processed as if it were declared in the leaf namespace.
-
-  rootNamespace:
-
-  # The trust domain corresponds to the trust root of a system
-  # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
-  trustDomain: "cluster.local"
-
-  # TODO: the intent is to eventually have this enabled by default when security is used.
-  # It is not clear if user should normally need to configure - the metadata is typically
-  # used as an escape and to control testing and rollout, but it is not intended as a long-term
-  # stable API.
-
-  # What we may configure in mesh config is the ".global" - and use of other suffixes.
-  # No hurry to do this in 1.6, we're trying to prove the code.
-
-global:
-  # Used to locate istiod.
-  istioNamespace: istio-system
-  # enable pod disruption budget for the control plane, which is used to
-  # ensure Istio control plane components are gradually upgraded or recovered.
-  defaultPodDisruptionBudget:
-    enabled: true
-    # The values aren't mutable due to a current PodDisruptionBudget limitation
-    # minAvailable: 1
-
-  # A minimal set of requested resources to applied to all deployments so that
-  # Horizontal Pod Autoscaler will be able to function (if set).
-  # Each component can overwrite these default values by adding its own resources
-  # block in the relevant section below and setting the desired resources values.
-  defaultResources:
-    requests:
-      cpu: 10m
-    #   memory: 128Mi
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  # Default hub for Istio images.
-  # Releases are published to docker hub under 'istio' project.
-  # Dev builds from prow are on gcr.io
-  hub: containers.istio.tetratelabs.com
-  # Default tag for Istio images.
-  tag: 1.12.6-tetrate-v0
-
-  # Specify image pull policy if default behavior isn't desired.
-  # Default behavior: latest images will be Always else IfNotPresent.
-  imagePullPolicy: ""
-
-  # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace
-  # to use for pulling any images in pods that reference this ServiceAccount.
-  # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing)
-  # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects.
-  # Must be set for any cluster configured with private docker registry.
-  imagePullSecrets: []
-  # - private-registry-key
-
-  # Enabled by default in master for maximising testing.
-  istiod:
-    enableAnalysis: false
-
-  # To output all istio components logs in json format by adding --log_as_json argument to each container argument
-  logAsJson: false
-
-  # Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>
-  # The control plane has different scopes depending on component, but can configure default log level across all components
-  # If empty, default scope and level will be used as configured in code
-  logging:
-    level: "default:info"
-
-  omitSidecarInjectorConfigMap: false
-
-  # Whether to restrict the applications namespace the controller manages;
-  # If not set, controller watches all namespaces
-  oneNamespace: false
-
-  # Configure whether Operator manages webhook configurations. The current behavior
-  # of Istiod is to manage its own webhook configurations.
-  # When this option is set as true, Istio Operator, instead of webhooks, manages the
-  # webhook configurations. When this option is set as false, webhooks manage their
-  # own webhook configurations.
-  operatorManageWebhooks: false
-
-  # Custom DNS config for the pod to resolve names of services in other
-  # clusters. Use this to add additional search domains, and other settings.
-  # see
-  # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config
-  # This does not apply to gateway pods as they typically need a different
-  # set of DNS settings than the normal application pods (e.g., in
-  # multicluster scenarios).
-  # NOTE: If using templates, follow the pattern in the commented example below.
-  #podDNSSearchNamespaces:
-  #- global
-  #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global"
-
-  # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and
-  # system-node-critical, it is better to configure this in order to make sure your Istio pods
-  # will not be killed because of low priority class.
-  # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
-  # for more detail.
-  priorityClassName: ""
-
-  proxy:
-    image: proxyv2
-
-    # This controls the 'policy' in the sidecar injector.
-    autoInject: enabled
-
-    # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value
-    # cluster domain. Default value is "cluster.local".
-    clusterDomain: "cluster.local"
-
-    # Per Component log level for proxy, applies to gateways and sidecars. If a component level is
-    # not set, then the global "logLevel" will be used.
-    componentLogLevel: "misc:error"
-
-    # If set, newly injected sidecars will have core dumps enabled.
-    enableCoreDump: false
-
-    # istio ingress capture allowlist
-    # examples:
-    #     Redirect only selected ports:            --includeInboundPorts="80,8080"
-    excludeInboundPorts: ""
-    includeInboundPorts: "*"
-
-
-    # istio egress capture allowlist
-    # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly
-    # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16"
-    # would only capture egress traffic on those two IP Ranges, all other outbound traffic would
-    # be allowed by the sidecar
-    includeIPRanges: "*"
-    excludeIPRanges: ""
-    includeOutboundPorts: ""
-    excludeOutboundPorts: ""
-
-    # Log level for proxy, applies to gateways and sidecars.
-    # Expected values are: trace|debug|info|warning|error|critical|off
-    logLevel: warning
-
-    #If set to true, istio-proxy container will have privileged securityContext
-    privileged: false
-
-    # The number of successive failed probes before indicating readiness failure.
-    readinessFailureThreshold: 30
-
-    # The initial delay for readiness probes in seconds.
-    readinessInitialDelaySeconds: 1
-
-    # The period between readiness probes.
-    readinessPeriodSeconds: 2
-
-    # Resources for the sidecar.
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128Mi
-      limits:
-        cpu: 2000m
-        memory: 1024Mi
-
-    # Default port for Pilot agent health checks. A value of 0 will disable health checking.
-    statusPort: 15020
-
-    # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver.
-    # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file.
-    tracer: "zipkin"
-
-    # Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready
-    holdApplicationUntilProxyStarts: false
-
-  proxy_init:
-    # Base name for the proxy_init container, used to configure iptables.
-    image: proxyv2
-    resources:
-      limits:
-        cpu: 2000m
-        memory: 1024Mi
-      requests:
-        cpu: 10m
-        memory: 10Mi
-
-  # configure remote pilot and istiod service and endpoint
-  remotePilotAddress: ""
-
-  ##############################################################################################
-  # The following values are found in other charts. To effectively modify these values, make   #
-  # make sure they are consistent across your Istio helm charts                                #
-  ##############################################################################################
-
-  # The customized CA address to retrieve certificates for the pods in the cluster.
-  # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint.
-  # If not set explicitly, default to the Istio discovery address.
-  caAddress: ""
-
-  # Configure a remote cluster data plane controlled by an external istiod.
-  # When set to true, istiod is not deployed locally and only a subset of the other
-  # discovery charts are enabled.
-  externalIstiod: false
-
-  #  Configure a remote cluster as the config cluster for an external istiod.
-  configCluster: false
-
-  # Configure the policy for validating JWT.
-  # Currently, two options are supported: "third-party-jwt" and "first-party-jwt".
-  jwtPolicy: "third-party-jwt"
-
-  # Mesh ID means Mesh Identifier. It should be unique within the scope where
-  # meshes will interact with each other, but it is not required to be
-  # globally/universally unique. For example, if any of the following are true,
-  # then two meshes must have different Mesh IDs:
-  # - Meshes will have their telemetry aggregated in one place
-  # - Meshes will be federated together
-  # - Policy will be written referencing one mesh from the other
-  #
-  # If an administrator expects that any of these conditions may become true in
-  # the future, they should ensure their meshes have different Mesh IDs
-  # assigned.
-  #
-  # Within a multicluster mesh, each cluster must be (manually or auto)
-  # configured to have the same Mesh ID value. If an existing cluster 'joins' a
-  # multicluster mesh, it will need to be migrated to the new mesh ID. Details
-  # of migration TBD, and it may be a disruptive operation to change the Mesh
-  # ID post-install.
-  #
-  # If the mesh admin does not specify a value, Istio will use the value of the
-  # mesh's Trust Domain. The best practice is to select a proper Trust Domain
-  # value.
-  meshID: ""
-
-  # Configure the mesh networks to be used by the Split Horizon EDS.
-  #
-  # The following example defines two networks with different endpoints association methods.
-  # For `network1` all endpoints that their IP belongs to the provided CIDR range will be
-  # mapped to network1. The gateway for this network example is specified by its public IP
-  # address and port.
-  # The second network, `network2`, in this example is defined differently with all endpoints
-  # retrieved through the specified Multi-Cluster registry being mapped to network2. The
-  # gateway is also defined differently with the name of the gateway service on the remote
-  # cluster. The public IP for the gateway will be determined from that remote service (only
-  # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service,
-  # it still need to be configured manually).
-  #
-  # meshNetworks:
-  #   network1:
-  #     endpoints:
-  #     - fromCidr: "192.168.0.1/24"
-  #     gateways:
-  #     - address: 1.1.1.1
-  #       port: 80
-  #   network2:
-  #     endpoints:
-  #     - fromRegistry: reg1
-  #     gateways:
-  #     - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local
-  #       port: 443
-  #
-  meshNetworks: {}
-
-  # Use the user-specified, secret volume mounted key and certs for Pilot and workloads.
-  mountMtlsCerts: false
-
-  multiCluster:
-    # Set to true to connect two kubernetes clusters via their respective
-    # ingressgateway services when pods in each cluster cannot directly
-    # talk to one another. All clusters should be using Istio mTLS and must
-    # have a shared root CA for this model to work.
-    enabled: false
-    # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection
-    # to properly label proxies
-    clusterName: ""
-
-  # Network defines the network this cluster belong to. This name
-  # corresponds to the networks in the map of mesh networks.
-  network: ""
-
-  # Configure the certificate provider for control plane communication.
-  # Currently, two providers are supported: "kubernetes" and "istiod".
-  # As some platforms may not have kubernetes signing APIs,
-  # Istiod is the default
-  pilotCertProvider: istiod
-
-  sds:
-    # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3.
-    # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the
-    # JWT is intended for the CA.
-    token:
-      aud: istio-ca
-
-  sts:
-    # The service port used by Security Token Service (STS) server to handle token exchange requests.
-    # Setting this port to a non-zero value enables STS server.
-    servicePort: 0
-
-  # Configuration for each of the supported tracers
-  tracer:
-    # Configuration for envoy to send trace data to LightStep.
-    # Disabled by default.
-    # address: the <host>:<port> of the satellite pool
-    # accessToken: required for sending data to the pool
-    #
-    datadog:
-      # Host:Port for submitting traces to the Datadog agent.
-      address: "$(HOST_IP):8126"
-    lightstep:
-      address: ""                # example: lightstep-satellite:443
-      accessToken: ""            # example: abcdefg1234567
-    stackdriver:
-      # enables trace output to stdout.
-      debug: false
-      # The global default max number of message events per span.
-      maxNumberOfMessageEvents: 200
-      # The global default max number of annotation events per span.
-      maxNumberOfAnnotations: 200
-      # The global default max number of attributes per span.
-      maxNumberOfAttributes: 200
-    zipkin:
-      # Host:Port for reporting trace data in zipkin format. If not specified, will default to
-      # zipkin service (port 9411) in the same namespace as the other istio components.
-      address: ""
-
-  # Use the Mesh Control Protocol (MCP) for configuring Istiod. Requires an MCP source.
-  useMCP: false
-
-  # The name of the CA for workload certificates.
-  # For example, when caName=GkeWorkloadCertificate, GKE workload certificates
-  # will be used as the certificates for workloads.
-  # The default value is "" and when caName="", the CA will be configured by other
-  # mechanisms (e.g., environmental variable CA_PROVIDER).
-  caName: ""
-
-base:
-  # For istioctl usage to disable istio config crds in base
-  enableIstioConfigCRDs: true
diff --git a/charts/universal-crossplane/universal-crossplane/Chart.yaml b/charts/universal-crossplane/universal-crossplane/Chart.yaml
deleted file mode 100644
index 938496349..000000000
--- a/charts/universal-crossplane/universal-crossplane/Chart.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-annotations:
-  catalog.cattle.io/certified: partner
-  catalog.cattle.io/display-name: Upbound Universal Crossplane
-  catalog.cattle.io/release-name: universal-crossplane
-apiVersion: v1
-appVersion: 1.6.1001
-description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-  distribution of Crossplane.
-home: https://upbound.io
-icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-keywords:
-- cloud
-- infrastructure
-- services
-- application
-- database
-- cache
-- bucket
-- infra
-- app
-- ops
-- oam
-- gcp
-- azure
-- aws
-- alibaba
-- cloudsql
-- rds
-- s3
-- azuredatabase
-- asparadb
-- gke
-- aks
-- eks
-kubeVersion: '>= 1.15'
-maintainers:
-- email: info@upbound.io
-  name: Upbound Inc.
-name: universal-crossplane
-version: 1.6.100101
diff --git a/charts/universal-crossplane/universal-crossplane/app-readme.md b/charts/universal-crossplane/universal-crossplane/app-readme.md
deleted file mode 100644
index c6d8ecfe0..000000000
--- a/charts/universal-crossplane/universal-crossplane/app-readme.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Upbound Universal Crossplane (UXP)
-
-Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes.
-
-## Connecting to Upbound Cloud
-
-You can optionally connect your Universal Crossplane instance to Upbound Cloud.
-Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console.
-
-1. Install Upbound CLI
-
-	You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli).
-
-	```
-	curl -sL https://cli.upbound.io | sh
-	```
-
-2. Log in to Upbound Cloud
-
-	```
-	up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT
-	```
-
-	Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens):
-
-	```
-	up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN
-	```
-
-3. Create a Self-Hosted Control Plane
-
-	```
-	up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher
-	```
-
-4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/questions.yaml b/charts/universal-crossplane/universal-crossplane/questions.yaml
deleted file mode 100644
index c5cb628bf..000000000
--- a/charts/universal-crossplane/universal-crossplane/questions.yaml
+++ /dev/null
@@ -1,184 +0,0 @@
-questions:
-# Upbound Cloud configuration
-- variable: upbound.controlPlane.token
-  label: upbound.controlPlane.token
-  required: false
-  type: password
-  description: Token used to connect Upbound Cloud
-  group: "Upbound Cloud"
-- variable: upbound.controlPlane.permission
-  label: upbound.controlPlane.permission
-  required: false
-  type: enum
-  default: "edit"
-  options:
-  - "edit"
-  - "view"
-  description: Cluster permissions for Upbound Cloud
-  group: "Upbound Cloud"
-# Basic Crossplane configuration
-- variable: replicas
-  label: replicas
-  description: Number of replicas to run for Crossplane pods
-  type: int
-  default: 1
-  required: true
-  group: "Crossplane"
-# Advanced Crossplane configuration
-- variable: advancedCrossplaneConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "Crossplane"
-  subquestions:
-  - variable: leaderElection
-    label: leaderElection
-    description: "Enable leader election for Crossplane Managers pod"
-    type: boolean
-    default: true
-    required: false
-    group: "Crossplane"
-  - variable: deploymentStrategy
-    label: deploymentStrategy
-    description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods"
-    type: enum
-    default: "RollingUpdate"
-    options:
-    - "RollingUpdate"
-    - "Recreate"
-    required: true
-    group: "Crossplane"
-  - variable: priorityClassName
-    label: priorityClassName
-    description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods"
-    type: string
-    required: false
-    group: "Crossplane"
-  - variable: metrics.enabled
-    label: metrics.enabled
-    description: "Expose Crossplane and RBAC Manager metrics endpoint"
-    type: boolean
-    required: false
-    group: "Crossplane"
-# Basic Crossplane RBAC Manager configuration
-- variable: rbacManager.deploy
-  label: rbacManager.deploy
-  description: "Deploy RBAC Manager"
-  type: boolean
-  default: true
-  required: true
-  group: "Crossplane RBAC Manager"
-- variable: rbacManager.replicas
-  label: rbacManager.replicas
-  description: "The number of replicas to run for the RBAC Manager pods"
-  type: int
-  default: 1
-  required: true
-  group: "Crossplane RBAC Manager"
-# Advanced Crossplane RBAC Manager configuration
-- variable: advancedRBACManagerConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "Crossplane RBAC Manager"
-  subquestions:
-  - variable: rbacManager.leaderElection
-    label: rbacManager.leaderElection
-    description: "Enable leader election for RBAC Managers pod"
-    type: boolean
-    default: true
-    group: "Crossplane RBAC Manager"
-  - variable: rbacManager.managementPolicy
-    label: rbacManager.managementPolicy
-    description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles.
-    type: enum
-    default: "Basic"
-    options:
-    - "Basic"
-    - "All"
-    required: true
-    group: "Crossplane RBAC Manager"
-  - variable: rbacManager.skipAggregatedClusterRoles
-    label: rbacManager.skipAggregatedClusterRoles
-    description: "Opt out of deploying aggregated ClusterRoles"
-    type: boolean
-    default: true
-    group: "Crossplane RBAC Manager"
-# Basic Package configuration
-- variable: provider.packages
-  label: provider.packages
-  description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience.
-  type: string
-  required: false
-  group: "Packages"
-- variable: configuration.packages
-  label: configuration.packages
-  description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience.
-  type: string
-  required: false
-  group: "Packages"
-# Advanced Package configuration
-- variable: advancedPackageConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "Packages"
-  subquestions:
-  - variable: packageCache.sizeLimit
-    label: packageCache.sizeLimit
-    description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod"
-    type: string
-    default: "5Mi"
-    group: "Packages"
-  - variable: packageCache.medium
-    label: packageCache.medium
-    description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development"
-    type: string
-    group: "Packages"
-  - variable: packageCache.pvc
-    label: packageCache.pvc
-    description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted"
-    type: string
-    group: "Packages"
-# Basic XGQL configuration
-- variable: xgql.config.debugMode
-  label: xgql.config.debugMode
-  description: "Enable debug mode for XGQL"
-  type: boolean
-  default: false
-  group: "XGQL"
-# Advanced Crossplane configuration
-- variable: advancedXGQLConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "XGQL"
-  subquestions:
-  - variable: xgql.metrics.enabled
-    label: xgql.metrics.enabled
-    description: "Expose XGQL metrics endpoint"
-    type: boolean
-    required: false
-    group: "XGQL"
-# Basic Agent configuration
-- variable: agent.config.debugMode
-  label: agent.config.debugMode
-  description: "Enable debug mode for Upbound Agent"
-  type: boolean
-  default: false
-  group: "Upbound Agent"
-# Basic Bootstrapper configuration
-- variable: bootstrapper.config.debugMode
-  label: bootstrapper.config.debugMode
-  description: "Enable debug mode for Bootstrapper"
-  type: boolean
-  default: false
-  group: "Bootstrapper"
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/NOTES.txt b/charts/universal-crossplane/universal-crossplane/templates/NOTES.txt
deleted file mode 100644
index 33260c04f..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/NOTES.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-By proceeding, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html
-
-✨ Thank you for installing Universal Crossplane!
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-🚀 You can now connect your cluster to Upbound Cloud!
-
-Example command:
-{{ if eq .Values.upbound.controlPlane.permission "edit" }}
-$ up cloud controlplane attach <control plane name> | \
-up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} -
-{{- else if eq .Values.upbound.controlPlane.permission "view" }}
-$ up cloud controlplane attach --view-only <control plane name> | \
-up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} -
-{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/templates/_helpers.tpl
deleted file mode 100644
index ee3512b01..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/_helpers.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Common labels
-*/}}
-{{- define "labels" -}}
-helm.sh/chart: {{ include "crossplane.chart" . }}
-{{ include "selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "selectorLabels" -}}
-app.kubernetes.io/name: {{ include "crossplane.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/_helpers.tpl
deleted file mode 100644
index bdca1ae09..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/_helpers.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "bootstrapper-name" -}}
-{{- "upbound-bootstrapper" -}}
-{{- end -}}
-
-{{/*
-Labels - bootstrapper
-*/}}
-{{- define "labelsBootstrapper" -}}
-{{ include "labels" . }}
-app.kubernetes.io/component: bootstrapper
-{{- end }}
-
-{{/*
-Selector labels - bootstrapper
-*/}}
-{{- define "selectorLabelsBootstrapper" -}}
-{{ include "selectorLabels" . }}
-app.kubernetes.io/component: bootstrapper
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrole.yaml
deleted file mode 100644
index 162abdd7a..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrole.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "bootstrapper-name" . }}
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-rules:
-  # Bootstrapper needs to identify the cluster uniquely and it does that by using
-  # UID of kube-system namespace.
-  - apiGroups:
-    - ""
-    resources:
-    - namespaces
-    resourceNames:
-    - "kube-system"
-    verbs:
-    - "get"
-  # Controller-runtime requires watch and list permissions to build its resource
-  # cache of the kind that any client query is made for.
-  - apiGroups:
-    - ""
-    resources:
-    - namespaces
-    verbs:
-    - "list"
-    - "watch"
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrolebinding.yaml
deleted file mode 100644
index 33fd634cd..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/clusterrolebinding.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "bootstrapper-name" . }}
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "bootstrapper-name" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "bootstrapper-name" . }}
-    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/deployment.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/deployment.yaml
deleted file mode 100644
index 0030f4139..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/deployment.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "bootstrapper-name" . }}
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      {{- include "selectorLabelsBootstrapper" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "selectorLabelsBootstrapper" . | nindent 8 }}
-    spec:
-      serviceAccountName: {{ template "bootstrapper-name" . }}
-      {{- if .Values.billing.awsMarketplace.enabled }}
-      securityContext:
-        # Providing this is not required for 1.19 or later clusters.
