From c41d510fc0471fcccff53ba1447deb878f1a1fdc Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Tue, 1 Oct 2024 14:38:14 +0100 Subject: [PATCH] make charts/html --- ...rancher-turtles-airgap-resources-0.3.2.tgz | Bin 0 -> 128302 bytes .../rancher-turtles-0.3.2+up0.11.0.tgz | Bin 0 -> 210732 bytes .../0.3.2/Chart.yaml | 8 + .../0.3.2/README.md | 26 + .../0.3.2/templates/airgap-cm-core.yaml | 54 + .../0.3.2/templates/airgap-cm-metal3.yaml | 4390 +++ .../templates/airgap-cm-rke2-bootstrap.yaml | 2751 ++ .../airgap-cm-rke2-control-plane.yaml | 4508 +++ .../rancher-turtles/0.3.2+up0.11.0/Chart.lock | 6 + .../rancher-turtles/0.3.2+up0.11.0/Chart.yaml | 30 + .../rancher-turtles/0.3.2+up0.11.0/README.md | 5 + .../0.3.2+up0.11.0/RELEASE_NOTES.md | 6 + .../0.3.2+up0.11.0/app-readme.md | 5 + .../charts/cluster-api-operator/.helmignore | 23 + .../charts/cluster-api-operator/Chart.yaml | 6 + .../templates/_helpers.tpl | 24 + .../cluster-api-operator/templates/addon.yaml | 56 + .../templates/bootstrap.yaml | 55 + .../templates/control-plane.yaml | 55 + .../templates/core-conditions.yaml | 31 + .../cluster-api-operator/templates/core.yaml | 63 + .../templates/deployment.yaml | 146 + .../templates/infra-conditions.yaml | 64 + .../cluster-api-operator/templates/infra.yaml | 84 + .../templates/operator-components.yaml | 27887 ++++++++++++++++ .../charts/cluster-api-operator/values.yaml | 69 + .../0.3.2+up0.11.0/questions.yml | 78 + .../templates/addon-provider-fleet.yaml | 44 + .../0.3.2+up0.11.0/templates/azure-rbac.yaml | 19 + .../templates/clusterctl-config.yaml | 34 + .../templates/core-provider.yaml | 82 + .../0.3.2+up0.11.0/templates/deployment.yaml | 80 + .../templates/metal3-infrastructure.yaml | 55 + .../templates/post-delete-job.yaml | 166 + .../templates/post-upgrade-job.yaml | 78 + .../templates/pre-delete-job.yaml | 67 + .../templates/pre-install-job.yaml | 99 + .../templates/rancher-turtles-components.yaml | 3338 ++ ...er-turtles-exp-etcdrestore-components.yaml | 123 + .../templates/rke2-bootstrap.yaml | 49 + .../templates/rke2-controlplane.yaml | 49 + .../0.3.2+up0.11.0/values.yaml | 90 + index.html | 8 +- index.yaml | 46 + 44 files changed, 44853 insertions(+), 4 deletions(-) create mode 100644 assets/rancher-turtles-airgap-resources/rancher-turtles-airgap-resources-0.3.2.tgz create mode 100644 assets/rancher-turtles/rancher-turtles-0.3.2+up0.11.0.tgz create mode 100644 charts/rancher-turtles-airgap-resources/0.3.2/Chart.yaml create mode 100644 charts/rancher-turtles-airgap-resources/0.3.2/README.md create mode 100644 charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-core.yaml create mode 100644 charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-metal3.yaml create mode 100644 charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-bootstrap.yaml create mode 100644 charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-control-plane.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/Chart.lock create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/Chart.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/README.md create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/RELEASE_NOTES.md create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/app-readme.md create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/.helmignore create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/Chart.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/_helpers.tpl create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/addon.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/bootstrap.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/control-plane.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core-conditions.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/deployment.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra-conditions.