-        # See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
-        fsGroup: 1337
-      {{- end }}
-      {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- range $index, $secret := .Values.imagePullSecrets }}
-      - name: {{ $secret }}
-      {{- end }}
-      {{ end }}
-      containers:
-        - name: bootstrapper
-          image: "{{ .Values.bootstrapper.image.repository }}:{{ .Values.bootstrapper.image.tag }}"
-          args:
-            - start
-            - --namespace
-            - {{ .Release.Namespace }}
-            - --upbound-api-url
-            - {{ .Values.upbound.apiURL }}
-            - --upbound-token-secret
-            - {{ .Values.upbound.controlPlane.tokenSecretName }}
-            - --agent-manifest
-            - {{ include "agent-spec" . | b64enc }}
-            - --controller
-            - upbound-agent
-            - --controller
-            - tls-secrets
-          {{- if .Values.billing.awsMarketplace.enabled }}
-            - --controller
-            - aws-marketplace
-          {{- end }}
-          {{- if .Values.bootstrapper.config.debugMode }}
-            - "--debug"
-          {{- end }}
-          {{- range $arg := .Values.bootstrapper.config.args }}
-            - {{ $arg }}
-          {{- end }}
-          env:
-          {{- range $key, $value := .Values.bootstrapper.config.envVars }}
-            - name: {{ $key | replace "." "_" }}
-              value: {{ $value | quote }}
-          {{- end}}
-          imagePullPolicy: {{ .Values.bootstrapper.image.pullPolicy }}
-          resources:
-            {{- toYaml .Values.bootstrapper.resources | nindent 12 }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/role.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/role.yaml
deleted file mode 100644
index cb19df19f..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/role.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "bootstrapper-name" . }}
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "update", "patch", "delete"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["watch", "list"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "update", "patch"]
-    resourceNames:
-    - uxp-ca
-    - upbound-agent-public-certs
-    - upbound-agent-tls
-    - xgql-tls
-    - {{ .Values.upbound.controlPlane.tokenSecretName }}
-    {{- if .Values.billing.awsMarketplace.enabled }}
-    - upbound-entitlement
-    {{- end}}
-  - apiGroups: ["apps"]
-    resources: ["deployments"]
-    verbs: ["create", "update", "watch", "list"]
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/rolebinding.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/rolebinding.yaml
deleted file mode 100644
index aa41bb33a..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/rolebinding.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "bootstrapper-name" . }}
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "bootstrapper-name" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "bootstrapper-name" . }}
-    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/secret-entitlement.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/secret-entitlement.yaml
deleted file mode 100644
index 7e311b629..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/secret-entitlement.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-{{- if .Values.billing.awsMarketplace.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: upbound-entitlement
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-type: Opaque
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/serviceaccount.yaml
deleted file mode 100644
index 1768272a3..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/serviceaccount.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "bootstrapper-name" . }}
-  {{- if and .Values.billing.awsMarketplace.enabled .Values.billing.awsMarketplace.iamRoleARN }}
-  annotations:
-    eks.amazonaws.com/role-arn: {{ .Values.billing.awsMarketplace.iamRoleARN | quote }}
-  {{- end }}
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/uxp-ca-tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/uxp-ca-tls-secret.yaml
deleted file mode 100644
index 07163971e..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/uxp-ca-tls-secret.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: uxp-ca
-  labels:
-    {{- include "labels" . | nindent 4 }}
-type: Opaque
diff --git a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/versions-configmap.yaml b/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/versions-configmap.yaml
deleted file mode 100644
index 008b62988..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/bootstrapper/versions-configmap.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: universal-crossplane-config
-  labels:
-    {{- include "labelsBootstrapper" . | nindent 4 }}
-data:
-  crossplaneVersion: {{ (trimPrefix "v" .Values.image.tag) }}
-  xgqlVersion: {{ (trimPrefix "v" .Values.xgql.image.tag) }}
-  agentVersion: {{ (trimPrefix "v" .Values.agent.image.tag) }}
-  uxpVersion: {{ .Chart.Version }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/NOTES.txt b/charts/universal-crossplane/universal-crossplane/templates/crossplane/NOTES.txt
deleted file mode 100644
index f1c8a0c63..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/NOTES.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Release: {{.Release.Name}}
-
-Chart Name: {{.Chart.Name}}
-Chart Description: {{.Chart.Description}}
-Chart Version: {{.Chart.Version}}
-Chart Application Version: {{.Chart.AppVersion}}
-
-Kube Version: {{.Capabilities.KubeVersion}}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/templates/crossplane/_helpers.tpl
deleted file mode 100644
index d9392f400..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/_helpers.tpl
+++ /dev/null
@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "crossplane.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "crossplane.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Generate basic labels
-*/}}
-{{- define "crossplane.labels" }}
-helm.sh/chart: {{ include "crossplane.chart" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/component: cloud-infrastructure-controller
-app.kubernetes.io/part-of: {{ template "crossplane.name" . }}
-app.kubernetes.io/name: {{ include "crossplane.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels }}
-{{- end }}
-{{- end }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrole.yaml
deleted file mode 100644
index 1e9754ffe..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrole.yaml
+++ /dev/null
@@ -1,89 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-crossplane: "true"
-rules: []
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:system:aggregate-to-crossplane
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-    crossplane.io/scope: "system"
-    rbac.crossplane.io/aggregate-to-crossplane: "true"
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - "*"
-- apiGroups:
-  - apiextensions.crossplane.io
-  - pkg.crossplane.io
-  resources:
-  - "*"
-  verbs:
-  - "*"
-- apiGroups:
-  - extensions
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - delete
-  - watch
-- apiGroups:
-  - ""
-  - coordination.k8s.io
-  resources:
-  - configmaps
-  - leases
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrolebinding.yaml
deleted file mode 100644
index 695603a49..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/clusterrolebinding.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "crossplane.name" . }}
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "crossplane.name" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "crossplane.name" . }}
-  namespace: {{ .Release.Namespace }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/deployment.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/deployment.yaml
deleted file mode 100644
index 163c9e4b5..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/deployment.yaml
+++ /dev/null
@@ -1,122 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "crossplane.name" . }}
-  labels:
-    app: {{ template "crossplane.name" . }}
-    release: {{ .Release.Name }}
-    {{- include "crossplane.labels" . | indent 4 }}
-spec:
-  replicas: {{ .Values.replicas }}
-  selector:
-    matchLabels:
-      app: {{ template "crossplane.name" . }}
-      release: {{ .Release.Name }}
-  strategy:
-    type: {{ .Values.deploymentStrategy }}
-  template:
-    metadata:
-      {{- if .Values.metrics.enabled }}
-      annotations:
-        prometheus.io/path: /metrics
-        prometheus.io/port: "8080"
-        prometheus.io/scrape: "true"
-      {{- end }}
-      labels:
-        app: {{ template "crossplane.name" . }}
-        release: {{ .Release.Name }}
-        {{- include "crossplane.labels" . | indent 8 }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContextCrossplane | nindent 8 }}
-      {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName  | quote }}
-      {{- end }}
-      serviceAccountName: {{ template "crossplane.name" . }}
-      initContainers:
-        - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-          args:
-          - core
-          - init
-          {{- range $arg := .Values.provider.packages }}
-          - --provider
-          - "{{ $arg }}"
-          {{- end }}
-          {{- range $arg := .Values.configuration.packages }}
-          - --configuration
-          - "{{ $arg }}"
-          {{- end }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          name: {{ .Chart.Name }}-init
-          resources:
-            {{- toYaml .Values.resourcesCrossplane | nindent 12 }}
-          securityContext:
-            {{- toYaml .Values.securityContextCrossplane | nindent 12 }}
-      containers:
-      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        args:
-        - core
-        - start
-        {{- range $arg := .Values.args }}
-        - {{ $arg }}
-        {{- end }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        name: {{ .Chart.Name }}
-        resources:
-          {{- toYaml .Values.resourcesCrossplane | nindent 12 }}
-        {{- if .Values.metrics.enabled }}
-        ports:
-        - name: metrics
-          containerPort: 8080
-        {{- end }}
-        securityContext:
-          {{- toYaml .Values.securityContextCrossplane | nindent 12 }}
-        env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: LEADER_ELECTION
-            value: "{{ .Values.leaderElection }}"
-          {{- if .Values.registryCaBundleConfig.key }}
-          - name: CA_BUNDLE_PATH
-            value: "/certs/{{ .Values.registryCaBundleConfig.key }}"
-          {{- end}}
-        {{- range $key, $value := .Values.extraEnvVarsCrossplane }}
-          - name: {{ $key | replace "." "_" }}
-            value: {{ $value | quote }}
-        {{- end}}
-        volumeMounts:
-          - mountPath: /cache
-            name: package-cache
-            {{- if .Values.registryCaBundleConfig.name }}
-          - mountPath: /certs
-            name: ca-certs
-            {{- end }}
-      volumes:
-      - name: package-cache
-        {{- if .Values.packageCache.pvc }}
-        persistentVolumeClaim:
-          claimName: {{ .Values.packageCache.pvc }}
-        {{- else }}
-        emptyDir:
-          medium: {{ .Values.packageCache.medium }}
-          sizeLimit: {{ .Values.packageCache.sizeLimit }}
-        {{- end }}
-      {{- if .Values.registryCaBundleConfig.name }}
-      - name: ca-certs
-        configMap:
-          name: {{ .Values.registryCaBundleConfig.name }}
-          items:
-            - key: {{ .Values.registryCaBundleConfig.key }}
-              path: {{ .Values.registryCaBundleConfig.key }}
-      {{- end }}
-      {{- if .Values.nodeSelector }}
-      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
-      {{- end }}
-      {{- if .Values.tolerations }}
-      tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
-      {{- end }}
-      {{- if .Values.affinity }}
-      affinity: {{ toYaml .Values.affinity | nindent 8 }}
-      {{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml
deleted file mode 100644
index 9a373ffff..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if .Values.rbacManager.deploy }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:allowed-provider-permissions
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
-{{- end}}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrole.yaml
deleted file mode 100644
index 92ec148b4..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrole.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-{{- if .Values.rbacManager.deploy }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}-rbac-manager
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources:
-  - compositeresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - pkg.crossplane.io
-  resources:
-  - providerrevisions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  - roles
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  # The RBAC manager may grant access it does not have.
-  - escalate
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  verbs:
-  - bind
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterrolebindings
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  - coordination.k8s.io
-  resources:
-  - configmaps
-  - leases
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
-{{- end}}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrolebinding.yaml
deleted file mode 100644
index 56e0300ba..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-clusterrolebinding.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if .Values.rbacManager.deploy }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "crossplane.name" . }}-rbac-manager
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "crossplane.name" . }}-rbac-manager
-subjects:
-- kind: ServiceAccount
-  name: rbac-manager
-  namespace: {{ .Release.Namespace }}
-{{- end}}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-deployment.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-deployment.yaml
deleted file mode 100644
index 78467d29a..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-deployment.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
-{{- if .Values.rbacManager.deploy }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "crossplane.name" . }}-rbac-manager
-  labels:
-    app: {{ template "crossplane.name" . }}-rbac-manager
-    release: {{ .Release.Name }}
-    {{- include "crossplane.labels" . | indent 4 }}
-spec:
-  replicas: {{ .Values.rbacManager.replicas }}
-  selector:
-    matchLabels:
-      app: {{ template "crossplane.name" . }}-rbac-manager
-      release: {{ .Release.Name }}
-  strategy:
-    type: {{ .Values.deploymentStrategy }}
-  template:
-    metadata:
-      {{- if .Values.metrics.enabled }}
-      annotations:
-        prometheus.io/path: /metrics
-        prometheus.io/port: "8080"
-        prometheus.io/scrape: "true"
-      {{- end }}
-      labels:
-        app: {{ template "crossplane.name" . }}-rbac-manager
-        release: {{ .Release.Name }}
-        {{- include "crossplane.labels" . | indent 8 }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContextRBACManager | nindent 8 }}
-      {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName | quote }}
-      {{- end }}
-      serviceAccountName: rbac-manager
-      initContainers:
-      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        args:
-        - rbac
-        - init
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        name: {{ .Chart.Name }}-init
-        resources:
-          {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
-        securityContext:
-          {{- toYaml .Values.securityContextRBACManager | nindent 12 }}
-      containers:
-      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        args:
-        - rbac
-        - start
-        {{- if .Values.rbacManager.managementPolicy }}
-        - --manage={{ .Values.rbacManager.managementPolicy }}
-        {{- end }}
-        {{- range $arg := .Values.rbacManager.args }}
-        - {{ $arg }}
-        {{- end }}
-        - --provider-clusterrole={{ template "crossplane.name" . }}:allowed-provider-permissions
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        name: {{ .Chart.Name }}
-        resources:
-          {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
-        {{- if .Values.metrics.enabled }}
-        ports:
-        - name: metrics
-          containerPort: 8080
-        {{- end }}
-        securityContext:
-          {{- toYaml .Values.securityContextRBACManager | nindent 12 }}
-        env:
-          - name: LEADER_ELECTION
-            value: "{{ .Values.rbacManager.leaderElection }}"
-        {{- range $key, $value := .Values.extraEnvVarsRBACManager }}
-          - name: {{ $key | replace "." "_" }}
-            value: {{ $value | quote }}
-        {{- end}}
-      {{- if .Values.rbacManager.nodeSelector }}
-      nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }}
-      {{- end }}
-      {{- if .Values.rbacManager.tolerations }}
-      tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 8 }}
-      {{- end }}
-      {{- if .Values.rbacManager.affinity }}
-      affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }}
-      {{- end }}
-{{- end}}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-managed-clusterroles.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-managed-clusterroles.yaml
deleted file mode 100644
index 3894f95fa..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-managed-clusterroles.yaml
+++ /dev/null
@@ -1,260 +0,0 @@
-{{- if .Values.rbacManager.deploy }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "crossplane.name" . }}-admin
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "crossplane.name" . }}-admin
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: {{ template "crossplane.name" . }}:masters
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}-admin
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-admin: "true"
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}-edit
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-edit: "true"
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}-view
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-view: "true"
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}-browse
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-browse: "true"
-{{- if not .Values.rbacManager.skipAggregatedClusterRoles }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-admin
-  labels:
-    rbac.crossplane.io/aggregate-to-admin: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane administrators have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane administrators must create provider credential secrets, and may
-# need to read or otherwise interact with connection secrets. They may also need
-# to create or annotate namespaces.
-- apiGroups: [""]
-  resources: [secrets, namespaces]
-  verbs: ["*"]
-# Crossplane administrators have access to view the roles that they may be able
-# to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [clusterroles, roles]
-  verbs: [get, list, watch]
-# Crossplane administrators have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [clusterrolebindings, rolebindings]
-  verbs: ["*"]
-# Crossplane administrators have full access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: ["*"]
-# Crossplane administrators have access to view CRDs in order to debug XRDs.
-- apiGroups: [apiextensions.k8s.io]
-  resources: [customresourcedefinitions]
-  verbs: [get, list, watch]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-edit: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane editors have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane editors must create provider credential secrets, and may need to
-# read or otherwise interact with connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
-# Crossplane editors may see which namespaces exist, but not edit them.
-- apiGroups: [""]
-  resources: [namespaces]
-  verbs: [get, list, watch]
-# Crossplane editors have full access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-view
-  labels:
-    rbac.crossplane.io/aggregate-to-view: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane viewers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane viewers may see which namespaces exist.
-- apiGroups: [""]
-  resources: [namespaces]
-  verbs: [get, list, watch]
-# Crossplane viewers have read-only access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: [get, list, watch]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: [get, list, watch]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-browse
-  labels:
-    rbac.crossplane.io/aggregate-to-browse: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane browsers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane browsers have read-only access to compositions and XRDs. This
-# allows them to discover and select an appropriate composition when creating a
-# resource claim.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: [get, list, watch]
-{{- if .Values.rbacManager.managementPolicy }}
----
-# The below ClusterRoles are aggregated to the namespaced RBAC roles created by
-# the Crossplane RBAC manager when it is running in --manage=All mode.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-ns-admin
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-admin: "true"
-    rbac.crossplane.io/base-of-ns-admin: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane namespace admins have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane namespace admins may need to read or otherwise interact with
-# resource claim connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
-# Crossplane namespace admins have access to view the roles that they may be
-# able to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [roles]
-  verbs: [get, list, watch]
-# Crossplane namespace admins have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [rolebindings]
-  verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-ns-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-edit: "true"
-    rbac.crossplane.io/base-of-ns-edit: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane namespace editors have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane namespace editors may need to read or otherwise interact with
-# resource claim connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-ns-view
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-view: "true"
-    rbac.crossplane.io/base-of-ns-view: "true"
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-rules:
-# Crossplane namespace viewers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-serviceaccount.yaml
deleted file mode 100644
index 7550aff86..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/rbac-manager-serviceaccount.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-{{- if .Values.rbacManager.deploy }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: rbac-manager
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-{{- if .Values.imagePullSecrets }}
-imagePullSecrets:
-{{- range $index, $secret := .Values.imagePullSecrets }}
-- name: {{ $secret }}
-{{- end }}
-{{- end }}
-{{- end}}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/crossplane/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/templates/crossplane/serviceaccount.yaml
deleted file mode 100644
index a18241d4d..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/crossplane/serviceaccount.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "crossplane.name" . }}
-  labels:
-    app: {{ template "crossplane.name" . }}
-    {{- include "crossplane.labels" . | indent 4 }}
-  {{- with .Values.serviceAccount.customAnnotations }}
-  annotations: {{ toYaml . | nindent 4 }}
-  {{- end }}
-{{- if .Values.imagePullSecrets }}
-imagePullSecrets:
-{{- range $index, $secret := .Values.imagePullSecrets }}
-- name: {{ $secret }}
-{{- end }}
-{{ end }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_deployment-spec.tpl b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_deployment-spec.tpl
deleted file mode 100644
index 281f34e72..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_deployment-spec.tpl
+++ /dev/null
@@ -1,87 +0,0 @@
-{{- define "agent-spec" -}}
-replicas: 1
-selector:
-  matchLabels:
-    {{- include "selectorLabelsAgent" . | nindent 8 }}
-template:
-  metadata:
-    labels:
-      {{- include "selectorLabelsAgent" . | nindent 10 }}
-  spec:
-    serviceAccountName: {{ template "agent-name" . }}
-    {{- if .Values.imagePullSecrets }}
-    imagePullSecrets:
-    {{- range $index, $secret := .Values.imagePullSecrets }}
-    - name: {{ $secret }}
-    {{- end }}
-    {{ end }}
-    containers:
-      - name: agent
-        image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}"
-        args:
-        - agent
-        - --tls-cert-file
-        - /etc/certs/upbound-agent/tls.crt
-        - --tls-key-file
-        - /etc/certs/upbound-agent/tls.key
-        - --xgql-ca-bundle-file
-        - /etc/certs/upbound-agent/ca.crt
-        - --nats-endpoint
-        - nats://{{ .Values.upbound.connectHost }}:{{ .Values.upbound.connectPort | default "443" }}
-        - --upbound-api-endpoint
-        - {{ .Values.upbound.apiURL }}
-        {{- if .Values.agent.config.debugMode }}
-        - "--debug"
-        {{- end }}
-        {{- range $arg := .Values.agent.config.args }}
-        - {{ $arg }}
-        {{- end }}
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: CONTROL_PLANE_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.upbound.controlPlane.tokenSecretName }}
-              key: token
-        {{- range $key, $value := .Values.agent.config.envVars }}
-        - name: {{ $key | replace "." "_" }}
-          value: {{ $value | quote }}
-        {{- end}}
-        imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
-        ports:
-        - name: agent
-          containerPort: 6443
-          protocol: TCP
-        resources:
-          {{- toYaml .Values.agent.resources | nindent 14 }}
-        readinessProbe:
-          httpGet:
-            scheme: HTTPS
-            path: /readyz
-            port: 6443
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-          periodSeconds: 5
-          failureThreshold: 3
-        livenessProbe:
-          httpGet:
-            scheme: HTTPS
-            path: /livez
-            port: 6443
-          initialDelaySeconds: 10
-          timeoutSeconds: 5
-          periodSeconds: 30
-          failureThreshold: 5
-        volumeMounts:
-          - mountPath: /etc/certs/upbound-agent
-            name: certs
-            readOnly: true
-    volumes:
-      - name: certs
-        secret:
-          defaultMode: 420
-          secretName: upbound-agent-tls
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_helpers.tpl
deleted file mode 100644
index 4db04bfaa..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/_helpers.tpl
+++ /dev/null
@@ -1,22 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "agent-name" -}}
-{{- "upbound-agent" -}}
-{{- end -}}
-
-{{/*
-Labels - agent
-*/}}
-{{- define "labelsAgent" -}}
-{{ include "labels" . }}
-app.kubernetes.io/component: agent
-{{- end }}
-
-{{/*
-Selector labels - agent
-*/}}
-{{- define "selectorLabelsAgent" -}}
-{{ include "selectorLabels" . }}
-app.kubernetes.io/component: agent
-{{- end }}
-
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrole.yaml
deleted file mode 100644
index 9dc24441e..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrole.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "agent-name" . }}
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    resourceNames: ["kube-system"]
-    verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "agent-name" . }}-impersonator
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["users"]
-    verbs: ["impersonate"]
-    resourceNames: ["upbound-cloud-impersonator"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["userextras/upbound-id"]
-    verbs: ["impersonate"]
-  - apiGroups: [""]
-    resources: ["groups"]
-    resourceNames:
-    # system:authenticated is required for calls to discovery API. Some Kubernetes
-    # clients like kubectl use it to figure out exactly which endpoints to call
-    # for given arguments.
-    - "system:authenticated"
-    - "upbound:view"
-{{- if eq .Values.upbound.controlPlane.permission "edit" }}
-    - "upbound:edit"
-{{- end }}
-    verbs: ["impersonate"]
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings-managed.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings-managed.yaml
deleted file mode 100644
index 030baa268..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings-managed.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "crossplane.name" . }}-view
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "crossplane.name" . }}-view
-subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: upbound:view
-{{- if eq .Values.upbound.controlPlane.permission "edit" }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "crossplane.name" . }}-edit
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "crossplane.name" . }}-edit
-subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: upbound:edit
-{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings.yaml
deleted file mode 100644
index ec99faf43..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterrolebindings.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "agent-name" . }}
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "agent-name" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "agent-name" . }}
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "agent-name" . }}-impersonator
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "agent-name" . }}-impersonator
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "agent-name" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterroles-managed.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterroles-managed.yaml
deleted file mode 100644
index 4e2637903..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/clusterroles-managed.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-# There are more permissions in upstream aggregated ClusterRoles than we'd like
-# to have, so, we have our own ClusterRoles with only the permissions we need.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-view
-  labels:
-    rbac.crossplane.io/aggregate-to-view: "true"
-    {{- include "labelsAgent" . | nindent 4 }}
-rules:
-  # Universal Crossplane viewers have access to view events.
-  - apiGroups: [""]
-    resources: [events]
-    verbs: [get, list, watch]
-  # Universal Crossplane viewers may see which namespaces exist.
-  - apiGroups: [""]
-    resources: [namespaces]
-    verbs: [get, list, watch]
-  # Universal Crossplane viewers may see CRDs installed in the cluster.
-  - apiGroups: [apiextensions.k8s.io]
-    resources: [customresourcedefinitions]
-    verbs: [get, list, watch]
-  # Universal Crossplane viewers have read-only access to built in Crossplane types.
-  - apiGroups:
-      - apiextensions.crossplane.io
-    resources: ["*"]
-    verbs: [get, list, watch]
-  - apiGroups:
-      - pkg.crossplane.io
-    resources: [providers, configurations, providerrevisions, configurationrevisions]
-    verbs: [get, list, watch]
-{{- if eq .Values.upbound.controlPlane.permission "edit" }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "crossplane.name" . }}:aggregate-to-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-edit: "true"
-    {{- include "labelsAgent" . | nindent 4 }}
-rules:
-  # Universal Crossplane editors have access to view events.
-  - apiGroups: [""]
-    resources: [events]
-    verbs: [get, list, watch]
-  # Universal Crossplane editors may see which namespaces exist, but not edit them.
-  - apiGroups: [""]
-    resources: [namespaces]
-    verbs: [get, list, watch]
-  # Universal Crossplane editors may see CRDs installed in the cluster.
-  - apiGroups: [apiextensions.k8s.io]
-    resources: [customresourcedefinitions]
-    verbs: [get, list, watch]
-  # Universal Crossplane editors have full access to built in Crossplane types.
-  - apiGroups:
-      - apiextensions.crossplane.io
-    resources: ["*"]
-    verbs: ["*"]
-  - apiGroups:
-      - pkg.crossplane.io
-    resources: [providers, configurations, providerrevisions, configurationrevisions]
-    verbs: ["*"]
-{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/control-plane-token-secret.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/control-plane-token-secret.yaml
deleted file mode 100644
index 897846ae7..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/control-plane-token-secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-{{- if .Values.upbound.controlPlane.token }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Values.upbound.controlPlane.tokenSecretName }}
-  labels:
-    {{- include "labels" . | nindent 4 }}
-type: Opaque
-data:
-  token: {{ .Values.upbound.controlPlane.token | b64enc | quote }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/role.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/role.yaml
deleted file mode 100644
index 960bc4d48..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/role.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
----
-# We need to be able to read universal-crossplane-config configmap in the namespace
-# where UXP is deployed to provide version/configuration information.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "agent-name" . }}-uxp-config
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    resourceNames: ["universal-crossplane-config"]
-    verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "agent-name" . }}-uxp-config
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: upbound:view
-{{- if eq .Values.upbound.controlPlane.permission "edit" }}
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: upbound:edit
-{{- end }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "agent-name" . }}-uxp-config
-{{- end }}
-{{- if eq .Values.upbound.controlPlane.permission "edit" }}
----
-# We need to be able to manage Secrets in the namespace where UXP is deployed
-# so that Secrets pointed by ProviderConfig objects can be created by the agent.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "agent-name" . }}-secret
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "agent-name" . }}-secret
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: upbound:edit
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "agent-name" . }}-secret
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/service.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/service.yaml
deleted file mode 100644
index 7e22879a3..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/service.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "agent-name" . }}
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-spec:
-  selector:
-    {{- include "selectorLabelsAgent" . | nindent 4 }}
-  ports:
-    - port: 6443
-      targetPort: 6443
-      protocol: TCP
-      name: https
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/serviceaccount.yaml
deleted file mode 100644
index fe136d5c0..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/serviceaccount.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "agent-name" . }}
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/tls-secret.yaml
deleted file mode 100644
index 19a5c9748..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/upbound-agent/tls-secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: upbound-agent-tls
-  labels:
-    {{- include "labelsAgent" . | nindent 4 }}
-type: Opaque
-{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/templates/xgql/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/templates/xgql/_helpers.tpl
deleted file mode 100644
index bd1141516..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/xgql/_helpers.tpl
+++ /dev/null
@@ -1,22 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "xgql-name" -}}
-{{- "xgql" -}}
-{{- end -}}
-
-{{/*
-Labels - xgql
-*/}}
-{{- define "labelsXgql" -}}
-{{ include "labels" . }}
-app.kubernetes.io/component: xgql
-{{- end }}
-
-{{/*
-Selector labels - xgql
-*/}}
-{{- define "selectorLabelsXgql" -}}
-{{ include "selectorLabels" . }}
-app.kubernetes.io/component: xgql
-{{- end }}
-
diff --git a/charts/universal-crossplane/universal-crossplane/templates/xgql/deployment.yaml b/charts/universal-crossplane/universal-crossplane/templates/xgql/deployment.yaml
deleted file mode 100644
index 66f3694cc..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/xgql/deployment.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "xgql-name" . }}
-  labels:
-    {{- include "labelsXgql" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "selectorLabelsXgql" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "selectorLabelsXgql" . | nindent 8 }}
-    spec:
-      serviceAccountName: {{ template "xgql-name" . }}
-      {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- range $index, $secret := .Values.imagePullSecrets }}
-        - name: {{ $secret }}
-      {{- end }}
-      {{ end }}
-      containers:
-      - name: xgql
-        image: "{{ .Values.xgql.image.repository }}:{{ .Values.xgql.image.tag }}"
-        imagePullPolicy: {{ .Values.xgql.image.pullPolicy }}
-        resources:
-          {{- toYaml .Values.xgql.resources | nindent 12 }}
-        ports:
-          - name: https
-            containerPort: 8443
-            protocol: TCP
-        {{- if .Values.xgql.metrics.enabled }}
-          - name: metrics
-            containerPort: 8080
-        {{- end }}
-        args:
-          - --tls-key=/etc/certs/xgql/tls.key
-          - --tls-cert=/etc/certs/xgql/tls.crt
-          {{- if .Values.xgql.config.debugMode }}
-          - "--debug"
-          {{- end }}
-          {{- range $arg := .Values.xgql.config.args }}
-          - {{ $arg }}
-          {{- end }}
-        env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-        {{- range $key, $value := .Values.xgql.config.envVars }}
-          - name: {{ $key | replace "." "_" }}
-            value: {{ $value | quote }}
-        {{- end}}
-        volumeMounts:
-          - mountPath: /etc/certs/xgql
-            name: certs
-            readOnly: true
-      volumes:
-        - name: certs
-          secret:
-            defaultMode: 420
-            secretName: xgql-tls
diff --git a/charts/universal-crossplane/universal-crossplane/templates/xgql/service.yaml b/charts/universal-crossplane/universal-crossplane/templates/xgql/service.yaml
deleted file mode 100644
index 80f822d3c..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/xgql/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "xgql-name" . }}
-  labels:
-    {{- include "labelsXgql" . | nindent 4 }}
-spec:
-  selector:
-    {{- include "selectorLabelsXgql" . | nindent 4 }}
-  ports:
-    - port: 443
-      targetPort: https
-      protocol: TCP
-      name: https
diff --git a/charts/universal-crossplane/universal-crossplane/templates/xgql/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/templates/xgql/serviceaccount.yaml
deleted file mode 100644
index 88e8bbdb7..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/xgql/serviceaccount.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "xgql-name" . }}
-  labels:
-    {{- include "labelsXgql" . | nindent 4 }}
diff --git a/charts/universal-crossplane/universal-crossplane/templates/xgql/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/templates/xgql/tls-secret.yaml
deleted file mode 100644
index 4b06ca735..000000000
--- a/charts/universal-crossplane/universal-crossplane/templates/xgql/tls-secret.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: xgql-tls
-  labels:
-    {{- include "labelsXgql" . | nindent 4 }}
-type: Opaque
diff --git a/charts/universal-crossplane/universal-crossplane/values.yaml b/charts/universal-crossplane/universal-crossplane/values.yaml
deleted file mode 100644
index 799fafae1..000000000
--- a/charts/universal-crossplane/universal-crossplane/values.yaml
+++ /dev/null
@@ -1,196 +0,0 @@
-nameOverride: "crossplane"
-
-replicas: 1
-
-deploymentStrategy: RollingUpdate
-
-image:
-  repository: upbound/crossplane
-  tag: v1.6.1-up.1
-  pullPolicy: IfNotPresent
-
-nodeSelector: {}
-tolerations: {}
-affinity: {}
-
-# -- Custom labels to add into metadata
-customLabels: {}
-
-# -- Custom Annotations to add to crossplane serviceaccount
-serviceAccount:
-  customAnnotations: {}
-
-leaderElection: true
-args: {}
-
-provider:
-  packages: []
-
-configuration:
-  packages: []
-
-imagePullSecrets:
-  - dockerhub
-
-registryCaBundleConfig: {}
-
-rbacManager:
-  deploy: true
-  skipAggregatedClusterRoles: true
-  replicas: 1
-  managementPolicy: Basic
-  leaderElection: true
-  args: {}
-  nodeSelector: {}
-  tolerations: {}
-  affinity: {}
-
-priorityClassName: ""
-
-resourcesCrossplane:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-
-securityContextCrossplane:
-  runAsUser: 65532
-  runAsGroup: 65532
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-
-packageCache:
-  medium: ""
-  sizeLimit: 5Mi
-  pvc: ""
-
-registryCaBundleConfig: {}
-
-resourcesRBACManager:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-
-securityContextRBACManager:
-  runAsUser: 65532
-  runAsGroup: 65532
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-
-metrics:
-  enabled: false
-
-# List of extra environment variables to set in the crossplane deployment.
-# EXAMPLE
-# extraEnvironmentVars:
-#   sample.key: value1
-#   ANOTHER.KEY: value2
-# RESULT
-#   - name: sample_key
-#     value: "value1"
-#   - name: ANOTHER_KEY
-#     value: "value2"
-extraEnvVarsCrossplane: {}
-
-# List of extra environment variables to set in the crossplane rbac manager deployment.
-# EXAMPLE
-# extraEnvironmentVars:
-#   sample.key: value1
-#   ANOTHER.KEY: value2
-# RESULT
-#   - name: sample_key
-#     value: "value1"
-#   - name: ANOTHER_KEY
-#     value: "value2"
-extraEnvVarsRBACManager: {}
-
-podSecurityContextCrossplane: {}
-
-podSecurityContextRBACManager: {}
-
-### Agent Values
-
-upbound:
-  apiURL: "https://api.upbound.io"
-  connectHost: "connect.upbound.io"
-  controlPlane:
-    permission: edit
-    tokenSecretName: upbound-control-plane-token
-    token: ""
-
-xgql:
-  image:
-    repository: upbound/xgql
-    tag: v0.1.5
-    pullPolicy: IfNotPresent
-  resources: {}
-  metrics:
-    enabled: false
-  config:
-    debugMode: false
-    args: []
-    envVars: {}
-    # List of extra environment variables to set in the xgql deployment.
-    # EXAMPLE
-    # envVars:
-    #   sample.key: value1
-    #   ANOTHER.KEY: value2
-    # RESULT
-    #   - name: sample_key
-    #     value: "value1"
-    #   - name: ANOTHER_KEY
-    #     value: "value2"
-
-agent:
-  image:
-    repository: upbound/upbound-agent
-    tag: v1.6.1-up.1
-    pullPolicy: IfNotPresent
-  resources: {}
-  config:
-    debugMode: false
-    args: []
-    envVars: {}
-    # List of extra environment variables to set in the agent deployment.
-    # EXAMPLE
-    # envVars:
-    #   sample.key: value1
-    #   ANOTHER.KEY: value2
-    # RESULT
-    #   - name: sample_key
-    #     value: "value1"
-    #   - name: ANOTHER_KEY
-    #     value: "value2"
-
-### Bootstrapper Values
-
-bootstrapper:
-  image:
-    repository: upbound/uxp-bootstrapper
-    tag: v1.6.1-up.1
-    pullPolicy: IfNotPresent
-  resources: {}
-  config:
-    debugMode: false
-    args: []
-    envVars: {}
-    # List of extra environment variables to set in the bootstrapper deployment.
-    # EXAMPLE
-    # envVars:
-    #   sample.key: value1
-    #   ANOTHER.KEY: value2
-    # RESULT
-    #   - name: sample_key
-    #     value: "value1"
-    #   - name: ANOTHER_KEY
-    #     value: "value2"
-
-billing:
-  awsMarketplace:
-    enabled: false
-    iamRoleARN: arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>
diff --git a/charts/universal-crossplane/universal-crossplane/values.yaml.tmpl b/charts/universal-crossplane/universal-crossplane/values.yaml.tmpl
deleted file mode 100644
index 5a6bdaea3..000000000
--- a/charts/universal-crossplane/universal-crossplane/values.yaml.tmpl
+++ /dev/null
@@ -1,196 +0,0 @@
-nameOverride: "crossplane"
-
-replicas: 1
-
-deploymentStrategy: RollingUpdate
-
-image:
-  repository: upbound/crossplane
-  tag: %%CROSSPLANE_TAG%%
-  pullPolicy: IfNotPresent
-
-nodeSelector: {}
-tolerations: {}
-affinity: {}
-
-# -- Custom labels to add into metadata
-customLabels: {}
-
-# -- Custom Annotations to add to crossplane serviceaccount
-serviceAccount:
-  customAnnotations: {}
-
-leaderElection: true
-args: {}
-
-provider:
-  packages: []
-
-configuration:
-  packages: []
-
-imagePullSecrets:
-  - dockerhub
-
-registryCaBundleConfig: {}
-
-rbacManager:
-  deploy: true
-  skipAggregatedClusterRoles: true
-  replicas: 1
-  managementPolicy: Basic
-  leaderElection: true
-  args: {}
-  nodeSelector: {}
-  tolerations: {}
-  affinity: {}
-
-priorityClassName: ""
-
-resourcesCrossplane:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-
-securityContextCrossplane:
-  runAsUser: 65532
-  runAsGroup: 65532
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-
-packageCache:
-  medium: ""
-  sizeLimit: 5Mi
-  pvc: ""
-
-registryCaBundleConfig: {}
-
-resourcesRBACManager:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-
-securityContextRBACManager:
-  runAsUser: 65532
-  runAsGroup: 65532
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-
-metrics:
-  enabled: false
-
-# List of extra environment variables to set in the crossplane deployment.
-# EXAMPLE
-# extraEnvironmentVars:
-#   sample.key: value1
-#   ANOTHER.KEY: value2
-# RESULT
-#   - name: sample_key
-#     value: "value1"
-#   - name: ANOTHER_KEY
-#     value: "value2"
-extraEnvVarsCrossplane: {}
-
-# List of extra environment variables to set in the crossplane rbac manager deployment.
-# EXAMPLE
-# extraEnvironmentVars:
-#   sample.key: value1
-#   ANOTHER.KEY: value2
-# RESULT
-#   - name: sample_key
-#     value: "value1"
-#   - name: ANOTHER_KEY
-#     value: "value2"
-extraEnvVarsRBACManager: {}
-
-podSecurityContextCrossplane: {}
-
-podSecurityContextRBACManager: {}
-
-### Agent Values
-
-upbound:
-  apiURL: "https://api.upbound.io"
-  connectHost: "connect.upbound.io"
-  controlPlane:
-    permission: edit
-    tokenSecretName: upbound-control-plane-token
-    token: ""
-
-xgql:
-  image:
-    repository: upbound/xgql
-    tag: %%XGQL_TAG%%
-    pullPolicy: IfNotPresent
-  resources: {}
-  metrics:
-    enabled: false
-  config:
-    debugMode: false
-    args: []
-    envVars: {}
-    # List of extra environment variables to set in the xgql deployment.
-    # EXAMPLE
-    # envVars:
-    #   sample.key: value1
-    #   ANOTHER.KEY: value2
-    # RESULT
-    #   - name: sample_key
-    #     value: "value1"
-    #   - name: ANOTHER_KEY
-    #     value: "value2"
-
-agent:
-  image:
-    repository: upbound/upbound-agent
-    tag: %%AGENT_TAG%%
-    pullPolicy: IfNotPresent
-  resources: {}
-  config:
-    debugMode: false
-    args: []
-    envVars: {}
-    # List of extra environment variables to set in the agent deployment.
-    # EXAMPLE
-    # envVars:
-    #   sample.key: value1
-    #   ANOTHER.KEY: value2
-    # RESULT
-    #   - name: sample_key
-    #     value: "value1"
-    #   - name: ANOTHER_KEY
-    #     value: "value2"
-
-### Bootstrapper Values
-
-bootstrapper:
-  image:
-    repository: upbound/uxp-bootstrapper
-    tag: %%BOOTSTRAPPER_TAG%%
-    pullPolicy: IfNotPresent
-  resources: {}
-  config:
-    debugMode: false
-    args: []
-    envVars: {}
-    # List of extra environment variables to set in the bootstrapper deployment.
-    # EXAMPLE
-    # envVars:
-    #   sample.key: value1
-    #   ANOTHER.KEY: value2
-    # RESULT
-    #   - name: sample_key
-    #     value: "value1"
-    #   - name: ANOTHER_KEY
-    #     value: "value2"
-
-billing:
-  awsMarketplace:
-    enabled: false
-    iamRoleARN: arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>
diff --git a/index.yaml b/index.yaml
index e2425bbb3..2e362dbdc 100644
--- a/index.yaml
+++ b/index.yaml
@@ -20805,53 +20805,6 @@ entries:
     urls:
     - assets/datadog/datadog-operator-0.8.8.tgz
     version: 0.8.8
-  dkube-deployer:
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Dkube
-      catalog.cattle.io/release-name: dkube
-    apiVersion: v2
-    appVersion: 3.2.0.1
-    created: "2022-07-07T11:59:10.38345804+05:30"
-    description: A Kubernetes-based MLOps platform based on open standards Kubeflow
-      and MLflow
-    digest: 97ebdc02ae42e565a2851bd2c789adba06be8950560184bdf4662e62a117f86d
-    home: https://dkube.io
-    icon: https://www.dkube.io/img/logo_new.png
-    keywords:
-    - kubernetes
-    - MLOps
-    - Kubeflow
-    - AI
-    kubeVersion: "1.20"
-    name: dkube-deployer
-    type: application
-    urls:
-    - assets/dkube/dkube-deployer-1.0.602.tgz
-    version: 1.0.602
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Dkube
-      catalog.cattle.io/release-name: dkube
-    apiVersion: v2
-    appVersion: 3.2.0.1
-    created: "2022-05-04T16:37:14.95132553+05:30"
-    description: A Kubernetes-based MLOps platform based on open standards Kubeflow
-      and MLflow
-    digest: a3c0c5ad1abab6fa143abced6fb9a3dc100844327b2e4a881f46c10e89900a75
-    home: https://dkube.io
-    icon: https://www.dkube.io/img/logo_new.png
-    keywords:
-    - kubernetes
-    - MLOps
-    - Kubeflow
-    - AI
-    kubeVersion: "1.20"
-    name: dkube-deployer
-    type: application
-    urls:
-    - assets/dkube/dkube-deployer-1.0.601.tgz
-    version: 1.0.601
   dxemssql:
   - annotations:
       catalog.cattle.io/certified: partner
@@ -27305,38 +27258,6 @@ entries:
     urls:
     - assets/intel/intel-device-plugins-sgx-0.26.0.tgz
     version: 0.26.0
-  istiod-tid:
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Tetrate Istio Distro
-      catalog.cattle.io/namespace: istio-system
-      catalog.cattle.io/release-name: istiod-tid
-      catalog.cattle.io/upstream-version: 1.12.6
-    apiVersion: v1
-    appVersion: 1.12.6
-    created: "2022-06-21T13:20:33.6441403-07:00"
-    description: Tetrate Istio Distro Istiod is simple, safe enterprise-grade Service
-      Mesh.
-    digest: 433be99d0e0455ce7cf654f7df499397d0b268cca2a9d610599efeb20c535f6c
-    home: https://istio.tetratelabs.io
-    icon: https://istio.tetratelabs.io/images/getistio-favicon.png
-    keywords:
-    - istio
-    - istiod
-    - istio-discovery
-    - tid
-    - tetrate
-    - distribution
-    - networking
-    - infrastructure
-    kubeVersion: '>= 1.19.0-0 < 1.23.0-0'
-    maintainers:
-    - email: tetrate@tetrate.io
-      name: tetrate
-    name: istiod-tid
-    urls:
-    - assets/tetrate-istio/istiod-tid-1.12.600.tgz
-    version: 1.12.600
   jaeger-operator:
   - annotations:
       catalog.cattle.io/certified: partner
@@ -65043,408 +64964,6 @@ entries:
     urls:
     - assets/triggermesh/triggermesh-0.3.401.tgz
     version: 0.3.401
-  universal-crossplane:
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.6.1001
-    created: "2022-01-21T10:36:14.32691+03:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: 929e21d9c33212579eb5e1b5624e4ed7b1f9ed9bfcd27b19af8330a2b0b02802
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.6.100101.tgz
-    version: 1.6.100101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.5.2001
-    created: "2022-02-27T17:35:12.770237478-05:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: 850f09a2729b4afe887c61a1005ecc73012817cc264c168b413029f77fd32ed7
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.5.200101.tgz
-    version: 1.5.200101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.5.1001
-    created: "2021-12-10T03:25:19.626207+03:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: b9be69633e4ba615cf557dadbdbce97961ffe0d238d4cdf937d0244ae008013d
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.5.100101.tgz
-    version: 1.5.100101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.4.4001
-    created: "2022-02-27T17:31:03.077775885-05:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: 8449146ae4326b72379451982afaa806a0342748bd9e097d128ebd1477e9e454
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.4.400101.tgz
-    version: 1.4.400101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.4.3001
-    created: "2021-12-09T08:45:29.476849+03:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: 940ffad0fb56515de69f021e094530808b62af714c071c894a505ce6d27ed31a
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.4.300101.tgz
-    version: 1.4.300101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.3.3001
-    created: "2021-11-30T15:24:49.873684+03:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: fc71970731fa83222058b53b9f345558ec97f410e9ab965f761be24188560a85
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.3.300101.tgz
-    version: 1.3.300101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.3.1001
-    created: "2021-09-20T22:19:39.177904+03:00"
-    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
-      distribution of Crossplane.
-    digest: 22f06bca40a4717fdb62c3f7a76716ec525d96d68651f48cecad6441f99bb4da
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.3.100101.tgz
-    version: 1.3.100101
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.2.3002
-    created: "2021-08-22T23:25:13.440694+03:00"
-    description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade
-      distribution of Crossplane. It''s fully compatible with upstream Crossplane,
-      open source, capable of connecting to Upbound Cloud for real-time dashboard
-      visibility, and maintained by Upbound. It''s the easiest way for both individual
-      community members and enterprises to build their production control planes. '
-    digest: ff073b35aa28d9ead9470c4c559cf30e42ec118a8194ade18077421c31f24153
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    kubeVersion: '>= 1.15'
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.2.300200.tgz
-    version: 1.2.300200
-  - annotations:
-      catalog.cattle.io/certified: partner
-      catalog.cattle.io/display-name: Upbound Universal Crossplane
-      catalog.cattle.io/release-name: universal-crossplane
-    apiVersion: v1
-    appVersion: 1.2.2001
-    created: "2021-06-23T17:44:55.491386-07:00"
-    description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade
-      distribution of Crossplane. It''s fully compatible with upstream Crossplane,
-      open source, capable of connecting to Upbound Cloud for real-time dashboard
-      visibility, and maintained by Upbound. It''s the easiest way for both individual
-      community members and enterprises to build their production control planes. '
-    digest: 3c1dfa0f7f6181ab4101f23c41aadddb330484a1d6f48efcbbd523c6cf92eec9
-    home: https://upbound.io
-    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-    keywords:
-    - cloud
-    - infrastructure
-    - services
-    - application
-    - database
-    - cache
-    - bucket
-    - infra
-    - app
-    - ops
-    - oam
-    - gcp
-    - azure
-    - aws
-    - alibaba
-    - cloudsql
-    - rds
-    - s3
-    - azuredatabase
-    - asparadb
-    - gke
-    - aks
-    - eks
-    maintainers:
-    - email: info@upbound.io
-      name: Upbound Inc.
-    name: universal-crossplane
-    urls:
-    - assets/universal-crossplane/universal-crossplane-1.2.200100.tgz
-    version: 1.2.200100
   vals-operator:
   - annotations:
       catalog.cattle.io/certified: partner
diff --git a/packages/dkube/generated-changes/overlay/app-readme.md b/packages/dkube/generated-changes/overlay/app-readme.md
deleted file mode 100644
index 8347175e6..000000000
--- a/packages/dkube/generated-changes/overlay/app-readme.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Dkube
-
-[DKube](https://dkube.io/) is an MLOps product based on best of Kubeflow and MLFlow. It is optimized for implementation on-prem or in the cloud. You get the flexibility and innovation of open source ref architectures like Kubeflow and MLFlow as a supported product.
-
-With DKube you can prepare your data including feature engineering, train AI models, optimize, tune and publish AI models and be able to deploy/serve those models.  Kubeflow pipelines, KF Serving, MLFlow experiment tracking and comparison are all provided while allowing you to track the model and data versioning for reproducibility, audits and governance.
-
-## Installation
-
-### Requirements
-The following is the minimum configuration required to deploy DKube on a Rancher cluster
-- The minimal configuration for each of the worker nodes is as follows:
-  - 16 cores
-  - 64 GB RAM
-  - 300 GB storage for Root Volume
-- The worker nodes could be brought up with any of the following OS distributions
-  - Ubuntu 20.04
-  - CentOS / RHEL 7.9
-  - Amazon Linux 2 for installations on AWS
-- Storage
-  - The recommended storage option for DKube meta-data and user ML resources is an external NFS server with a min of 1TB storage available.
-  - For evaluation purposes, one of the worker nodes can be configured as the storage option. In this case the recommended size of storage on the worker node is 1 TB and a minimum size of 400 GB.
-- Dkube requires a Kubernetes version of 1.20.
-- Dkube images registry details are required for installation. Please send a mail to support@dkube.io for the details.
-- The following sections in the installation guide needs to be followed to prepare Rancher cluster for Dkube installation.
-  - [Getting the Dkube Files](https://dkube.io/install/install3_x/Install-Getting-Started.html#getting-the-dkube-files)
-  - [Setting up the Rancher Cluster](https://dkube.io/install/install3_x/Install-Rancher.html#setting-up-the-rancher-cluster)
-  - [Preparing the Rancher Cluster](https://dkube.io/install/install3_x/Install-Rancher.html#preparing-the-rancher-cluster).
-  - [Node Setup](https://dkube.io/install/install3_x/Install-Rancher.html#node-setup). This is optional for a non-GPU cluster.
-
-For more information on installation, refer to the [Dkube Installation Guide](https://dkube.io/install/install3_x/Install-Advanced.html).
diff --git a/packages/dkube/generated-changes/overlay/questions.yaml b/packages/dkube/generated-changes/overlay/questions.yaml
deleted file mode 100644
index 1e0a86ce1..000000000
--- a/packages/dkube/generated-changes/overlay/questions.yaml
+++ /dev/null
@@ -1,326 +0,0 @@
-questions:
-- variable: EULA
-  description: "The Dkube EULA is available at www.oneconvergence.com/EULA/One-Convergence-EULA.pdf . By accepting this license agreement you acknowledge that you have read and understood the terms and conditions mentioned. Please refer to Basic Configuration section of the installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#basic-configuration"
-  type: enum
-  label: DKUBE-EULA
-  required: true
-  group: "General"
-  options:
-  - "yes"
-- variable: username
-  default: ""
-  description: "Dkube operator's local sigh-in username: Username cannot be same as that of a namespace's name. Also, following names are restricted - dkube, dkube-infra, kubeflow, istio-system, knative-serving, harbor-system. Please refer to Basic Configuration section of the installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#basic-configuration"
-  type: string
-  label: Username
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: password
-  default: ""
-  description: "Dkube operator's local sigh-in password"
-  type: password
-  label: Password
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: version
-  default: "3.2.0.1"
-  description: "Version of dkube to be installed"
-  type: string
-  label: Dkube version
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: provider
-  default: "dkube"
-  description: "Kubernetes provider: Choose one of dkube/gke/okd/eks/ntnx/tanzu"
-  type: enum
-  label: Kube Provider
-  required: true
-  options:
-    - "dkube"
-    - "gke"
-    - "okd"
-    - "eks"
-    - "ntnx"
-    - "tanzu"
-  group: "General"
-  show_if: "EULA=yes"
-- variable: ha
-  default: "false"
-  description: "When HA=true k8s cluster must have min 3 schedulable nodes. Please refer to resilient operation section of the installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#resilient-operation"
-  type: boolean
-  label: HA
-  required: true
-  group: "General"
-  show_if: "EULA=yes"
-- variable: wipedata
-  default: yes
-  description: "Wipe dkube data during helm operation install/uninstall. Choose one of yes/no"
-  type: enum
-  label: Wipe Data
-  required: true
-  options:
-    - "yes"
-    - "no"
-  group: "General"
-  show_if: "EULA=yes"
-- variable: minimal
-  default: no
-  description: "To install minimal version of dkube. Choose one of yes/no"
-  type: enum
-  label: Minimal
-  required: true
-  options:
-    - "yes"
-    - "no"
-  group: "General"
-  show_if: "EULA=yes"
-- variable: airgap
-  default: no
-  description: "To install air-gapped version of dkube. Choose one of yes/no"
-  type: enum
-  label: Airgap
-  required: true
-  options:
-    - "yes" 
-    - "no"
-  group: "General"
-  show_if: "EULA=yes"
-# registry
-- variable: registry.name
-  default: "docker.io/ocdr"
-  description: "Repository from where Dkube images can be picked. Format: registry/[repo]. Please contact support@dkube.io for Dkube registry details"
-  type: string
-  label: Dkube images registry
-  required: true
-  group: "Registry"
-  show_if: "EULA=yes"
-- variable: registry.username
-  default: ""
-  description: "Container registry username"
-  type: string
-  label: Dkube images registry username
-  required: true
-  group: "Registry"
-  show_if: "EULA=yes"
-- variable: registry.password
-  default: ""
-  description: "Container registry password"
-  type: password
-  label: Dkube images registry password
-  required: true
-  group: "Registry"
-  show_if: "EULA=yes"
-# STORAGE 
-- variable: optional.storage.type
-  default: "disk"
-  description: "Type of storage. Note: ceph storage type can only be use with HA=true And pv or sc can only be used with HA=false. Please refer to Storage options section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#storage-options"
-  type: enum
-  label: Dkube storage type
-  options:
-    - "disk"
-    - "nfs"
-    - "ceph"
-    - "pv"
-    - "sc"
-  group: "Storage"
-  show_if: "EULA=yes"
-  subquestions:
-  - variable: optional.storage.path
-    default: "/var/dkube"
-    description: "Localpath on the storage node"
-    type: string
-    label: Dkube storage disk path
-    show_if: "optional.storage.type=disk"
-  - variable: optional.storage.node
-    default: ""
-    description: "Node name for dkube storage. Provide hostname of the master node if Kube provider is dkube"
-    type: string
-    label: Dkube storage disk node
-    show_if: "optional.storage.type=disk"
-  - variable: optional.storage.persistentVolume
-    default: ""
-    description: "Name of persistent volume to be used for storage"
-    type: string
-    label: Storage PV
-    show_if: "ha=false&&optional.storage.type=pv"
-  - variable: optional.storage.storageClass
-    default: ""
-    description: "Name of storage class to be used for storage. Make sure dynamic provisioner is running for the storage class name"
-    type: string
-    label: Storage class
-    show_if: "ha=false&&optional.storage.type=sc"
-  - variable: optional.storage.nfsServer
-    default: ""
-    description: "NFS server ip to be used for storage"
-    type: string
-    label: NFS Server
-    show_if: "optional.storage.type=nfs"
-  - variable: optional.storage.nfsPath
-    default: ""
-    description: "NFS path (Make sure the path exists)"
-    type: string
-    label: NFS path
-    show_if: "optional.storage.type=nfs"
-  - variable: optional.storage.cephMonitors
-    default: ""
-    description: "Comma separated IPs of ceph monitors"
-    type: string
-    label: Ceph monitors
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephSecret
-    default: ""
-    description: "Ceph secret"
-    type: string
-    label: Ceph Secret
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephFilesystem
-    default: ""
-    description: "Ceph Filesystem"
-    type: string
-    label: Ceph Filesystem
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephNamespace
-    default: ""
-    description: "Ceph Namespace"
-    type: string
-    label: Ceph Namespace
-    show_if: "optional.storage.type=ceph"
-  - variable: optional.storage.cephPath
-    default: "/var/lib/rook"
-    description: "Ceph data and configuration path for internal ceph. Internal ceph is installed when HA=true and Storage type is not equal to nfs or ceph"
-    type: string
-    label: Ceph storage path
-    #show_if: "ha=true&&optional.storage.type!=ceph&&optional.storage.type!=nfs"
-    show_if: "ha=true"
-  - variable: optional.storage.cephDisk
-    default: ""
-    description: "Only for internal ceph from release 2.2.1.12. Disk name for internal ceph storage. It should be a raw formatted disk. E.g: sdb"
-    type: string
-    label: Ceph Storage Disk
-    #show_if: "ha=true&&optional.storage.type!=ceph&&optional.storage.type!=nfs"
-    show_if: "ha=true"
-# Loadbalancer
-- variable: optional.loadbalancer.access
-  default: "nodeport"
-  description: "Type of dkube proxy service, possible values are nodeport and loadbalancer; Please use loadbalancer if kubeProvider is gke."
-  type: enum
-  label: Dkube access type
-  group: "Loadbalancer"
-  #show_if: "EULA=yes&&ha=true"
-  #show_if: "EULA=yes&&ha=true&&optional.storage.type!=ceph&&optional.storage.type!=nfs"
-  #show_if: "ha=true&&optional.storage.type=ceph"
-  options:
-    - "loadbalancer"
-    - "nodeport"
-  show_subquestion_if: loadbalancer
-  show_if: "EULA=yes"
-  subquestions:
-  - variable: optional.loadbalancer.metallb
-    default: false
-    description: "Set true to install MetalLB Loadbalancer. Please refer to Load Balancer options section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#load-balancer-options"
-    type: string
-    label: MetalLB Loadbalancer
-  - variable: optional.loadbalancer.vipPool
-    default: ""
-    description: "Valid only if installLoadbalancer is true; Only CIDR notation is allowed. E.g: 192.168.2.0/24"
-    type: string
-    label: Loadbalancer VipPool
-    show_if: "EULA=yes"
-# Modelmonitor
-- variable: optional.modelmonitor.enabled
-  default: "false"
-  description: "To enable modelmonitor in dkube. (true / false). Please refer to Model Monitor section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#model-monitor"
-  type: boolean
-  label: Enable Modelmonitor
-  group: "General"
-  show_if: "EULA=yes"
-# DBAAS
-- variable: optional.DBAAS.database
-  default: ""
-  description: "To configure external database for dkube. Supported mysql, sqlserver(mssql). Empty will pickup default sql db installed with dkube. Please refer to section External Database of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#external-database"
-  type: string
-  label: database
-  group: "DBAAS"
-  show_if: "EULA=yes"
-- variable: optional.DBAAS.dsn
-  default: ""
-  description: "Syntaxes here can be followed to specify dsn https://gorm.io/docs/connecting_to_the_database.html"
-  type: string
-  label: dsn
-  group: "DBAAS"
-  show_if: "EULA=yes"
-# CICD
-- variable: optional.CICD.enabled
-  default: "false"
-  description: "To enable tekton cicd with dkube. (true / false). Please refer to CICD section of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#ci-cd"
-  type: boolean
-  label: CICD Enabled
-  group: "CICD"
-  show_if: "EULA=yes"
-  show_subquestion_if: true
-  subquestions:
-    - variable: optional.CICD.registryName
-      default: false
-      description: "Docker registry where CICD built images will be saved"
-      type: string
-      label: Docker registry name
-    - variable: optional.CICD.registryUsername
-      default: false
-      description: "Docker registry Username"
-      type: string
-      label: Docker registry Username
-    - variable: optional.CICD.registryPassword
-      default: false
-      description: "Docker registry password"
-      type: string
-      label: Docker registry Password
-    - variable: optional.CICD.IAMRole
-      default: false
-      description: "For AWS ECR on EKS K8S cluster, enter registry as aws_account_id.dkr.ecr.region.amazonaws.com. registryName: 'aws_account_id.dkr.ecr.region.amazonaws.com' Worker nodes should either have AmazonEC2ContainerRegistryFullAccess or if you are using KIAM based IAM control, provide an IAM role which has AmazonEC2ContainerRegistryFullAccess; IAMRole: 'arn:aws:iam::<aws_account_id>:role/<iam-role>'"
-      type: string
-      label: IAMRole
-# Node Affinity
-- variable: optional.nodeAffinity.dkubeNodesLabel
-  default: ""
-  description: "Nodes identified by labels on which the dkube pods must be scheduled.. Say management nodes. Unfilled means no binding. When filled there needs to be minimum of 3nodes in case of HA and one node in case of non-HA. Example: DKUBE_NODES_LABEL: key1=value1. Please refer to section Node Affinity of installation guide. https://dkube.io/install/install3_x/Install-Advanced.html#node-affinity"
-  type: string
-  label: DKUBE_NODES_LABEL
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.nodeAffinity.dkubeNodesTaints
-  default: ""
-  description: "Nodes to be tolerated by dkube control plane pods so that only they can be scheduled on the nodes. Example: DKUBE_NODES_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule"
-  type: string
-  label: DKUBE_NODES_TAINTS 
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.nodeAffinity.gpuWorkloadTaints
-  default: ""
-  description: "Taints of the nodes where gpu workloads must be scheduled. Example: GPU_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule"
-  type: string
-  label: GPU_WORKLOADS_TAINTS
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.nodeAffinity.productionWorkloadTaints
-  default: ""
-  description: "Taints of the nodes where production workloads must be scheduled. Example: PRODUCTION_WORKLOADS_TAINTS: key1=value1:NoSchedule,key2=value2:NoSchedule"
-  type: string
-  label: PRODUCTION_WORKLOADS_TAINTS
-  group: "NodeAffinity"
-  show_if: "EULA=yes"
-- variable: optional.dkubeDockerhubCredentialsSecret
-  default: ""
-  description: "Dockerhub Secrets for OCDR images. If you don't create, this will be auto-created with default values."
-  type: string
-  label: DKUBE DOCKERHUB CREDENTIALS SECRET
-  group: "General"
-  show_if: "EULA=yes"
-- variable: optional.IAMRole
-  default: ""
-  description: "AWS IAM role. Valid only if KUBE_PROVIDER=eks. This will be set as an annotation in few deployments. Format should be like: IAMRole: '<key>: <iam role>' eg: IAMRole: 'iam.amazonaws.com/role: arn:aws:iam::123456789012:role/myrole'"
-  type: string
-  label: IAMRole
-  group: "General"
-  show_if: "EULA=yes&&provider=eks"
diff --git a/packages/dkube/generated-changes/patch/Chart.yaml.patch b/packages/dkube/generated-changes/patch/Chart.yaml.patch
deleted file mode 100644
index 2cdec01f7..000000000
--- a/packages/dkube/generated-changes/patch/Chart.yaml.patch
+++ /dev/null
@@ -1,40 +0,0 @@
---- charts-original/Chart.yaml
-+++ charts/Chart.yaml
-@@ -1,22 +1,22 @@
- apiVersion: v2
- name: dkube-deployer
--description: A Helm chart for Dkube product installation on kubernetes platform
--
--# A chart can be either an 'application' or a 'library' chart.
--#
--# Application charts are a collection of templates that can be packaged into versioned archives
--# to be deployed.
--#
--# Library charts provide useful utilities or functions for the chart developer. They're included as
--# a dependency of application charts to inject those utilities and functions into the rendering
--# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-+description: A Kubernetes-based MLOps platform based on open standards Kubeflow and MLflow
-+home: https://dkube.io
-+icon: https://www.dkube.io/img/logo_new.png
-+keywords:
-+- kubernetes
-+- MLOps
-+- Kubeflow
-+- AI
- type: application
--
- # This is the chart version. This version number should be incremented each time you make changes
- # to the chart and its templates, including the app version.
- # Versions are expected to follow Semantic Versioning (https://semver.org/)
- version: 1.0.6
--# This is the version number of the application being deployed. This version number should be
--# incremented each time you make changes to the application. Versions are not expected to
--# follow Semantic Versioning. They should reflect the version the application is using.
--appVersion:
-+# Application version
-+appVersion: "3.2.0.1"
-+annotations:
-+  catalog.cattle.io/certified: partner # Enables the "partner" badge in the UI for easier identification
-+  catalog.cattle.io/release-name: dkube # Your chart's name in kebab-case, this is used for deployment
-+  catalog.cattle.io/display-name: Dkube # The chart's name you want displayed in the UI
-+kubeVersion: "1.20"
diff --git a/packages/dkube/generated-changes/patch/values.schema.json.patch b/packages/dkube/generated-changes/patch/values.schema.json.patch
deleted file mode 100644
index e1e929c05..000000000
--- a/packages/dkube/generated-changes/patch/values.schema.json.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- charts-original/values.schema.json
-+++ charts/values.schema.json
-@@ -36,8 +36,7 @@
-     },
- 		"ha":{
- 			"$id":"#/properties/ha",
--			"type":"string",
--			"enum": ["true", "false"]
-+			"type":"boolean"
- 		},
- 		"wipedata":{
- 			"$id":"#/properties/wipedata",
diff --git a/packages/dkube/generated-changes/patch/values.yaml.patch b/packages/dkube/generated-changes/patch/values.yaml.patch
deleted file mode 100644
index 65e40816f..000000000
--- a/packages/dkube/generated-changes/patch/values.yaml.patch
+++ /dev/null
@@ -1,45 +0,0 @@
---- charts-original/values.yaml
-+++ charts/values.yaml
-@@ -10,13 +10,13 @@
- password: ""
- 
- # dkube version
--version: ""
-+version: "3.2.0.1"
- 
- # Choose one of dkube/gke/okd/eks/ntnx/tanzu kube provider
- provider: "dkube"
- 
- # For ha deployment, k8s cluster must have min 3 schedulable nodes
--ha: "false"
-+ha: false
- 
- # Wipe dkube data during helm operation install/uninstall.
- # Choose one of yes/no
-@@ -64,7 +64,7 @@
-         # Nodename of the storage node
-         # Possible values: AUTO/<nodename>
-         # AUTO - Master node will be chosen for storage if KUBE_PROVIDER=dkube
--        node: "AUTO"
-+        node: ""
- 
-         # Name of persistent volume
-         persistentVolume: ""
-@@ -124,7 +124,7 @@
- 
-     modelmonitor:
-         #To enable modelmonitor in dkube. (true / false)
--        enabled: "false"
-+        enabled: false
- 
-     DBAAS:
-         # To configure external database for dkube
-@@ -137,7 +137,7 @@
- 
-     CICD:
-         #To enable tekton cicd with dkube. (true / false)
--        enabled: "false"
-+        enabled: false
- 
-         #Docker registry where CICD built images will be saved.
-         registryName: "docker.io/ocdr"
diff --git a/packages/dkube/package.yaml b/packages/dkube/package.yaml
deleted file mode 100644
index 1b8973d55..000000000
--- a/packages/dkube/package.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-url: https://github.com/oneconvergence/dkube-helm.git
-subdirectory: charts/dkube-deployer
-commit: c976fb90b82b5fd86dc6b4429e8fd7a4530c4415
-packageVersion: 2
-
diff --git a/packages/tetrate-istio/generated-changes/exclude/README.md b/packages/tetrate-istio/generated-changes/exclude/README.md
deleted file mode 100644
index 9d4d07a42..000000000
--- a/packages/tetrate-istio/generated-changes/exclude/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# Istiod Helm Chart
-
-This chart installs an Istiod deployment.
-
-## Setup Repo Info
-
-```console
-helm repo add istio https://istio-release.storage.googleapis.com/charts
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Installing the Chart
-
-Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart).
-
-To install the chart with the release name `istiod`:
-
-```console
-kubectl create namespace istio-system
-helm install istiod istio/istiod --namespace istio-system
-```
-
-## Uninstalling the Chart
-
-To uninstall/delete the `istiod` deployment:
-
-```console
-helm delete istiod --namespace istio-system
-```
-
-## Configuration
-
-To view support configuration options and documentation, run:
-
-```console
-helm show values istio/istiod
-```
-
-### Examples
-
-#### Configuring mesh configuration settings
-
-Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below:
-
-```yaml
-meshConfig:
-  accessLogFile: /dev/stdout
-```
-
-#### Revisions
-
-Control plane revisions allow deploying multiple versions of the control plane in the same cluster.
-This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/)
-
-```yaml
-revision: my-revision-name
-```
diff --git a/packages/tetrate-istio/generated-changes/overlay/app-readme.md b/packages/tetrate-istio/generated-changes/overlay/app-readme.md
deleted file mode 100644
index a55a2b851..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/app-readme.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# Tetrate Istio Distro Istiod module
-
-[Tetrate Istio Distro](https://istio.tetratelabs.io/) is simple, safe enterprise-grade Istio distro.
-
-## Installing the Chart
-
-Istio-base is being installed as part of this Chart, no need to separately deploy CRDs as they  are installed in the cluster in the form of dependancy.
-
-Please specify the correct version during next step. The full list is available at: https://istio.tetratelabs.io/download 
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/Chart.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/Chart.yaml
deleted file mode 100644
index 837175dbd..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/Chart.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-appVersion: 1.12.6
-description: Helm chart for deploying Istio cluster resources and CRDs
-icon: https://istio.io/latest/favicons/android-192x192.png
-keywords:
-- istio
-name: tid-base
-version: 1.12.6
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-all.gen.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-all.gen.yaml
deleted file mode 100644
index c2999ea16..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-all.gen.yaml
+++ /dev/null
@@ -1,5941 +0,0 @@
-# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: wasmplugins.extensions.istio.io
-spec:
-  group: extensions.istio.io
-  names:
-    categories:
-    - istio-io
-    - extensions-istio-io
-    kind: WasmPlugin
-    listKind: WasmPluginList
-    plural: wasmplugins
-    singular: wasmplugin
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Extend the functionality provided by the Istio proxy through
-              WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
-            properties:
-              imagePullPolicy:
-                description: The pull behaviour to be applied when fetching an OCI
-                  image.
-                enum:
-                - UNSPECIFIED_POLICY
-                - IfNotPresent
-                - Always
-                type: string
-              imagePullSecret:
-                description: Credentials to use for OCI image pulling.
-                type: string
-              phase:
-                description: Determines where in the filter chain this `WasmPlugin`
-                  is to be injected.
-                enum:
-                - UNSPECIFIED_PHASE
-                - AUTHN
-                - AUTHZ
-                - STATS
-                type: string
-              pluginConfig:
-                description: The configuration that will be passed on to the plugin.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              pluginName:
-                type: string
-              priority:
-                description: Determines ordering of `WasmPlugins` in the same `phase`.
-                nullable: true
-                type: integer
-              selector:
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              sha256:
-                description: SHA256 checksum that will be used to verify Wasm module
-                  or OCI container.
-                type: string
-              url:
-                description: URL of a Wasm module or OCI container.
-                type: string
-              verificationKey:
-                type: string
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: destinationrules.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: DestinationRule
-    listKind: DestinationRuleList
-    plural: destinationrules
-    shortNames:
-    - dr
-    singular: destinationrule
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: envoyfilters.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: EnvoyFilter
-    listKind: EnvoyFilterList
-    plural: envoyfilters
-    singular: envoyfilter
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Customizing Envoy configuration generated by Istio. See
-              more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
-            properties:
-              configPatches:
-                description: One or more patches with match conditions.
-                items:
-                  properties:
-                    applyTo:
-                      enum:
-                      - INVALID
-                      - LISTENER
-                      - FILTER_CHAIN
-                      - NETWORK_FILTER
-                      - HTTP_FILTER
-                      - ROUTE_CONFIGURATION
-                      - VIRTUAL_HOST
-                      - HTTP_ROUTE
-                      - CLUSTER
-                      - EXTENSION_CONFIG
-                      - BOOTSTRAP
-                      type: string
-                    match:
-                      description: Match on listener/route configuration/cluster.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - listener
-                          - required:
-                            - routeConfiguration
-                          - required:
-                            - cluster
-                      - required:
-                        - listener
-                      - required:
-                        - routeConfiguration
-                      - required:
-                        - cluster
-                      properties:
-                        cluster:
-                          description: Match on envoy cluster attributes.
-                          properties:
-                            name:
-                              description: The exact name of the cluster to match.
-                              type: string
-                            portNumber:
-                              description: The service port for which this cluster
-                                was generated.
-                              type: integer
-                            service:
-                              description: The fully qualified service name for this
-                                cluster.
-                              type: string
-                            subset:
-                              description: The subset associated with the service.
-                              type: string
-                          type: object
-                        context:
-                          description: The specific config generation context to match
-                            on.
-                          enum:
-                          - ANY
-                          - SIDECAR_INBOUND
-                          - SIDECAR_OUTBOUND
-                          - GATEWAY
-                          type: string
-                        listener:
-                          description: Match on envoy listener attributes.
-                          properties:
-                            filterChain:
-                              description: Match a specific filter chain in a listener.
-                              properties:
-                                applicationProtocols:
-                                  description: Applies only to sidecars.
-                                  type: string
-                                destinationPort:
-                                  description: The destination_port value used by
-                                    a filter chain's match condition.
-                                  type: integer
-                                filter:
-                                  description: The name of a specific filter to apply
-                                    the patch to.
-                                  properties:
-                                    name:
-                                      description: The filter name to match on.
-                                      type: string
-                                    subFilter:
-                                      properties:
-                                        name:
-                                          description: The filter name to match on.
-                                          type: string
-                                      type: object
-                                  type: object
-                                name:
-                                  description: The name assigned to the filter chain.
-                                  type: string
-                                sni:
-                                  description: The SNI value used by a filter chain's
-                                    match condition.
-                                  type: string
-                                transportProtocol:
-                                  description: Applies only to `SIDECAR_INBOUND` context.
-                                  type: string
-                              type: object
-                            name:
-                              description: Match a specific listener by its name.
-                              type: string
-                            portName:
-                              type: string
-                            portNumber:
-                              type: integer
-                          type: object
-                        proxy:
-                          description: Match on properties associated with a proxy.
-                          properties:
-                            metadata:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            proxyVersion:
-                              type: string
-                          type: object
-                        routeConfiguration:
-                          description: Match on envoy HTTP route configuration attributes.
-                          properties:
-                            gateway:
-                              type: string
-                            name:
-                              description: Route configuration name to match on.
-                              type: string
-                            portName:
-                              description: Applicable only for GATEWAY context.
-                              type: string
-                            portNumber:
-                              type: integer
-                            vhost:
-                              properties:
-                                name:
-                                  type: string
-                                route:
-                                  description: Match a specific route within the virtual
-                                    host.
-                                  properties:
-                                    action:
-                                      description: Match a route with specific action
-                                        type.
-                                      enum:
-                                      - ANY
-                                      - ROUTE
-                                      - REDIRECT
-                                      - DIRECT_RESPONSE
-                                      type: string
-                                    name:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                      type: object
-                    patch:
-                      description: The patch to apply along with the operation.
-                      properties:
-                        filterClass:
-                          description: Determines the filter insertion order.
-                          enum:
-                          - UNSPECIFIED
-                          - AUTHN
-                          - AUTHZ
-                          - STATS
-                          type: string
-                        operation:
-                          description: Determines how the patch should be applied.
-                          enum:
-                          - INVALID
-                          - MERGE
-                          - ADD
-                          - REMOVE
-                          - INSERT_BEFORE
-                          - INSERT_AFTER
-                          - INSERT_FIRST
-                          - REPLACE
-                          type: string
-                        value:
-                          description: The JSON config of the object being patched.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                      type: object
-                  type: object
-                type: array
-              priority:
-                description: Priority defines the order in which patch sets are applied
-                  within a context.
-                format: int32
-                type: integer
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: gateways.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Gateway
-    listKind: GatewayList
-    plural: gateways
-    shortNames:
-    - gw
-    singular: gateway
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: serviceentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: ServiceEntry
-    listKind: ServiceEntryList
-    plural: serviceentries
-    shortNames:
-    - se
-    singular: serviceentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: sidecars.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Sidecar
-    listKind: SidecarList
-    plural: sidecars
-    singular: sidecar
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: virtualservices.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: VirtualService
-    listKind: VirtualServiceList
-    plural: virtualservices
-    shortNames:
-    - vs
-    singular: virtualservice
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadEntry
-    listKind: WorkloadEntryList
-    plural: workloadentries
-    shortNames:
-    - we
-    singular: workloadentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadgroups.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadGroup
-    listKind: WorkloadGroupList
-    plural: workloadgroups
-    shortNames:
-    - wg
-    singular: workloadgroup
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Describes a collection of workload instances. See more details
-              at: https://istio.io/docs/reference/config/networking/workload-group.html'
-            properties:
-              metadata:
-                description: Metadata that will be used for all corresponding `WorkloadEntries`.
-                properties:
-                  annotations:
-                    additionalProperties:
-                      type: string
-                    type: object
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              probe:
-                description: '`ReadinessProbe` describes the configuration the user
-                  must provide for healthchecking on their workload.'
-                oneOf:
-                - not:
-                    anyOf:
-                    - required:
-                      - httpGet
-                    - required:
-                      - tcpSocket
-                    - required:
-                      - exec
-                - required:
-                  - httpGet
-                - required:
-                  - tcpSocket
-                - required:
-                  - exec
-                properties:
-                  exec:
-                    description: Health is determined by how the command that is executed
-                      exited.
-                    properties:
-                      command:
-                        description: Command to run.
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  failureThreshold:
-                    description: Minimum consecutive failures for the probe to be
-                      considered failed after having succeeded.
-                    format: int32
-                    type: integer
-                  httpGet:
-                    properties:
-                      host:
-                        description: Host name to connect to, defaults to the pod
-                          IP.
-                        type: string
-                      httpHeaders:
-                        description: Headers the proxy will pass on to make the request.
-                        items:
-                          properties:
-                            name:
-                              type: string
-                            value:
-                              type: string
-                          type: object
-                        type: array
-                      path:
-                        description: Path to access on the HTTP server.
-                        type: string
-                      port:
-                        description: Port on which the endpoint lives.
-                        type: integer
-                      scheme:
-                        type: string
-                    type: object
-                  initialDelaySeconds:
-                    description: Number of seconds after the container has started
-                      before readiness probes are initiated.
-                    format: int32
-                    type: integer
-                  periodSeconds:
-                    description: How often (in seconds) to perform the probe.
-                    format: int32
-                    type: integer
-                  successThreshold:
-                    description: Minimum consecutive successes for the probe to be
-                      considered successful after having failed.
-                    format: int32
-                    type: integer
-                  tcpSocket:
-                    description: Health is determined by if the proxy is able to connect.
-                    properties:
-                      host:
-                        type: string
-                      port:
-                        type: integer
-                    type: object
-                  timeoutSeconds:
-                    description: Number of seconds after which the probe times out.
-                    format: int32
-                    type: integer
-                type: object
-              template:
-                description: Template to be used for the generation of `WorkloadEntry`
-                  resources that belong to this `WorkloadGroup`.
-                properties:
-                  address:
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: One or more labels associated with the endpoint.
-                    type: object
-                  locality:
-                    description: The locality associated with the endpoint.
-                    type: string
-                  network:
-                    type: string
-                  ports:
-                    additionalProperties:
-                      type: integer
-                    description: Set of ports associated with the endpoint.
-                    type: object
-                  serviceAccount:
-                    type: string
-                  weight:
-                    description: The load balancing weight associated with the endpoint.
-                    type: integer
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: authorizationpolicies.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: AuthorizationPolicy
-    listKind: AuthorizationPolicyList
-    plural: authorizationpolicies
-    singular: authorizationpolicy
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration for access control on workloads. See more
-              details at: https://istio.io/docs/reference/config/security/authorization-policy.html'
-            oneOf:
-            - not:
-                anyOf:
-                - required:
-                  - provider
-            - required:
-              - provider
-            properties:
-              action:
-                description: Optional.
-                enum:
-                - ALLOW
-                - DENY
-                - AUDIT
-                - CUSTOM
-                type: string
-              provider:
-                description: Specifies detailed configuration of the CUSTOM action.
-                properties:
-                  name:
-                    description: Specifies the name of the extension provider.
-                    type: string
-                type: object
-              rules:
-                description: Optional.
-                items:
-                  properties:
-                    from:
-                      description: Optional.
-                      items:
-                        properties:
-                          source:
-                            description: Source specifies the source of a request.
-                            properties:
-                              ipBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              namespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notNamespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRemoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRequestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              principals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              remoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              requestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    to:
-                      description: Optional.
-                      items:
-                        properties:
-                          operation:
-                            description: Operation specifies the operation of a request.
-                            properties:
-                              hosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              methods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notHosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notMethods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPaths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPorts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              paths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              ports:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    when:
-                      description: Optional.
-                      items:
-                        properties:
-                          key:
-                            description: The name of an Istio attribute.
-                            type: string
-                          notValues:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                          values:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: peerauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: PeerAuthentication
-    listKind: PeerAuthenticationList
-    plural: peerauthentications
-    shortNames:
-    - pa
-    singular: peerauthentication
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Defines the mTLS mode used for peer authentication.
-      jsonPath: .spec.mtls.mode
-      name: Mode
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: PeerAuthentication defines how traffic will be tunneled (or
-              not) to the sidecar.
-            properties:
-              mtls:
-                description: Mutual TLS settings for workload.
-                properties:
-                  mode:
-                    description: Defines the mTLS mode used for peer authentication.
-                    enum:
-                    - UNSET
-                    - DISABLE
-                    - PERMISSIVE
-                    - STRICT
-                    type: string
-                type: object
-              portLevelMtls:
-                additionalProperties:
-                  properties:
-                    mode:
-                      description: Defines the mTLS mode used for peer authentication.
-                      enum:
-                      - UNSET
-                      - DISABLE
-                      - PERMISSIVE
-                      - STRICT
-                      type: string
-                  type: object
-                description: Port specific mutual TLS settings.
-                type: object
-              selector:
-                description: The selector determines the workloads to apply the ChannelAuthentication
-                  on.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: requestauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: RequestAuthentication
-    listKind: RequestAuthenticationList
-    plural: requestauthentications
-    shortNames:
-    - ra
-    singular: requestauthentication
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: RequestAuthentication defines what request authentication
-              methods are supported by a workload.
-            properties:
-              jwtRules:
-                description: Define the list of JWTs that can be validated at the
-                  selected workloads' proxy.
-                items:
-                  properties:
-                    audiences:
-                      items:
-                        type: string
-                      type: array
-                    forwardOriginalToken:
-                      description: If set to true, the original token will be kept
-                        for the upstream request.
-                      type: boolean
-                    fromHeaders:
-                      description: List of header locations from which JWT is expected.
-                      items:
-                        properties:
-                          name:
-                            description: The HTTP header name.
-                            type: string
-                          prefix:
-                            description: The prefix that should be stripped before
-                              decoding the token.
-                            type: string
-                        type: object
-                      type: array
-                    fromParams:
-                      description: List of query parameters from which JWT is expected.
-                      items:
-                        type: string
-                      type: array
-                    issuer:
-                      description: Identifies the issuer that issued the JWT.
-                      type: string
-                    jwks:
-                      description: JSON Web Key Set of public keys to validate signature
-                        of the JWT.
-                      type: string
-                    jwks_uri:
-                      type: string
-                    jwksUri:
-                      type: string
-                    outputPayloadToHeader:
-                      type: string
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: telemetry
-    release: istio
-  name: telemetries.telemetry.istio.io
-spec:
-  group: telemetry.istio.io
-  names:
-    categories:
-    - istio-io
-    - telemetry-istio-io
-    kind: Telemetry
-    listKind: TelemetryList
-    plural: telemetries
-    shortNames:
-    - telemetry
-    singular: telemetry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Telemetry configuration for workloads. See more details
-              at: https://istio.io/docs/reference/config/telemetry.html'
-            properties:
-              accessLogging:
-                description: Optional.
-                items:
-                  properties:
-                    disabled:
-                      description: Controls logging.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              metrics:
-                description: Optional.
-                items:
-                  properties:
-                    overrides:
-                      description: Optional.
-                      items:
-                        properties:
-                          disabled:
-                            description: Optional.
-                            nullable: true
-                            type: boolean
-                          match:
-                            description: Match allows provides the scope of the override.
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - metric
-                                - required:
-                                  - customMetric
-                            - required:
-                              - metric
-                            - required:
-                              - customMetric
-                            properties:
-                              customMetric:
-                                description: Allows free-form specification of a metric.
-                                type: string
-                              metric:
-                                description: One of the well-known Istio Standard
-                                  Metrics.
-                                enum:
-                                - ALL_METRICS
-                                - REQUEST_COUNT
-                                - REQUEST_DURATION
-                                - REQUEST_SIZE
-                                - RESPONSE_SIZE
-                                - TCP_OPENED_CONNECTIONS
-                                - TCP_CLOSED_CONNECTIONS
-                                - TCP_SENT_BYTES
-                                - TCP_RECEIVED_BYTES
-                                - GRPC_REQUEST_MESSAGES
-                                - GRPC_RESPONSE_MESSAGES
-                                type: string
-                              mode:
-                                description: 'Controls which mode of metrics generation
-                                  is selected: CLIENT and/or SERVER.'
-                                enum:
-                                - CLIENT_AND_SERVER
-                                - CLIENT
-                                - SERVER
-                                type: string
-                            type: object
-                          tagOverrides:
-                            additionalProperties:
-                              properties:
-                                operation:
-                                  description: Operation controls whether or not to
-                                    update/add a tag, or to remove it.
-                                  enum:
-                                  - UPSERT
-                                  - REMOVE
-                                  type: string
-                                value:
-                                  description: Value is only considered if the operation
-                                    is `UPSERT`.
-                                  type: string
-                              type: object
-                            description: Optional.
-                            type: object
-                        type: object
-                      type: array
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              tracing:
-                description: Optional.
-                items:
-                  properties:
-                    customTags:
-                      additionalProperties:
-                        oneOf:
-                        - not:
-                            anyOf:
-                            - required:
-                              - literal
-                            - required:
-                              - environment
-                            - required:
-                              - header
-                        - required:
-                          - literal
-                        - required:
-                          - environment
-                        - required:
-                          - header
-                        properties:
-                          environment:
-                            description: Environment adds the value of an environment
-                              variable to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the environment variable from
-                                  which to extract the tag value.
-                                type: string
-                            type: object
-                          header:
-                            description: RequestHeader adds the value of an header
-                              from the request to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the header from which to extract
-                                  the tag value.
-                                type: string
-                            type: object
-                          literal:
-                            description: Literal adds the same, hard-coded value to
-                              each span.
-                            properties:
-                              value:
-                                description: The tag value to use.
-                                type: string
-                            type: object
-                        type: object
-                      description: Optional.
-                      type: object
-                    disableSpanReporting:
-                      description: Controls span reporting.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                    randomSamplingPercentage:
-                      nullable: true
-                      type: number
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-operator.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-operator.yaml
deleted file mode 100644
index 2a80f4186..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/crds/crd-operator.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-# SYNC WITH manifests/charts/istio-operator/templates
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: istiooperators.install.istio.io
-  labels:
-    release: istio
-spec:
-  conversion:
-    strategy: None
-  group: install.istio.io
-  names:
-    kind: IstioOperator
-    listKind: IstioOperatorList
-    plural: istiooperators
-    singular: istiooperator
-    shortNames:
-    - iop
-    - io
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Istio control plane revision
-      jsonPath: .spec.revision
-      name: Revision
-      type: string
-    - description: IOP current state
-      jsonPath: .status.status
-      name: Status
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    subresources:
-      status: {}
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    served: true
-    storage: true
----
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/files/gen-istio-cluster.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/files/gen-istio-cluster.yaml
deleted file mode 100644
index da4025a7d..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/files/gen-istio-cluster.yaml
+++ /dev/null
@@ -1,6301 +0,0 @@
----
-# Source: crds/crd-all.gen.yaml
-# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: wasmplugins.extensions.istio.io
-spec:
-  group: extensions.istio.io
-  names:
-    categories:
-    - istio-io
-    - extensions-istio-io
-    kind: WasmPlugin
-    listKind: WasmPluginList
-    plural: wasmplugins
-    singular: wasmplugin
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Extend the functionality provided by the Istio proxy through
-              WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
-            properties:
-              imagePullPolicy:
-                description: The pull behaviour to be applied when fetching an OCI
-                  image.
-                enum:
-                - UNSPECIFIED_POLICY
-                - IfNotPresent
-                - Always
-                type: string
-              imagePullSecret:
-                description: Credentials to use for OCI image pulling.
-                type: string
-              phase:
-                description: Determines where in the filter chain this `WasmPlugin`
-                  is to be injected.
-                enum:
-                - UNSPECIFIED_PHASE
-                - AUTHN
-                - AUTHZ
-                - STATS
-                type: string
-              pluginConfig:
-                description: The configuration that will be passed on to the plugin.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              pluginName:
-                type: string
-              priority:
-                description: Determines ordering of `WasmPlugins` in the same `phase`.
-                nullable: true
-                type: integer
-              selector:
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              sha256:
-                description: SHA256 checksum that will be used to verify Wasm module
-                  or OCI container.
-                type: string
-              url:
-                description: URL of a Wasm module or OCI container.
-                type: string
-              verificationKey:
-                type: string
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: destinationrules.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: DestinationRule
-    listKind: DestinationRuleList
-    plural: destinationrules
-    shortNames:
-    - dr
-    singular: destinationrule
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The name of a service from the service registry
-      jsonPath: .spec.host
-      name: Host
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting load balancing, outlier detection,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this destination rule is
-                  exported.
-                items:
-                  type: string
-                type: array
-              host:
-                description: The name of a service from the service registry.
-                type: string
-              subsets:
-                items:
-                  properties:
-                    labels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                    name:
-                      description: Name of the subset.
-                      type: string
-                    trafficPolicy:
-                      description: Traffic policies that apply to this subset.
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        portLevelSettings:
-                          description: Traffic policies specific to individual ports.
-                          items:
-                            properties:
-                              connectionPool:
-                                properties:
-                                  http:
-                                    description: HTTP connection pool settings.
-                                    properties:
-                                      h2UpgradePolicy:
-                                        description: Specify if http1.1 connection
-                                          should be upgraded to http2 for the associated
-                                          destination.
-                                        enum:
-                                        - DEFAULT
-                                        - DO_NOT_UPGRADE
-                                        - UPGRADE
-                                        type: string
-                                      http1MaxPendingRequests:
-                                        description: Maximum number of pending HTTP
-                                          requests to a destination.
-                                        format: int32
-                                        type: integer
-                                      http2MaxRequests:
-                                        description: Maximum number of requests to
-                                          a backend.
-                                        format: int32
-                                        type: integer
-                                      idleTimeout:
-                                        description: The idle timeout for upstream
-                                          connection pool connections.
-                                        type: string
-                                      maxRequestsPerConnection:
-                                        description: Maximum number of requests per
-                                          connection to a backend.
-                                        format: int32
-                                        type: integer
-                                      maxRetries:
-                                        format: int32
-                                        type: integer
-                                      useClientProtocol:
-                                        description: If set to true, client protocol
-                                          will be preserved while initiating connection
-                                          to backend.
-                                        type: boolean
-                                    type: object
-                                  tcp:
-                                    description: Settings common to both HTTP and
-                                      TCP upstream connections.
-                                    properties:
-                                      connectTimeout:
-                                        description: TCP connection timeout.
-                                        type: string
-                                      maxConnections:
-                                        description: Maximum number of HTTP1 /TCP
-                                          connections to a destination host.
-                                        format: int32
-                                        type: integer
-                                      tcpKeepalive:
-                                        description: If set then set SO_KEEPALIVE
-                                          on the socket to enable TCP Keepalives.
-                                        properties:
-                                          interval:
-                                            description: The time duration between
-                                              keep-alive probes.
-                                            type: string
-                                          probes:
-                                            type: integer
-                                          time:
-                                            type: string
-                                        type: object
-                                    type: object
-                                type: object
-                              loadBalancer:
-                                description: Settings controlling the load balancer
-                                  algorithms.
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - simple
-                                    - properties:
-                                        consistentHash:
-                                          oneOf:
-                                          - not:
-                                              anyOf:
-                                              - required:
-                                                - httpHeaderName
-                                              - required:
-                                                - httpCookie
-                                              - required:
-                                                - useSourceIp
-                                              - required:
-                                                - httpQueryParameterName
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      required:
-                                      - consistentHash
-                                - required:
-                                  - simple
-                                - properties:
-                                    consistentHash:
-                                      oneOf:
-                                      - not:
-                                          anyOf:
-                                          - required:
-                                            - httpHeaderName
-                                          - required:
-                                            - httpCookie
-                                          - required:
-                                            - useSourceIp
-                                          - required:
-                                            - httpQueryParameterName
-                                      - required:
-                                        - httpHeaderName
-                                      - required:
-                                        - httpCookie
-                                      - required:
-                                        - useSourceIp
-                                      - required:
-                                        - httpQueryParameterName
-                                  required:
-                                  - consistentHash
-                                properties:
-                                  consistentHash:
-                                    properties:
-                                      httpCookie:
-                                        description: Hash based on HTTP cookie.
-                                        properties:
-                                          name:
-                                            description: Name of the cookie.
-                                            type: string
-                                          path:
-                                            description: Path to set for the cookie.
-                                            type: string
-                                          ttl:
-                                            description: Lifetime of the cookie.
-                                            type: string
-                                        type: object
-                                      httpHeaderName:
-                                        description: Hash based on a specific HTTP
-                                          header.
-                                        type: string
-                                      httpQueryParameterName:
-                                        description: Hash based on a specific HTTP
-                                          query parameter.
-                                        type: string
-                                      minimumRingSize:
-                                        type: integer
-                                      useSourceIp:
-                                        description: Hash based on the source IP address.
-                                        type: boolean
-                                    type: object
-                                  localityLbSetting:
-                                    properties:
-                                      distribute:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating locality, '/'
-                                                separated, e.g.
-                                              type: string
-                                            to:
-                                              additionalProperties:
-                                                type: integer
-                                              description: Map of upstream localities
-                                                to traffic distribution weights.
-                                              type: object
-                                          type: object
-                                        type: array
-                                      enabled:
-                                        description: enable locality load balancing,
-                                          this is DestinationRule-level and will override
-                                          mesh wide settings in entirety.
-                                        nullable: true
-                                        type: boolean
-                                      failover:
-                                        description: 'Optional: only one of distribute,
-                                          failover or failoverPriority can be set.'
-                                        items:
-                                          properties:
-                                            from:
-                                              description: Originating region.
-                                              type: string
-                                            to:
-                                              type: string
-                                          type: object
-                                        type: array
-                                      failoverPriority:
-                                        description: failoverPriority is an ordered
-                                          list of labels used to sort endpoints to
-                                          do priority based load balancing.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  simple:
-                                    enum:
-                                    - ROUND_ROBIN
-                                    - LEAST_CONN
-                                    - RANDOM
-                                    - PASSTHROUGH
-                                    type: string
-                                type: object
-                              outlierDetection:
-                                properties:
-                                  baseEjectionTime:
-                                    description: Minimum ejection duration.
-                                    type: string
-                                  consecutive5xxErrors:
-                                    description: Number of 5xx errors before a host
-                                      is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveErrors:
-                                    format: int32
-                                    type: integer
-                                  consecutiveGatewayErrors:
-                                    description: Number of gateway errors before a
-                                      host is ejected from the connection pool.
-                                    nullable: true
-                                    type: integer
-                                  consecutiveLocalOriginFailures:
-                                    nullable: true
-                                    type: integer
-                                  interval:
-                                    description: Time interval between ejection sweep
-                                      analysis.
-                                    type: string
-                                  maxEjectionPercent:
-                                    format: int32
-                                    type: integer
-                                  minHealthPercent:
-                                    format: int32
-                                    type: integer
-                                  splitExternalLocalOriginErrors:
-                                    description: Determines whether to distinguish
-                                      local origin failures from external errors.
-                                    type: boolean
-                                type: object
-                              port:
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              tls:
-                                description: TLS related settings for connections
-                                  to the upstream service.
-                                properties:
-                                  caCertificates:
-                                    type: string
-                                  clientCertificate:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  credentialName:
-                                    type: string
-                                  insecureSkipVerify:
-                                    nullable: true
-                                    type: boolean
-                                  mode:
-                                    enum:
-                                    - DISABLE
-                                    - SIMPLE
-                                    - MUTUAL
-                                    - ISTIO_MUTUAL
-                                    type: string
-                                  privateKey:
-                                    description: REQUIRED if mode is `MUTUAL`.
-                                    type: string
-                                  sni:
-                                    description: SNI string to present to the server
-                                      during TLS handshake.
-                                    type: string
-                                  subjectAltNames:
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          type: array
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                  type: object
-                type: array
-              trafficPolicy:
-                properties:
-                  connectionPool:
-                    properties:
-                      http:
-                        description: HTTP connection pool settings.
-                        properties:
-                          h2UpgradePolicy:
-                            description: Specify if http1.1 connection should be upgraded
-                              to http2 for the associated destination.
-                            enum:
-                            - DEFAULT
-                            - DO_NOT_UPGRADE
-                            - UPGRADE
-                            type: string
-                          http1MaxPendingRequests:
-                            description: Maximum number of pending HTTP requests to
-                              a destination.
-                            format: int32
-                            type: integer
-                          http2MaxRequests:
-                            description: Maximum number of requests to a backend.
-                            format: int32
-                            type: integer
-                          idleTimeout:
-                            description: The idle timeout for upstream connection
-                              pool connections.
-                            type: string
-                          maxRequestsPerConnection:
-                            description: Maximum number of requests per connection
-                              to a backend.
-                            format: int32
-                            type: integer
-                          maxRetries:
-                            format: int32
-                            type: integer
-                          useClientProtocol:
-                            description: If set to true, client protocol will be preserved
-                              while initiating connection to backend.
-                            type: boolean
-                        type: object
-                      tcp:
-                        description: Settings common to both HTTP and TCP upstream
-                          connections.
-                        properties:
-                          connectTimeout:
-                            description: TCP connection timeout.
-                            type: string
-                          maxConnections:
-                            description: Maximum number of HTTP1 /TCP connections
-                              to a destination host.
-                            format: int32
-                            type: integer
-                          tcpKeepalive:
-                            description: If set then set SO_KEEPALIVE on the socket
-                              to enable TCP Keepalives.
-                            properties:
-                              interval:
-                                description: The time duration between keep-alive
-                                  probes.
-                                type: string
-                              probes:
-                                type: integer
-                              time:
-                                type: string
-                            type: object
-                        type: object
-                    type: object
-                  loadBalancer:
-                    description: Settings controlling the load balancer algorithms.
-                    oneOf:
-                    - not:
-                        anyOf:
-                        - required:
-                          - simple
-                        - properties:
-                            consistentHash:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - httpHeaderName
-                                  - required:
-                                    - httpCookie
-                                  - required:
-                                    - useSourceIp
-                                  - required:
-                                    - httpQueryParameterName
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          required:
-                          - consistentHash
-                    - required:
-                      - simple
-                    - properties:
-                        consistentHash:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpHeaderName
-                              - required:
-                                - httpCookie
-                              - required:
-                                - useSourceIp
-                              - required:
-                                - httpQueryParameterName
-                          - required:
-                            - httpHeaderName
-                          - required:
-                            - httpCookie
-                          - required:
-                            - useSourceIp
-                          - required:
-                            - httpQueryParameterName
-                      required:
-                      - consistentHash
-                    properties:
-                      consistentHash:
-                        properties:
-                          httpCookie:
-                            description: Hash based on HTTP cookie.
-                            properties:
-                              name:
-                                description: Name of the cookie.
-                                type: string
-                              path:
-                                description: Path to set for the cookie.
-                                type: string
-                              ttl:
-                                description: Lifetime of the cookie.
-                                type: string
-                            type: object
-                          httpHeaderName:
-                            description: Hash based on a specific HTTP header.
-                            type: string
-                          httpQueryParameterName:
-                            description: Hash based on a specific HTTP query parameter.
-                            type: string
-                          minimumRingSize:
-                            type: integer
-                          useSourceIp:
-                            description: Hash based on the source IP address.
-                            type: boolean
-                        type: object
-                      localityLbSetting:
-                        properties:
-                          distribute:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating locality, '/' separated,
-                                    e.g.
-                                  type: string
-                                to:
-                                  additionalProperties:
-                                    type: integer
-                                  description: Map of upstream localities to traffic
-                                    distribution weights.
-                                  type: object
-                              type: object
-                            type: array
-                          enabled:
-                            description: enable locality load balancing, this is DestinationRule-level
-                              and will override mesh wide settings in entirety.
-                            nullable: true
-                            type: boolean
-                          failover:
-                            description: 'Optional: only one of distribute, failover
-                              or failoverPriority can be set.'
-                            items:
-                              properties:
-                                from:
-                                  description: Originating region.
-                                  type: string
-                                to:
-                                  type: string
-                              type: object
-                            type: array
-                          failoverPriority:
-                            description: failoverPriority is an ordered list of labels
-                              used to sort endpoints to do priority based load balancing.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      simple:
-                        enum:
-                        - ROUND_ROBIN
-                        - LEAST_CONN
-                        - RANDOM
-                        - PASSTHROUGH
-                        type: string
-                    type: object
-                  outlierDetection:
-                    properties:
-                      baseEjectionTime:
-                        description: Minimum ejection duration.
-                        type: string
-                      consecutive5xxErrors:
-                        description: Number of 5xx errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveErrors:
-                        format: int32
-                        type: integer
-                      consecutiveGatewayErrors:
-                        description: Number of gateway errors before a host is ejected
-                          from the connection pool.
-                        nullable: true
-                        type: integer
-                      consecutiveLocalOriginFailures:
-                        nullable: true
-                        type: integer
-                      interval:
-                        description: Time interval between ejection sweep analysis.
-                        type: string
-                      maxEjectionPercent:
-                        format: int32
-                        type: integer
-                      minHealthPercent:
-                        format: int32
-                        type: integer
-                      splitExternalLocalOriginErrors:
-                        description: Determines whether to distinguish local origin
-                          failures from external errors.
-                        type: boolean
-                    type: object
-                  portLevelSettings:
-                    description: Traffic policies specific to individual ports.
-                    items:
-                      properties:
-                        connectionPool:
-                          properties:
-                            http:
-                              description: HTTP connection pool settings.
-                              properties:
-                                h2UpgradePolicy:
-                                  description: Specify if http1.1 connection should
-                                    be upgraded to http2 for the associated destination.
-                                  enum:
-                                  - DEFAULT
-                                  - DO_NOT_UPGRADE
-                                  - UPGRADE
-                                  type: string
-                                http1MaxPendingRequests:
-                                  description: Maximum number of pending HTTP requests
-                                    to a destination.
-                                  format: int32
-                                  type: integer
-                                http2MaxRequests:
-                                  description: Maximum number of requests to a backend.
-                                  format: int32
-                                  type: integer
-                                idleTimeout:
-                                  description: The idle timeout for upstream connection
-                                    pool connections.
-                                  type: string
-                                maxRequestsPerConnection:
-                                  description: Maximum number of requests per connection
-                                    to a backend.
-                                  format: int32
-                                  type: integer
-                                maxRetries:
-                                  format: int32
-                                  type: integer
-                                useClientProtocol:
-                                  description: If set to true, client protocol will
-                                    be preserved while initiating connection to backend.
-                                  type: boolean
-                              type: object
-                            tcp:
-                              description: Settings common to both HTTP and TCP upstream
-                                connections.
-                              properties:
-                                connectTimeout:
-                                  description: TCP connection timeout.
-                                  type: string
-                                maxConnections:
-                                  description: Maximum number of HTTP1 /TCP connections
-                                    to a destination host.
-                                  format: int32
-                                  type: integer
-                                tcpKeepalive:
-                                  description: If set then set SO_KEEPALIVE on the
-                                    socket to enable TCP Keepalives.
-                                  properties:
-                                    interval:
-                                      description: The time duration between keep-alive
-                                        probes.
-                                      type: string
-                                    probes:
-                                      type: integer
-                                    time:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                        loadBalancer:
-                          description: Settings controlling the load balancer algorithms.
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - simple
-                              - properties:
-                                  consistentHash:
-                                    oneOf:
-                                    - not:
-                                        anyOf:
-                                        - required:
-                                          - httpHeaderName
-                                        - required:
-                                          - httpCookie
-                                        - required:
-                                          - useSourceIp
-                                        - required:
-                                          - httpQueryParameterName
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                required:
-                                - consistentHash
-                          - required:
-                            - simple
-                          - properties:
-                              consistentHash:
-                                oneOf:
-                                - not:
-                                    anyOf:
-                                    - required:
-                                      - httpHeaderName
-                                    - required:
-                                      - httpCookie
-                                    - required:
-                                      - useSourceIp
-                                    - required:
-                                      - httpQueryParameterName
-                                - required:
-                                  - httpHeaderName
-                                - required:
-                                  - httpCookie
-                                - required:
-                                  - useSourceIp
-                                - required:
-                                  - httpQueryParameterName
-                            required:
-                            - consistentHash
-                          properties:
-                            consistentHash:
-                              properties:
-                                httpCookie:
-                                  description: Hash based on HTTP cookie.
-                                  properties:
-                                    name:
-                                      description: Name of the cookie.
-                                      type: string
-                                    path:
-                                      description: Path to set for the cookie.
-                                      type: string
-                                    ttl:
-                                      description: Lifetime of the cookie.
-                                      type: string
-                                  type: object
-                                httpHeaderName:
-                                  description: Hash based on a specific HTTP header.
-                                  type: string
-                                httpQueryParameterName:
-                                  description: Hash based on a specific HTTP query
-                                    parameter.
-                                  type: string
-                                minimumRingSize:
-                                  type: integer
-                                useSourceIp:
-                                  description: Hash based on the source IP address.
-                                  type: boolean
-                              type: object
-                            localityLbSetting:
-                              properties:
-                                distribute:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating locality, '/' separated,
-                                          e.g.
-                                        type: string
-                                      to:
-                                        additionalProperties:
-                                          type: integer
-                                        description: Map of upstream localities to
-                                          traffic distribution weights.
-                                        type: object
-                                    type: object
-                                  type: array
-                                enabled:
-                                  description: enable locality load balancing, this
-                                    is DestinationRule-level and will override mesh
-                                    wide settings in entirety.
-                                  nullable: true
-                                  type: boolean
-                                failover:
-                                  description: 'Optional: only one of distribute,
-                                    failover or failoverPriority can be set.'
-                                  items:
-                                    properties:
-                                      from:
-                                        description: Originating region.
-                                        type: string
-                                      to:
-                                        type: string
-                                    type: object
-                                  type: array
-                                failoverPriority:
-                                  description: failoverPriority is an ordered list
-                                    of labels used to sort endpoints to do priority
-                                    based load balancing.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            simple:
-                              enum:
-                              - ROUND_ROBIN
-                              - LEAST_CONN
-                              - RANDOM
-                              - PASSTHROUGH
-                              type: string
-                          type: object
-                        outlierDetection:
-                          properties:
-                            baseEjectionTime:
-                              description: Minimum ejection duration.
-                              type: string
-                            consecutive5xxErrors:
-                              description: Number of 5xx errors before a host is ejected
-                                from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveErrors:
-                              format: int32
-                              type: integer
-                            consecutiveGatewayErrors:
-                              description: Number of gateway errors before a host
-                                is ejected from the connection pool.
-                              nullable: true
-                              type: integer
-                            consecutiveLocalOriginFailures:
-                              nullable: true
-                              type: integer
-                            interval:
-                              description: Time interval between ejection sweep analysis.
-                              type: string
-                            maxEjectionPercent:
-                              format: int32
-                              type: integer
-                            minHealthPercent:
-                              format: int32
-                              type: integer
-                            splitExternalLocalOriginErrors:
-                              description: Determines whether to distinguish local
-                                origin failures from external errors.
-                              type: boolean
-                          type: object
-                        port:
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        tls:
-                          description: TLS related settings for connections to the
-                            upstream service.
-                          properties:
-                            caCertificates:
-                              type: string
-                            clientCertificate:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            credentialName:
-                              type: string
-                            insecureSkipVerify:
-                              nullable: true
-                              type: boolean
-                            mode:
-                              enum:
-                              - DISABLE
-                              - SIMPLE
-                              - MUTUAL
-                              - ISTIO_MUTUAL
-                              type: string
-                            privateKey:
-                              description: REQUIRED if mode is `MUTUAL`.
-                              type: string
-                            sni:
-                              description: SNI string to present to the server during
-                                TLS handshake.
-                              type: string
-                            subjectAltNames:
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                      type: object
-                    type: array
-                  tls:
-                    description: TLS related settings for connections to the upstream
-                      service.
-                    properties:
-                      caCertificates:
-                        type: string
-                      clientCertificate:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      credentialName:
-                        type: string
-                      insecureSkipVerify:
-                        nullable: true
-                        type: boolean
-                      mode:
-                        enum:
-                        - DISABLE
-                        - SIMPLE
-                        - MUTUAL
-                        - ISTIO_MUTUAL
-                        type: string
-                      privateKey:
-                        description: REQUIRED if mode is `MUTUAL`.
-                        type: string
-                      sni:
-                        description: SNI string to present to the server during TLS
-                          handshake.
-                        type: string
-                      subjectAltNames:
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: envoyfilters.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: EnvoyFilter
-    listKind: EnvoyFilterList
-    plural: envoyfilters
-    singular: envoyfilter
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Customizing Envoy configuration generated by Istio. See
-              more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
-            properties:
-              configPatches:
-                description: One or more patches with match conditions.
-                items:
-                  properties:
-                    applyTo:
-                      enum:
-                      - INVALID
-                      - LISTENER
-                      - FILTER_CHAIN
-                      - NETWORK_FILTER
-                      - HTTP_FILTER
-                      - ROUTE_CONFIGURATION
-                      - VIRTUAL_HOST
-                      - HTTP_ROUTE
-                      - CLUSTER
-                      - EXTENSION_CONFIG
-                      - BOOTSTRAP
-                      type: string
-                    match:
-                      description: Match on listener/route configuration/cluster.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - listener
-                          - required:
-                            - routeConfiguration
-                          - required:
-                            - cluster
-                      - required:
-                        - listener
-                      - required:
-                        - routeConfiguration
-                      - required:
-                        - cluster
-                      properties:
-                        cluster:
-                          description: Match on envoy cluster attributes.
-                          properties:
-                            name:
-                              description: The exact name of the cluster to match.
-                              type: string
-                            portNumber:
-                              description: The service port for which this cluster
-                                was generated.
-                              type: integer
-                            service:
-                              description: The fully qualified service name for this
-                                cluster.
-                              type: string
-                            subset:
-                              description: The subset associated with the service.
-                              type: string
-                          type: object
-                        context:
-                          description: The specific config generation context to match
-                            on.
-                          enum:
-                          - ANY
-                          - SIDECAR_INBOUND
-                          - SIDECAR_OUTBOUND
-                          - GATEWAY
-                          type: string
-                        listener:
-                          description: Match on envoy listener attributes.
-                          properties:
-                            filterChain:
-                              description: Match a specific filter chain in a listener.
-                              properties:
-                                applicationProtocols:
-                                  description: Applies only to sidecars.
-                                  type: string
-                                destinationPort:
-                                  description: The destination_port value used by
-                                    a filter chain's match condition.
-                                  type: integer
-                                filter:
-                                  description: The name of a specific filter to apply
-                                    the patch to.
-                                  properties:
-                                    name:
-                                      description: The filter name to match on.
-                                      type: string
-                                    subFilter:
-                                      properties:
-                                        name:
-                                          description: The filter name to match on.
-                                          type: string
-                                      type: object
-                                  type: object
-                                name:
-                                  description: The name assigned to the filter chain.
-                                  type: string
-                                sni:
-                                  description: The SNI value used by a filter chain's
-                                    match condition.
-                                  type: string
-                                transportProtocol:
-                                  description: Applies only to `SIDECAR_INBOUND` context.
-                                  type: string
-                              type: object
-                            name:
-                              description: Match a specific listener by its name.
-                              type: string
-                            portName:
-                              type: string
-                            portNumber:
-                              type: integer
-                          type: object
-                        proxy:
-                          description: Match on properties associated with a proxy.
-                          properties:
-                            metadata:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            proxyVersion:
-                              type: string
-                          type: object
-                        routeConfiguration:
-                          description: Match on envoy HTTP route configuration attributes.
-                          properties:
-                            gateway:
-                              type: string
-                            name:
-                              description: Route configuration name to match on.
-                              type: string
-                            portName:
-                              description: Applicable only for GATEWAY context.
-                              type: string
-                            portNumber:
-                              type: integer
-                            vhost:
-                              properties:
-                                name:
-                                  type: string
-                                route:
-                                  description: Match a specific route within the virtual
-                                    host.
-                                  properties:
-                                    action:
-                                      description: Match a route with specific action
-                                        type.
-                                      enum:
-                                      - ANY
-                                      - ROUTE
-                                      - REDIRECT
-                                      - DIRECT_RESPONSE
-                                      type: string
-                                    name:
-                                      type: string
-                                  type: object
-                              type: object
-                          type: object
-                      type: object
-                    patch:
-                      description: The patch to apply along with the operation.
-                      properties:
-                        filterClass:
-                          description: Determines the filter insertion order.
-                          enum:
-                          - UNSPECIFIED
-                          - AUTHN
-                          - AUTHZ
-                          - STATS
-                          type: string
-                        operation:
-                          description: Determines how the patch should be applied.
-                          enum:
-                          - INVALID
-                          - MERGE
-                          - ADD
-                          - REMOVE
-                          - INSERT_BEFORE
-                          - INSERT_AFTER
-                          - INSERT_FIRST
-                          - REPLACE
-                          type: string
-                        value:
-                          description: The JSON config of the object being patched.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                      type: object
-                  type: object
-                type: array
-              priority:
-                description: Priority defines the order in which patch sets are applied
-                  within a context.
-                format: int32
-                type: integer
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: gateways.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Gateway
-    listKind: GatewayList
-    plural: gateways
-    shortNames:
-    - gw
-    singular: gateway
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting edge load balancer. See more details
-              at: https://istio.io/docs/reference/config/networking/gateway.html'
-            properties:
-              selector:
-                additionalProperties:
-                  type: string
-                type: object
-              servers:
-                description: A list of server specifications.
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    hosts:
-                      description: One or more hosts exposed by this gateway.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: An optional name of the server, when set must be
-                        unique across all servers.
-                      type: string
-                    port:
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                    tls:
-                      description: Set of TLS related options that govern the server's
-                        behavior.
-                      properties:
-                        caCertificates:
-                          description: REQUIRED if mode is `MUTUAL`.
-                          type: string
-                        cipherSuites:
-                          description: 'Optional: If specified, only support the specified
-                            cipher list.'
-                          items:
-                            type: string
-                          type: array
-                        credentialName:
-                          type: string
-                        httpsRedirect:
-                          type: boolean
-                        maxProtocolVersion:
-                          description: 'Optional: Maximum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        minProtocolVersion:
-                          description: 'Optional: Minimum TLS protocol version.'
-                          enum:
-                          - TLS_AUTO
-                          - TLSV1_0
-                          - TLSV1_1
-                          - TLSV1_2
-                          - TLSV1_3
-                          type: string
-                        mode:
-                          enum:
-                          - PASSTHROUGH
-                          - SIMPLE
-                          - MUTUAL
-                          - AUTO_PASSTHROUGH
-                          - ISTIO_MUTUAL
-                          type: string
-                        privateKey:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        serverCertificate:
-                          description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
-                          type: string
-                        subjectAltNames:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateHash:
-                          items:
-                            type: string
-                          type: array
-                        verifyCertificateSpki:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: serviceentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: ServiceEntry
-    listKind: ServiceEntryList
-    plural: serviceentries
-    shortNames:
-    - se
-    singular: serviceentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The hosts associated with the ServiceEntry
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: Whether the service is external to the mesh or part of the mesh
-        (MESH_EXTERNAL or MESH_INTERNAL)
-      jsonPath: .spec.location
-      name: Location
-      type: string
-    - description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
-      jsonPath: .spec.resolution
-      name: Resolution
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting service registry. See more details
-              at: https://istio.io/docs/reference/config/networking/service-entry.html'
-            properties:
-              addresses:
-                description: The virtual IP addresses associated with the service.
-                items:
-                  type: string
-                type: array
-              endpoints:
-                description: One or more endpoints associated with the service.
-                items:
-                  properties:
-                    address:
-                      type: string
-                    labels:
-                      additionalProperties:
-                        type: string
-                      description: One or more labels associated with the endpoint.
-                      type: object
-                    locality:
-                      description: The locality associated with the endpoint.
-                      type: string
-                    network:
-                      type: string
-                    ports:
-                      additionalProperties:
-                        type: integer
-                      description: Set of ports associated with the endpoint.
-                      type: object
-                    serviceAccount:
-                      type: string
-                    weight:
-                      description: The load balancing weight associated with the endpoint.
-                      type: integer
-                  type: object
-                type: array
-              exportTo:
-                description: A list of namespaces to which this service is exported.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The hosts associated with the ServiceEntry.
-                items:
-                  type: string
-                type: array
-              location:
-                enum:
-                - MESH_EXTERNAL
-                - MESH_INTERNAL
-                type: string
-              ports:
-                description: The ports associated with the external service.
-                items:
-                  properties:
-                    name:
-                      description: Label assigned to the port.
-                      type: string
-                    number:
-                      description: A valid non-negative integer port number.
-                      type: integer
-                    protocol:
-                      description: The protocol exposed on the port.
-                      type: string
-                    targetPort:
-                      type: integer
-                  type: object
-                type: array
-              resolution:
-                description: Service discovery mode for the hosts.
-                enum:
-                - NONE
-                - STATIC
-                - DNS
-                - DNS_ROUND_ROBIN
-                type: string
-              subjectAltNames:
-                items:
-                  type: string
-                type: array
-              workloadSelector:
-                description: Applicable only for MESH_INTERNAL services.
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: sidecars.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: Sidecar
-    listKind: SidecarList
-    plural: sidecars
-    singular: sidecar
-  scope: Namespaced
-  versions:
-  - name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting network reachability of a sidecar.
-              See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
-            properties:
-              egress:
-                items:
-                  properties:
-                    bind:
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    hosts:
-                      items:
-                        type: string
-                      type: array
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              ingress:
-                items:
-                  properties:
-                    bind:
-                      description: The IP to which the listener should be bound.
-                      type: string
-                    captureMode:
-                      enum:
-                      - DEFAULT
-                      - IPTABLES
-                      - NONE
-                      type: string
-                    defaultEndpoint:
-                      type: string
-                    port:
-                      description: The port associated with the listener.
-                      properties:
-                        name:
-                          description: Label assigned to the port.
-                          type: string
-                        number:
-                          description: A valid non-negative integer port number.
-                          type: integer
-                        protocol:
-                          description: The protocol exposed on the port.
-                          type: string
-                        targetPort:
-                          type: integer
-                      type: object
-                  type: object
-                type: array
-              outboundTrafficPolicy:
-                description: Configuration for the outbound traffic policy.
-                properties:
-                  egressProxy:
-                    properties:
-                      host:
-                        description: The name of a service from the service registry.
-                        type: string
-                      port:
-                        description: Specifies the port on the host that is being
-                          addressed.
-                        properties:
-                          number:
-                            type: integer
-                        type: object
-                      subset:
-                        description: The name of a subset within the service.
-                        type: string
-                    type: object
-                  mode:
-                    enum:
-                    - REGISTRY_ONLY
-                    - ALLOW_ANY
-                    type: string
-                type: object
-              workloadSelector:
-                properties:
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: virtualservices.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: VirtualService
-    listKind: VirtualServiceList
-    plural: virtualservices
-    shortNames:
-    - vs
-    singular: virtualservice
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: The names of gateways and sidecars that should apply these routes
-      jsonPath: .spec.gateways
-      name: Gateways
-      type: string
-    - description: The destination hosts to which traffic is being sent
-      jsonPath: .spec.hosts
-      name: Hosts
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting label/content routing, sni routing,
-              etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
-            properties:
-              exportTo:
-                description: A list of namespaces to which this virtual service is
-                  exported.
-                items:
-                  type: string
-                type: array
-              gateways:
-                description: The names of gateways and sidecars that should apply
-                  these routes.
-                items:
-                  type: string
-                type: array
-              hosts:
-                description: The destination hosts to which traffic is being sent.
-                items:
-                  type: string
-                type: array
-              http:
-                description: An ordered list of route rules for HTTP traffic.
-                items:
-                  properties:
-                    corsPolicy:
-                      description: Cross-Origin Resource Sharing policy (CORS).
-                      properties:
-                        allowCredentials:
-                          nullable: true
-                          type: boolean
-                        allowHeaders:
-                          items:
-                            type: string
-                          type: array
-                        allowMethods:
-                          description: List of HTTP methods allowed to access the
-                            resource.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigin:
-                          description: The list of origins that are allowed to perform
-                            CORS requests.
-                          items:
-                            type: string
-                          type: array
-                        allowOrigins:
-                          description: String patterns that match allowed origins.
-                          items:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          type: array
-                        exposeHeaders:
-                          items:
-                            type: string
-                          type: array
-                        maxAge:
-                          type: string
-                      type: object
-                    delegate:
-                      properties:
-                        name:
-                          description: Name specifies the name of the delegate VirtualService.
-                          type: string
-                        namespace:
-                          description: Namespace specifies the namespace where the
-                            delegate VirtualService resides.
-                          type: string
-                      type: object
-                    fault:
-                      description: Fault injection policy to apply on HTTP traffic
-                        at the client side.
-                      properties:
-                        abort:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - httpStatus
-                              - required:
-                                - grpcStatus
-                              - required:
-                                - http2Error
-                          - required:
-                            - httpStatus
-                          - required:
-                            - grpcStatus
-                          - required:
-                            - http2Error
-                          properties:
-                            grpcStatus:
-                              type: string
-                            http2Error:
-                              type: string
-                            httpStatus:
-                              description: HTTP status code to use to abort the Http
-                                request.
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests to be aborted with
-                                the error code provided.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                        delay:
-                          oneOf:
-                          - not:
-                              anyOf:
-                              - required:
-                                - fixedDelay
-                              - required:
-                                - exponentialDelay
-                          - required:
-                            - fixedDelay
-                          - required:
-                            - exponentialDelay
-                          properties:
-                            exponentialDelay:
-                              type: string
-                            fixedDelay:
-                              description: Add a fixed delay before forwarding the
-                                request.
-                              type: string
-                            percent:
-                              description: Percentage of requests on which the delay
-                                will be injected (0-100).
-                              format: int32
-                              type: integer
-                            percentage:
-                              description: Percentage of requests on which the delay
-                                will be injected.
-                              properties:
-                                value:
-                                  format: double
-                                  type: number
-                              type: object
-                          type: object
-                      type: object
-                    headers:
-                      properties:
-                        request:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        response:
-                          properties:
-                            add:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            remove:
-                              items:
-                                type: string
-                              type: array
-                            set:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                      type: object
-                    match:
-                      items:
-                        properties:
-                          authority:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          headers:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            type: object
-                          ignoreUriCase:
-                            description: Flag to specify whether the URI matching
-                              should be case-insensitive.
-                            type: boolean
-                          method:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          name:
-                            description: The name assigned to a match.
-                            type: string
-                          port:
-                            description: Specifies the ports on the host that is being
-                              addressed.
-                            type: integer
-                          queryParams:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: Query parameters for matching.
-                            type: object
-                          scheme:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          uri:
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - exact
-                                - required:
-                                  - prefix
-                                - required:
-                                  - regex
-                            - required:
-                              - exact
-                            - required:
-                              - prefix
-                            - required:
-                              - regex
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                              regex:
-                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                type: string
-                            type: object
-                          withoutHeaders:
-                            additionalProperties:
-                              oneOf:
-                              - not:
-                                  anyOf:
-                                  - required:
-                                    - exact
-                                  - required:
-                                    - prefix
-                                  - required:
-                                    - regex
-                              - required:
-                                - exact
-                              - required:
-                                - prefix
-                              - required:
-                                - regex
-                              properties:
-                                exact:
-                                  type: string
-                                prefix:
-                                  type: string
-                                regex:
-                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
-                                  type: string
-                              type: object
-                            description: withoutHeader has the same syntax with the
-                              header, but has opposite meaning.
-                            type: object
-                        type: object
-                      type: array
-                    mirror:
-                      properties:
-                        host:
-                          description: The name of a service from the service registry.
-                          type: string
-                        port:
-                          description: Specifies the port on the host that is being
-                            addressed.
-                          properties:
-                            number:
-                              type: integer
-                          type: object
-                        subset:
-                          description: The name of a subset within the service.
-                          type: string
-                      type: object
-                    mirror_percent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercent:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      nullable: true
-                      type: integer
-                    mirrorPercentage:
-                      description: Percentage of the traffic to be mirrored by the
-                        `mirror` field.
-                      properties:
-                        value:
-                          format: double
-                          type: number
-                      type: object
-                    name:
-                      description: The name assigned to the route for debugging purposes.
-                      type: string
-                    redirect:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      oneOf:
-                      - not:
-                          anyOf:
-                          - required:
-                            - port
-                          - required:
-                            - derivePort
-                      - required:
-                        - port
-                      - required:
-                        - derivePort
-                      properties:
-                        authority:
-                          type: string
-                        derivePort:
-                          enum:
-                          - FROM_PROTOCOL_DEFAULT
-                          - FROM_REQUEST_PORT
-                          type: string
-                        port:
-                          description: On a redirect, overwrite the port portion of
-                            the URL with this value.
-                          type: integer
-                        redirectCode:
-                          type: integer
-                        scheme:
-                          description: On a redirect, overwrite the scheme portion
-                            of the URL with this value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    retries:
-                      description: Retry policy for HTTP requests.
-                      properties:
-                        attempts:
-                          description: Number of retries to be allowed for a given
-                            request.
-                          format: int32
-                          type: integer
-                        perTryTimeout:
-                          description: Timeout per attempt for a given request, including
-                            the initial call and any retries.
-                          type: string
-                        retryOn:
-                          description: Specifies the conditions under which retry
-                            takes place.
-                          type: string
-                        retryRemoteLocalities:
-                          description: Flag to specify whether the retries should
-                            retry to other localities.
-                          nullable: true
-                          type: boolean
-                      type: object
-                    rewrite:
-                      description: Rewrite HTTP URIs and Authority headers.
-                      properties:
-                        authority:
-                          description: rewrite the Authority/Host header with this
-                            value.
-                          type: string
-                        uri:
-                          type: string
-                      type: object
-                    route:
-                      description: A HTTP rule can either redirect or forward (default)
-                        traffic.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          headers:
-                            properties:
-                              request:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                              response:
-                                properties:
-                                  add:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                  remove:
-                                    items:
-                                      type: string
-                                    type: array
-                                  set:
-                                    additionalProperties:
-                                      type: string
-                                    type: object
-                                type: object
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                    timeout:
-                      description: Timeout for HTTP requests, default is disabled.
-                      type: string
-                  type: object
-                type: array
-              tcp:
-                description: An ordered list of route rules for opaque TCP traffic.
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                          sourceSubnet:
-                            description: IPv4 or IPv6 ip address of source with optional
-                              subnet.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              tls:
-                items:
-                  properties:
-                    match:
-                      items:
-                        properties:
-                          destinationSubnets:
-                            description: IPv4 or IPv6 ip addresses of destination
-                              with optional subnet.
-                            items:
-                              type: string
-                            type: array
-                          gateways:
-                            description: Names of gateways where the rule should be
-                              applied.
-                            items:
-                              type: string
-                            type: array
-                          port:
-                            description: Specifies the port on the host that is being
-                              addressed.
-                            type: integer
-                          sniHosts:
-                            description: SNI (server name indicator) to match on.
-                            items:
-                              type: string
-                            type: array
-                          sourceLabels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          sourceNamespace:
-                            description: Source namespace constraining the applicability
-                              of a rule to workloads in that namespace.
-                            type: string
-                        type: object
-                      type: array
-                    route:
-                      description: The destination to which the connection should
-                        be forwarded to.
-                      items:
-                        properties:
-                          destination:
-                            properties:
-                              host:
-                                description: The name of a service from the service
-                                  registry.
-                                type: string
-                              port:
-                                description: Specifies the port on the host that is
-                                  being addressed.
-                                properties:
-                                  number:
-                                    type: integer
-                                type: object
-                              subset:
-                                description: The name of a subset within the service.
-                                type: string
-                            type: object
-                          weight:
-                            format: int32
-                            type: integer
-                        type: object
-                      type: array
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadentries.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadEntry
-    listKind: WorkloadEntryList
-    plural: workloadentries
-    shortNames:
-    - we
-    singular: workloadentry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Address associated with the network endpoint.
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration affecting VMs onboarded into the mesh. See
-              more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
-            properties:
-              address:
-                type: string
-              labels:
-                additionalProperties:
-                  type: string
-                description: One or more labels associated with the endpoint.
-                type: object
-              locality:
-                description: The locality associated with the endpoint.
-                type: string
-              network:
-                type: string
-              ports:
-                additionalProperties:
-                  type: integer
-                description: Set of ports associated with the endpoint.
-                type: object
-              serviceAccount:
-                type: string
-              weight:
-                description: The load balancing weight associated with the endpoint.
-                type: integer
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    release: istio
-  name: workloadgroups.networking.istio.io
-spec:
-  group: networking.istio.io
-  names:
-    categories:
-    - istio-io
-    - networking-istio-io
-    kind: WorkloadGroup
-    listKind: WorkloadGroupList
-    plural: workloadgroups
-    shortNames:
-    - wg
-    singular: workloadgroup
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Describes a collection of workload instances. See more details
-              at: https://istio.io/docs/reference/config/networking/workload-group.html'
-            properties:
-              metadata:
-                description: Metadata that will be used for all corresponding `WorkloadEntries`.
-                properties:
-                  annotations:
-                    additionalProperties:
-                      type: string
-                    type: object
-                  labels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              probe:
-                description: '`ReadinessProbe` describes the configuration the user
-                  must provide for healthchecking on their workload.'
-                oneOf:
-                - not:
-                    anyOf:
-                    - required:
-                      - httpGet
-                    - required:
-                      - tcpSocket
-                    - required:
-                      - exec
-                - required:
-                  - httpGet
-                - required:
-                  - tcpSocket
-                - required:
-                  - exec
-                properties:
-                  exec:
-                    description: Health is determined by how the command that is executed
-                      exited.
-                    properties:
-                      command:
-                        description: Command to run.
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  failureThreshold:
-                    description: Minimum consecutive failures for the probe to be
-                      considered failed after having succeeded.
-                    format: int32
-                    type: integer
-                  httpGet:
-                    properties:
-                      host:
-                        description: Host name to connect to, defaults to the pod
-                          IP.
-                        type: string
-                      httpHeaders:
-                        description: Headers the proxy will pass on to make the request.
-                        items:
-                          properties:
-                            name:
-                              type: string
-                            value:
-                              type: string
-                          type: object
-                        type: array
-                      path:
-                        description: Path to access on the HTTP server.
-                        type: string
-                      port:
-                        description: Port on which the endpoint lives.
-                        type: integer
-                      scheme:
-                        type: string
-                    type: object
-                  initialDelaySeconds:
-                    description: Number of seconds after the container has started
-                      before readiness probes are initiated.
-                    format: int32
-                    type: integer
-                  periodSeconds:
-                    description: How often (in seconds) to perform the probe.
-                    format: int32
-                    type: integer
-                  successThreshold:
-                    description: Minimum consecutive successes for the probe to be
-                      considered successful after having failed.
-                    format: int32
-                    type: integer
-                  tcpSocket:
-                    description: Health is determined by if the proxy is able to connect.
-                    properties:
-                      host:
-                        type: string
-                      port:
-                        type: integer
-                    type: object
-                  timeoutSeconds:
-                    description: Number of seconds after which the probe times out.
-                    format: int32
-                    type: integer
-                type: object
-              template:
-                description: Template to be used for the generation of `WorkloadEntry`
-                  resources that belong to this `WorkloadGroup`.
-                properties:
-                  address:
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: One or more labels associated with the endpoint.
-                    type: object
-                  locality:
-                    description: The locality associated with the endpoint.
-                    type: string
-                  network:
-                    type: string
-                  ports:
-                    additionalProperties:
-                      type: integer
-                    description: Set of ports associated with the endpoint.
-                    type: object
-                  serviceAccount:
-                    type: string
-                  weight:
-                    description: The load balancing weight associated with the endpoint.
-                    type: integer
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: authorizationpolicies.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: AuthorizationPolicy
-    listKind: AuthorizationPolicyList
-    plural: authorizationpolicies
-    singular: authorizationpolicy
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Configuration for access control on workloads. See more
-              details at: https://istio.io/docs/reference/config/security/authorization-policy.html'
-            oneOf:
-            - not:
-                anyOf:
-                - required:
-                  - provider
-            - required:
-              - provider
-            properties:
-              action:
-                description: Optional.
-                enum:
-                - ALLOW
-                - DENY
-                - AUDIT
-                - CUSTOM
-                type: string
-              provider:
-                description: Specifies detailed configuration of the CUSTOM action.
-                properties:
-                  name:
-                    description: Specifies the name of the extension provider.
-                    type: string
-                type: object
-              rules:
-                description: Optional.
-                items:
-                  properties:
-                    from:
-                      description: Optional.
-                      items:
-                        properties:
-                          source:
-                            description: Source specifies the source of a request.
-                            properties:
-                              ipBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              namespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notNamespaces:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRemoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notRequestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              principals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              remoteIpBlocks:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              requestPrincipals:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    to:
-                      description: Optional.
-                      items:
-                        properties:
-                          operation:
-                            description: Operation specifies the operation of a request.
-                            properties:
-                              hosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              methods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notHosts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notMethods:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPaths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              notPorts:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              paths:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                              ports:
-                                description: Optional.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      type: array
-                    when:
-                      description: Optional.
-                      items:
-                        properties:
-                          key:
-                            description: The name of an Istio attribute.
-                            type: string
-                          notValues:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                          values:
-                            description: Optional.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: peerauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: PeerAuthentication
-    listKind: PeerAuthenticationList
-    plural: peerauthentications
-    shortNames:
-    - pa
-    singular: peerauthentication
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Defines the mTLS mode used for peer authentication.
-      jsonPath: .spec.mtls.mode
-      name: Mode
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: PeerAuthentication defines how traffic will be tunneled (or
-              not) to the sidecar.
-            properties:
-              mtls:
-                description: Mutual TLS settings for workload.
-                properties:
-                  mode:
-                    description: Defines the mTLS mode used for peer authentication.
-                    enum:
-                    - UNSET
-                    - DISABLE
-                    - PERMISSIVE
-                    - STRICT
-                    type: string
-                type: object
-              portLevelMtls:
-                additionalProperties:
-                  properties:
-                    mode:
-                      description: Defines the mTLS mode used for peer authentication.
-                      enum:
-                      - UNSET
-                      - DISABLE
-                      - PERMISSIVE
-                      - STRICT
-                      type: string
-                  type: object
-                description: Port specific mutual TLS settings.
-                type: object
-              selector:
-                description: The selector determines the workloads to apply the ChannelAuthentication
-                  on.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: security
-    release: istio
-  name: requestauthentications.security.istio.io
-spec:
-  group: security.istio.io
-  names:
-    categories:
-    - istio-io
-    - security-istio-io
-    kind: RequestAuthentication
-    listKind: RequestAuthenticationList
-    plural: requestauthentications
-    shortNames:
-    - ra
-    singular: requestauthentication
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: RequestAuthentication defines what request authentication
-              methods are supported by a workload.
-            properties:
-              jwtRules:
-                description: Define the list of JWTs that can be validated at the
-                  selected workloads' proxy.
-                items:
-                  properties:
-                    audiences:
-                      items:
-                        type: string
-                      type: array
-                    forwardOriginalToken:
-                      description: If set to true, the original token will be kept
-                        for the upstream request.
-                      type: boolean
-                    fromHeaders:
-                      description: List of header locations from which JWT is expected.
-                      items:
-                        properties:
-                          name:
-                            description: The HTTP header name.
-                            type: string
-                          prefix:
-                            description: The prefix that should be stripped before
-                              decoding the token.
-                            type: string
-                        type: object
-                      type: array
-                    fromParams:
-                      description: List of query parameters from which JWT is expected.
-                      items:
-                        type: string
-                      type: array
-                    issuer:
-                      description: Identifies the issuer that issued the JWT.
-                      type: string
-                    jwks:
-                      description: JSON Web Key Set of public keys to validate signature
-                        of the JWT.
-                      type: string
-                    jwks_uri:
-                      type: string
-                    jwksUri:
-                      type: string
-                    outputPayloadToHeader:
-                      type: string
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    app: istio-pilot
-    chart: istio
-    heritage: Tiller
-    istio: telemetry
-    release: istio
-  name: telemetries.telemetry.istio.io
-spec:
-  group: telemetry.istio.io
-  names:
-    categories:
-    - istio-io
-    - telemetry-istio-io
-    kind: Telemetry
-    listKind: TelemetryList
-    plural: telemetries
-    shortNames:
-    - telemetry
-    singular: telemetry
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            description: 'Telemetry configuration for workloads. See more details
-              at: https://istio.io/docs/reference/config/telemetry.html'
-            properties:
-              accessLogging:
-                description: Optional.
-                items:
-                  properties:
-                    disabled:
-                      description: Controls logging.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              metrics:
-                description: Optional.
-                items:
-                  properties:
-                    overrides:
-                      description: Optional.
-                      items:
-                        properties:
-                          disabled:
-                            description: Optional.
-                            nullable: true
-                            type: boolean
-                          match:
-                            description: Match allows provides the scope of the override.
-                            oneOf:
-                            - not:
-                                anyOf:
-                                - required:
-                                  - metric
-                                - required:
-                                  - customMetric
-                            - required:
-                              - metric
-                            - required:
-                              - customMetric
-                            properties:
-                              customMetric:
-                                description: Allows free-form specification of a metric.
-                                type: string
-                              metric:
-                                description: One of the well-known Istio Standard
-                                  Metrics.
-                                enum:
-                                - ALL_METRICS
-                                - REQUEST_COUNT
-                                - REQUEST_DURATION
-                                - REQUEST_SIZE
-                                - RESPONSE_SIZE
-                                - TCP_OPENED_CONNECTIONS
-                                - TCP_CLOSED_CONNECTIONS
-                                - TCP_SENT_BYTES
-                                - TCP_RECEIVED_BYTES
-                                - GRPC_REQUEST_MESSAGES
-                                - GRPC_RESPONSE_MESSAGES
-                                type: string
-                              mode:
-                                description: 'Controls which mode of metrics generation
-                                  is selected: CLIENT and/or SERVER.'
-                                enum:
-                                - CLIENT_AND_SERVER
-                                - CLIENT
-                                - SERVER
-                                type: string
-                            type: object
-                          tagOverrides:
-                            additionalProperties:
-                              properties:
-                                operation:
-                                  description: Operation controls whether or not to
-                                    update/add a tag, or to remove it.
-                                  enum:
-                                  - UPSERT
-                                  - REMOVE
-                                  type: string
-                                value:
-                                  description: Value is only considered if the operation
-                                    is `UPSERT`.
-                                  type: string
-                              type: object
-                            description: Optional.
-                            type: object
-                        type: object
-                      type: array
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              selector:
-                description: Optional.
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    type: object
-                type: object
-              tracing:
-                description: Optional.
-                items:
-                  properties:
-                    customTags:
-                      additionalProperties:
-                        oneOf:
-                        - not:
-                            anyOf:
-                            - required:
-                              - literal
-                            - required:
-                              - environment
-                            - required:
-                              - header
-                        - required:
-                          - literal
-                        - required:
-                          - environment
-                        - required:
-                          - header
-                        properties:
-                          environment:
-                            description: Environment adds the value of an environment
-                              variable to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the environment variable from
-                                  which to extract the tag value.
-                                type: string
-                            type: object
-                          header:
-                            description: RequestHeader adds the value of an header
-                              from the request to each span.
-                            properties:
-                              defaultValue:
-                                description: Optional.
-                                type: string
-                              name:
-                                description: Name of the header from which to extract
-                                  the tag value.
-                                type: string
-                            type: object
-                          literal:
-                            description: Literal adds the same, hard-coded value to
-                              each span.
-                            properties:
-                              value:
-                                description: The tag value to use.
-                                type: string
-                            type: object
-                        type: object
-                      description: Optional.
-                      type: object
-                    disableSpanReporting:
-                      description: Controls span reporting.
-                      nullable: true
-                      type: boolean
-                    providers:
-                      description: Optional.
-                      items:
-                        properties:
-                          name:
-                            description: Required.
-                            type: string
-                        type: object
-                      type: array
-                    randomSamplingPercentage:
-                      nullable: true
-                      type: number
-                  type: object
-                type: array
-            type: object
-          status:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-
----
-# Source: crds/crd-operator.yaml
-# SYNC WITH manifests/charts/istio-operator/templates
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: istiooperators.install.istio.io
-  labels:
-    release: istio
-spec:
-  conversion:
-    strategy: None
-  group: install.istio.io
-  names:
-    kind: IstioOperator
-    listKind: IstioOperatorList
-    plural: istiooperators
-    singular: istiooperator
-    shortNames:
-    - iop
-    - io
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Istio control plane revision
-      jsonPath: .spec.revision
-      name: Revision
-      type: string
-    - description: IOP current state
-      jsonPath: .status.status
-      name: Status
-      type: string
-    - description: 'CreationTimestamp is a timestamp representing the server time
-        when this object was created. It is not guaranteed to be set in happens-before
-        order across separate operations. Clients may not set this value. It is represented
-        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    subresources:
-      status: {}
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    served: true
-    storage: true
----
-
----
-# Source: base/templates/reader-serviceaccount.yaml
-# This service account aggregates reader permissions for the revisions in a given cluster
-# Should be used for remote secret creation.
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: istio-reader-service-account
-  namespace: istio-system
-  labels:
-    app: istio-reader
-    release: istio
----
-# Source: base/templates/serviceaccount.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: istiod-service-account
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
----
-# Source: base/templates/clusterrole.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-  # sidecar injection controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-
-  # configuration validation webhook controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-
-  # istio configuration
-  # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
-  # please proceed with caution
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
-    verbs: ["get", "watch", "list"]
-    resources: ["*"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries/status" ]
-
-  # auto-detect installed CRD definitions
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-
-  # discovery and routing
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-
-  # ingress controller
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-
-  # required for CA's namespace controller
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-
-  # Istiod and bootstrap.
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs: ["update", "create", "get", "delete", "watch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "signers"
-    resourceNames:
-    - "kubernetes.io/legacy-unknown"
-    verbs: ["approve"]
-
-  # Used by Istiod to verify the JWT tokens
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-
-  # Used by Istiod to verify gateway SDS
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
-  # Use for Kubernetes Service APIs
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"] # TODO: should be on just */status but wildcard is not supported
-    verbs: ["update"]
-
-  # Needed for multicluster secret reading, possibly ingress certs in the future
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "watch", "list"]
-
-  # Used for MCS serviceexport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list", "create", "delete"]
-
-  # Used for MCS serviceimport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-# Source: base/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istio-reader-istio-system
-  labels:
-    app: istio-reader
-    release: istio
-rules:
-  - apiGroups:
-      - "config.istio.io"
-      - "security.istio.io"
-      - "networking.istio.io"
-      - "authentication.istio.io"
-      - "rbac.istio.io"
-    resources: ["*"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-# Source: base/templates/clusterrolebinding.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istio-reader-istio-system
-  labels:
-    app: istio-reader
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istio-reader-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istio-reader-service-account
-    namespace: istio-system
----
-# Source: base/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: istio-system
----
-# Source: base/templates/role.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: istiod-istio-system
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-rules:
-# permissions to verify the webhook is ready and rejecting
-# invalid config. We use --server-dry-run so no config is persisted.
-- apiGroups: ["networking.istio.io"]
-  verbs: ["create"]
-  resources: ["gateways"]
-
-# For storing CA secret
-- apiGroups: [""]
-  resources: ["secrets"]
-  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
-  verbs: ["create", "get", "watch", "list", "update", "delete"]
----
-# Source: base/templates/rolebinding.yaml
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: istiod-istio-system
-  namespace: istio-system
-  labels:
-    app: istiod
-    release: istio
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: istiod-istio-system
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: istio-system
----
-# Source: base/templates/default.yaml
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: istiod-default-validator
-  labels:
-    app: istiod
-    release: istio
-    istio: istiod
-    istio.io/rev: default
-webhooks:
-  - name: validation.istio.io
-    clientConfig:
-      service:
-        name: istiod
-        namespace: istio-system
-        path: "/validate"
-    rules:
-      - operations:
-          - CREATE
-          - UPDATE
-        apiGroups:
-          - security.istio.io
-          - networking.istio.io
-        apiVersions:
-          - "*"
-        resources:
-          - "*"
-    # Fail open until the validation webhook is ready. The webhook controller
-    # will update this to `Fail` and patch in the `caBundle` when the webhook
-    # endpoint is ready.
-    failurePolicy: Ignore
-    sideEffects: None
-    admissionReviewVersions: ["v1beta1", "v1"]
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/kustomization.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/kustomization.yaml
deleted file mode 100644
index dbde62f0a..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - files/gen-istio-cluster.yaml
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/NOTES.txt b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/NOTES.txt
deleted file mode 100644
index 006450167..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/NOTES.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Istio base successfully installed!
-
-To learn more about the release, try:
-  $ helm status {{ .Release.Name }}
-  $ helm get all {{ .Release.Name }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrole.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrole.yaml
deleted file mode 100644
index ef3300348..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrole.yaml
+++ /dev/null
@@ -1,178 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-  # sidecar injection controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-
-  # configuration validation webhook controller
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-
-  # istio configuration
-  # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
-  # please proceed with caution
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
-    verbs: ["get", "watch", "list"]
-    resources: ["*"]
-{{- if .Values.global.istiod.enableAnalysis }}
-  - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
-    verbs: ["update"]
-    # TODO: should be on just */status but wildcard is not supported
-    resources: ["*"]
-{{- end }}
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
-    resources: [ "workloadentries/status" ]
-
-  # auto-detect installed CRD definitions
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-
-  # discovery and routing
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-
-  # ingress controller
-{{- if .Values.global.istiod.enableAnalysis }}
-  - apiGroups: ["extensions", "networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["extensions", "networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-{{- end}}
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["*"]
-
-  # required for CA's namespace controller
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-
-  # Istiod and bootstrap.
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs: ["update", "create", "get", "delete", "watch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources:
-      - "signers"
-    resourceNames:
-    - "kubernetes.io/legacy-unknown"
-    verbs: ["approve"]
-
-  # Used by Istiod to verify the JWT tokens
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-
-  # Used by Istiod to verify gateway SDS
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
-  # Use for Kubernetes Service APIs
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
-    resources: ["*"] # TODO: should be on just */status but wildcard is not supported
-    verbs: ["update"]
-
-  # Needed for multicluster secret reading, possibly ingress certs in the future
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "watch", "list"]
-
-  # Used for MCS serviceexport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list", "create", "delete"]
-
-  # Used for MCS serviceimport management
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: istio-reader-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - "config.istio.io"
-      - "security.istio.io"
-      - "networking.istio.io"
-      - "authentication.istio.io"
-      - "rbac.istio.io"
-    resources: ["*"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.istio.io"]
-    verbs: [ "get", "watch", "list" ]
-    resources: [ "workloadentries" ]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["authentication.k8s.io"]
-    resources: ["tokenreviews"]
-    verbs: ["create"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceexports"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["multicluster.x-k8s.io"]
-    resources: ["serviceimports"]
-    verbs: ["get", "watch", "list"]
-{{- if or .Values.global.externalIstiod }}
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "get", "list", "watch", "update"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update"]
-{{- end}}
----
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrolebinding.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrolebinding.yaml
deleted file mode 100644
index d61729b29..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istio-reader-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istio-reader-{{ .Values.global.istioNamespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istio-reader-service-account
-    namespace: {{ .Values.global.istioNamespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: istiod-{{ .Values.global.istioNamespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: {{ .Values.global.istioNamespace }}
----
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/crds.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/crds.yaml
deleted file mode 100644
index 871ee2a6b..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/crds.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-{{- if .Values.base.enableCRDTemplates }}
-{{ .Files.Get "crds/crd-all.gen.yaml" }}
-{{ .Files.Get "crds/crd-operator.yaml" }}
-{{- end }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/default.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/default.yaml
deleted file mode 100644
index 9e85a3bad..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/default.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{- if not (eq .Values.defaultRevision "") }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: istiod-default-validator
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-    istio: istiod
-    istio.io/rev: {{ .Values.defaultRevision }}
-webhooks:
-  - name: validation.istio.io
-    clientConfig:
-      {{- if .Values.base.validationURL }}
-      url: {{ .Values.base.validationURL }}
-      {{- else }}
-      service:
-        {{- if (eq .Values.defaultRevision "default") }}
-        name: istiod
-        {{- else }}
-        name: istiod-{{ .Values.defaultRevision }}
-        {{- end }}
-        namespace: {{ .Values.global.istioNamespace }}
-        path: "/validate"
-      {{- end }}
-    rules:
-      - operations:
-          - CREATE
-          - UPDATE
-        apiGroups:
-          - security.istio.io
-          - networking.istio.io
-        apiVersions:
-          - "*"
-        resources:
-          - "*"
-    # Fail open until the validation webhook is ready. The webhook controller
-    # will update this to `Fail` and patch in the `caBundle` when the webhook
-    # endpoint is ready.
-    failurePolicy: Ignore
-    sideEffects: None
-    admissionReviewVersions: ["v1beta1", "v1"]
-{{- end }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/endpoints.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/endpoints.yaml
deleted file mode 100644
index 996152bb0..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/endpoints.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- if .Values.global.remotePilotAddress }}
-  {{- if not .Values.global.externalIstiod }}
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: istiod-remote
-  namespace: {{ .Release.Namespace }}
-subsets:
-- addresses:
-  - ip: {{ .Values.global.remotePilotAddress }}
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  {{- else if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }}
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: istiod
-  namespace: {{ .Release.Namespace }}
-subsets:
-- addresses:
-  - ip: {{ .Values.global.remotePilotAddress }}
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  {{- end }}
----
-{{- end }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/reader-serviceaccount.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/reader-serviceaccount.yaml
deleted file mode 100644
index d9ce18c27..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/reader-serviceaccount.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-# This service account aggregates reader permissions for the revisions in a given cluster
-# Should be used for remote secret creation.
-apiVersion: v1
-kind: ServiceAccount
-  {{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-    {{- end }}
-    {{- end }}
-metadata:
-  name: istio-reader-service-account
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istio-reader
-    release: {{ .Release.Name }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/role.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/role.yaml
deleted file mode 100644
index ca1a4243f..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/role.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-rules:
-# permissions to verify the webhook is ready and rejecting
-# invalid config. We use --server-dry-run so no config is persisted.
-- apiGroups: ["networking.istio.io"]
-  verbs: ["create"]
-  resources: ["gateways"]
-
-# For storing CA secret
-- apiGroups: [""]
-  resources: ["secrets"]
-  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
-  verbs: ["create", "get", "watch", "list", "update", "delete"]
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/rolebinding.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/rolebinding.yaml
deleted file mode 100644
index 2b591fb89..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/rolebinding.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: istiod-{{ .Values.global.istioNamespace }}
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: istiod-{{ .Values.global.istioNamespace }}
-subjects:
-  - kind: ServiceAccount
-    name: istiod-service-account
-    namespace: {{ .Values.global.istioNamespace }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/serviceaccount.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/serviceaccount.yaml
deleted file mode 100644
index ec25fd250..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# DO NOT EDIT!
-# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
-# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-apiVersion: v1
-kind: ServiceAccount
-  {{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-  {{- end }}
-  {{- end }}
-metadata:
-  name: istiod-service-account
-  namespace: {{ .Values.global.istioNamespace }}
-  labels:
-    app: istiod
-    release: {{ .Release.Name }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/services.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/services.yaml
deleted file mode 100644
index 606fd4459..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/templates/services.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-{{- if .Values.global.remotePilotAddress }}
-  {{- if not .Values.global.externalIstiod }}
-# when istiod is enabled in remote cluster, we can't use istiod service name
-apiVersion: v1
-kind: Service
-metadata:
-  name: istiod-remote
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  clusterIP: None
-  {{- else }}
-# when istiod isn't enabled in remote cluster, we can use istiod service name
-apiVersion: v1
-kind: Service
-metadata:
-  name: istiod
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - port: 15012
-    name: tcp-istiod
-    protocol: TCP
-  # if the remotePilotAddress is IP addr, we use clusterIP: None.
-  # else, we use externalName
-  {{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }}
-  clusterIP: None
-  {{- else }}
-  type: ExternalName
-  externalName: {{ .Values.global.remotePilotAddress }}
-  {{- end }}
-  {{- end }}
----
-{{- end }}
diff --git a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/values.yaml b/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/values.yaml
deleted file mode 100644
index 96a74562e..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/charts/tid-base/values.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-global:
-
-  # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace
-  # to use for pulling any images in pods that reference this ServiceAccount.
-  # Must be set for any cluster configured with private docker registry.
-  imagePullSecrets: []
-
-  # Used to locate istiod.
-  istioNamespace: istio-system
-
-  istiod:
-    enableAnalysis: false
-
-  configValidation: true
-  externalIstiod: false
-  remotePilotAddress: ""
-
-base:
-  # Used for helm2 to add the CRDs to templates.
-  enableCRDTemplates: false
-
-  # Validation webhook configuration url
-  # For example: https://$remotePilotAddress:15017/validate
-  validationURL: ""
-
-  # For istioctl usage to disable istio config crds in base
-  enableIstioConfigCRDs: true
-
-defaultRevision: "default"
diff --git a/packages/tetrate-istio/generated-changes/overlay/questions.yaml b/packages/tetrate-istio/generated-changes/overlay/questions.yaml
deleted file mode 100644
index 110735cfe..000000000
--- a/packages/tetrate-istio/generated-changes/overlay/questions.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-questions:
-- variable: global.tag
-  default: "1.12.6-tetrate-v0"
-  description: "Istiod-tag"
-  type: enum
-  label: Operator image tag
-  group: "Image version"
-  required: true
-  options:
-    - "1.12.6-tetrate-v0"
-    - "1.12.6-tetratefips-v0"
-    - "1.12.6-istio-v0"
\ No newline at end of file
diff --git a/packages/tetrate-istio/generated-changes/patch/Chart.yaml.patch b/packages/tetrate-istio/generated-changes/patch/Chart.yaml.patch
deleted file mode 100644
index 6352c2ea6..000000000
--- a/packages/tetrate-istio/generated-changes/patch/Chart.yaml.patch
+++ /dev/null
@@ -1,38 +0,0 @@
---- charts-original/Chart.yaml
-+++ charts/Chart.yaml
-@@ -1,12 +1,29 @@
-+annotations:
-+  catalog.cattle.io/certified: partner
-+  catalog.cattle.io/namespace: istio-system
-+  catalog.cattle.io/release-name: istiod-tid
-+  catalog.cattle.io/display-name: Tetrate Istio Distro
-+  catalog.cattle.io/upstream-version: 1.12.6
-+kubeVersion: ">= 1.19.0-0 < 1.23.0-0"
- apiVersion: v1
- appVersion: 1.12.6
--description: Helm chart for istio control plane
--icon: https://istio.io/latest/favicons/android-192x192.png
-+home: https://istio.tetratelabs.io
-+description: Tetrate Istio Distro Istiod is simple, safe enterprise-grade Service Mesh.
-+icon: https://istio.tetratelabs.io/images/getistio-favicon.png
- keywords:
- - istio
- - istiod
- - istio-discovery
--name: istiod
--sources:
--- http://github.com/istio/istio
-+- tid 
-+- tetrate 
-+- distribution
-+- networking
-+- infrastructure
-+name: istiod-tid
-+maintainers:
-+- email: tetrate@tetrate.io
-+  name: tetrate
- version: 1.12.6
-+dependencies:
-+- name: tid-base
-+  repository: file://./charts/tid-base
-\ No newline at end of file
diff --git a/packages/tetrate-istio/generated-changes/patch/values.yaml.patch b/packages/tetrate-istio/generated-changes/patch/values.yaml.patch
deleted file mode 100644
index cb51750c8..000000000
--- a/packages/tetrate-istio/generated-changes/patch/values.yaml.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- charts-original/values.yaml
-+++ charts/values.yaml
-@@ -241,9 +241,9 @@
-   # Default hub for Istio images.
-   # Releases are published to docker hub under 'istio' project.
-   # Dev builds from prow are on gcr.io
--  hub: docker.io/istio
-+  hub: containers.istio.tetratelabs.com
-   # Default tag for Istio images.
--  tag: 1.12.6
-+  tag: 1.12.6-tetrate-v0
- 
-   # Specify image pull policy if default behavior isn't desired.
-   # Default behavior: latest images will be Always else IfNotPresent.
diff --git a/packages/tetrate-istio/package.yaml b/packages/tetrate-istio/package.yaml
deleted file mode 100644
index 896a44f49..000000000
--- a/packages/tetrate-istio/package.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-url: https://istio-release.storage.googleapis.com/charts/istiod-1.12.6.tgz
-packageVersion: 00
diff --git a/packages/universal-crossplane/generated-changes/overlay/app-readme.md b/packages/universal-crossplane/generated-changes/overlay/app-readme.md
deleted file mode 100644
index c6d8ecfe0..000000000
--- a/packages/universal-crossplane/generated-changes/overlay/app-readme.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Upbound Universal Crossplane (UXP)
-
-Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes.
-
-## Connecting to Upbound Cloud
-
-You can optionally connect your Universal Crossplane instance to Upbound Cloud.
-Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console.
-
-1. Install Upbound CLI
-
-	You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli).
-
-	```
-	curl -sL https://cli.upbound.io | sh
-	```
-
-2. Log in to Upbound Cloud
-
-	```
-	up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT
-	```
-
-	Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens):
-
-	```
-	up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN
-	```
-
-3. Create a Self-Hosted Control Plane
-
-	```
-	up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher
-	```
-
-4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section
\ No newline at end of file
diff --git a/packages/universal-crossplane/generated-changes/overlay/questions.yaml b/packages/universal-crossplane/generated-changes/overlay/questions.yaml
deleted file mode 100644
index c5cb628bf..000000000
--- a/packages/universal-crossplane/generated-changes/overlay/questions.yaml
+++ /dev/null
@@ -1,184 +0,0 @@
-questions:
-# Upbound Cloud configuration
-- variable: upbound.controlPlane.token
-  label: upbound.controlPlane.token
-  required: false
-  type: password
-  description: Token used to connect Upbound Cloud
-  group: "Upbound Cloud"
-- variable: upbound.controlPlane.permission
-  label: upbound.controlPlane.permission
-  required: false
-  type: enum
-  default: "edit"
-  options:
-  - "edit"
-  - "view"
-  description: Cluster permissions for Upbound Cloud
-  group: "Upbound Cloud"
-# Basic Crossplane configuration
-- variable: replicas
-  label: replicas
-  description: Number of replicas to run for Crossplane pods
-  type: int
-  default: 1
-  required: true
-  group: "Crossplane"
-# Advanced Crossplane configuration
-- variable: advancedCrossplaneConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "Crossplane"
-  subquestions:
-  - variable: leaderElection
-    label: leaderElection
-    description: "Enable leader election for Crossplane Managers pod"
-    type: boolean
-    default: true
-    required: false
-    group: "Crossplane"
-  - variable: deploymentStrategy
-    label: deploymentStrategy
-    description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods"
-    type: enum
-    default: "RollingUpdate"
-    options:
-    - "RollingUpdate"
-    - "Recreate"
-    required: true
-    group: "Crossplane"
-  - variable: priorityClassName
-    label: priorityClassName
-    description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods"
-    type: string
-    required: false
-    group: "Crossplane"
-  - variable: metrics.enabled
-    label: metrics.enabled
-    description: "Expose Crossplane and RBAC Manager metrics endpoint"
-    type: boolean
-    required: false
-    group: "Crossplane"
-# Basic Crossplane RBAC Manager configuration
-- variable: rbacManager.deploy
-  label: rbacManager.deploy
-  description: "Deploy RBAC Manager"
-  type: boolean
-  default: true
-  required: true
-  group: "Crossplane RBAC Manager"
-- variable: rbacManager.replicas
-  label: rbacManager.replicas
-  description: "The number of replicas to run for the RBAC Manager pods"
-  type: int
-  default: 1
-  required: true
-  group: "Crossplane RBAC Manager"
-# Advanced Crossplane RBAC Manager configuration
-- variable: advancedRBACManagerConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "Crossplane RBAC Manager"
-  subquestions:
-  - variable: rbacManager.leaderElection
-    label: rbacManager.leaderElection
-    description: "Enable leader election for RBAC Managers pod"
-    type: boolean
-    default: true
-    group: "Crossplane RBAC Manager"
-  - variable: rbacManager.managementPolicy
-    label: rbacManager.managementPolicy
-    description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles.
-    type: enum
-    default: "Basic"
-    options:
-    - "Basic"
-    - "All"
-    required: true
-    group: "Crossplane RBAC Manager"
-  - variable: rbacManager.skipAggregatedClusterRoles
-    label: rbacManager.skipAggregatedClusterRoles
-    description: "Opt out of deploying aggregated ClusterRoles"
-    type: boolean
-    default: true
-    group: "Crossplane RBAC Manager"
-# Basic Package configuration
-- variable: provider.packages
-  label: provider.packages
-  description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience.
-  type: string
-  required: false
-  group: "Packages"
-- variable: configuration.packages
-  label: configuration.packages
-  description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience.
-  type: string
-  required: false
-  group: "Packages"
-# Advanced Package configuration
-- variable: advancedPackageConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "Packages"
-  subquestions:
-  - variable: packageCache.sizeLimit
-    label: packageCache.sizeLimit
-    description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod"
-    type: string
-    default: "5Mi"
-    group: "Packages"
-  - variable: packageCache.medium
-    label: packageCache.medium
-    description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development"
-    type: string
-    group: "Packages"
-  - variable: packageCache.pvc
-    label: packageCache.pvc
-    description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted"
-    type: string
-    group: "Packages"
-# Basic XGQL configuration
-- variable: xgql.config.debugMode
-  label: xgql.config.debugMode
-  description: "Enable debug mode for XGQL"
-  type: boolean
-  default: false
-  group: "XGQL"
-# Advanced Crossplane configuration
-- variable: advancedXGQLConfiguration
-  description: View advanced configuration settings
-  label: View advanced configuration
-  type: boolean
-  default: false
-  show_subquestion_if: true
-  group: "XGQL"
-  subquestions:
-  - variable: xgql.metrics.enabled
-    label: xgql.metrics.enabled
-    description: "Expose XGQL metrics endpoint"
-    type: boolean
-    required: false
-    group: "XGQL"
-# Basic Agent configuration
-- variable: agent.config.debugMode
-  label: agent.config.debugMode
-  description: "Enable debug mode for Upbound Agent"
-  type: boolean
-  default: false
-  group: "Upbound Agent"
-# Basic Bootstrapper configuration
-- variable: bootstrapper.config.debugMode
-  label: bootstrapper.config.debugMode
-  description: "Enable debug mode for Bootstrapper"
-  type: boolean
-  default: false
-  group: "Bootstrapper"
\ No newline at end of file
diff --git a/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch b/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch
deleted file mode 100644
index fff07f882..000000000
--- a/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- charts-original/Chart.yaml
-+++ charts/Chart.yaml
-@@ -1,8 +1,13 @@
- apiVersion: v1
--appVersion: 1.5.2-up.1
--description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade distribution of Crossplane. It''s fully compatible with upstream Crossplane, open source, capable of connecting to Upbound Cloud for real-time dashboard visibility, and maintained by Upbound. It''s the easiest way for both individual community members and enterprises to build their production control planes. '
-+appVersion: 1.5.2001
-+description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade distribution of Crossplane.'
- home: https://upbound.io
- icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
-+kubeVersion: ">= 1.15"
-+annotations:
-+  catalog.cattle.io/certified: partner
-+  catalog.cattle.io/release-name: universal-crossplane
-+  catalog.cattle.io/display-name: Upbound Universal Crossplane
- keywords:
- - cloud
- - infrastructure
-@@ -31,4 +36,4 @@
- - email: info@upbound.io
-   name: Upbound Inc.
- name: universal-crossplane
--version: 1.5.2-up.1
-+version: 1.5.2001
diff --git a/packages/universal-crossplane/package.yaml b/packages/universal-crossplane/package.yaml
deleted file mode 100644
index ee6ce5d45..000000000
--- a/packages/universal-crossplane/package.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-url: https://charts.upbound.io/stable/universal-crossplane-1.5.2-up.1.tgz
-packageVersion: 01