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/operator-components.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/values.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/questions.yml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/addon-provider-fleet.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/azure-rbac.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/clusterctl-config.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/core-provider.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/deployment.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/metal3-infrastructure.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/post-delete-job.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/post-upgrade-job.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-delete-job.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-install-job.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-components.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-exp-etcdrestore-components.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-bootstrap.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-controlplane.yaml create mode 100644 charts/rancher-turtles/0.3.2+up0.11.0/values.yaml diff --git a/assets/rancher-turtles-airgap-resources/rancher-turtles-airgap-resources-0.3.2.tgz b/assets/rancher-turtles-airgap-resources/rancher-turtles-airgap-resources-0.3.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4222f12e3caa13a9e8962c8a5ebdf8e580c47945 GIT binary patch literal 128302 zcmV(nK=QvIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMQQ4#milrq}CwirN!(>D}GYdvoZ?9liISPcKy8?h&RTXfPv4 zf&j%PGBV>JGLZjw00Ob4Q{I%@U&px}L%IKzwp*Ppe{JPHpIct;AlIbZ@sBqhhkyHD zH3)(r0>l2@LlE>|J%nMHa=bo2Sy0!EEM>CJ*KmTlwW7+=+f^~Z|XZDYL9>M>R9{3;91OI6A zzf1gQ=9b?7_*eG1ms>thM>!q;hd&(Cb^?dFo_8=$m-Zj~RsS)ie^>n9slqjeLEHZ{L@Uwa$nNC{9`PSv`CNipMU)M=a6RQu>ZaK z^Ur)Z_oLkY@%+_O`#;(lT(Wyh*{Wxz!aBrl(ELEK?>_9JT!$S14zx!o5r?{304alT4|wyW z&NtfbwdEFx$i`F4y?!VLx0M04ezv^|z~i89b0!`GnFMm8ifLGEVU9={`*LFC70k3a z(?*Rxbq4Yy`6@;V?wdRZ42r3dn`{Qb>D=U|6|;^?@r;I*EtO2>$=BN#wyTfSpUy3q zO(lU3Y*4i9%M|J*qMv@B3|dfo-BbPCHE5ot*o(bDfrDz)eeXD(d6LlF(C38V_Vqvz z{AfDQUl7#U)X8PyM+1X|@M{(u%A*$jS0wVZ;*{Ld+l1yHo2Yvq0auuU6mnr=$0-J0 zsh2=SMpt2?m6MbP%mN?ZdbS=6d?!m3@UqnYN@nGYKFLuXtxc3_uTJ zQ;NA>6key1cs<49uWtpD%tCR=)47cT4Lo3{%i)uf1DIvhN*-bT)(?~b*g?Q1Kv$}p zH@_oR{YINg9VZ~FDfV2xm!TWZDcuQA!P@r{6Q0Ef7_%F}L$*=n=|fUz1JOBtHpx=w zUK`Sf7=E7Fv0 zqZFxs&<>X+Qci|xxg21`UaWUorq<}_Vx@G@6sj=upK>~w1$ zUABA;Dm7(iv#!n-D_s+dNu^QQj~#P~r4{&TSBqd0M0%yVkZ6eBQB(tJV`T_P8ySnfOr6GCA>bPf+WWuI2bK4ThltbkF6hXc05r zk!8dS^6b%}nn@@3Z%u{eM%vRumAawkP=&91PzOJnK00M1o5g57lRrx~DA+=M#TJ(; zZz&pnf`T;S3|PrWp|J~@pvMZ@L_Lv$^Nb3P{JH#EJ+;uk|z*!M2tvuJaRF71()F9a7_*rg%dx$D4#Ef7uHi;3v#px zY!y+My8s)vFI(qTTdxE0t{6N%^ccotf79KQYxiyvfI^j$prCEJw;fBj=$2nQT}?jt zUz^q1(YC|Ie#7kYVfg+5114J6Vx9G4`Y^-T)9<@bKy2QowM9Ig3N1eB_z_eOEy z`8ZDDs+9qM1Gg4Hm(6#<0STdJM_@3;<>AG%Zh2G4!edT9bOQ;y%g)9bAsDxlk>QTgX@RuoT_1bmElJu=lO2XDn}wTbZ@K#bs38I_p7RIvMKlrVfR;jVOgGasLK!r zMT~)k2=VYyFp~ zOLMg;d+wBlWuyg##RH0PKjEzC80FT;7jnL_$WC%a=pe}~?52W=k)$(J9kLi>twm$v z(t4zk+!0|!k>%KFn)$ZMrTfV;+$9U!R^3SiA3!BvcJgG=3^h-p=iOQ=A~R3m*Q>R7 z@@V8fj8GCjAVWkIMIZv&nD=p;?0mhrO9;>Bon36sI{-Go?bT=OelA%HNKC1~6=ufhox7l48xyTqU;JZY|0$R>GKcEDI z9sBb65ox4it%AL46}i}I;Ik=_IUvUVG2&1!@b$$QP|VI+f#E^ws_e{wpEQfiA`3#N zXuR)|c0idde*wJa4RMQm&LIh!O6V@|w3m`1+(Fo>Mn{5;YC1-~?QJT$5IngX8Hnn% zx;)8NVv15DW#gzlpyh|`@^x=|&VF)JC^yO+M4x|5)|`%uVR3hK%i$p0lM>Y^=z!WH zJI@%{@TkPwu$#VP<*rX}&Xx+_5qlrZf~)a%Eam;#UVT+$i5}eNgP#;I1>ldK zJ3hh=hI_RE<28iZ;~acLTKi^FPz+~tIwv6s%_h#HatipE3|$zGA)uRxaRLh6pId09 zbC=lP(yOm1d`hQx{I}sNqVgjZDGD4j{5$d!ZP9rDda4n!2wGOWoqxw?+knoVp(R<` z25ufpzJ2Kk{z?{j5%e*YK%5EC{wge}K*sa$tPSQ6Zc*qJ>%I-hV{S+ActQKsh?1JA z*_e#dOD;)ke3G!L3w6iv1dR+y7_s_k`7K6x>N0W0(;py(BEM zQoW57b~bBNAT^zpZX%Aa^Qfg8vO{Z#n_bl5=G10H_L5?*ZK2|?pSPxLt9Zm!%RiLA z(Hbh43QDEgCX1m)WW-WKKR!oc_1b(Gv#s?@K}hd-3i*pg>M8WLznyQjiCU%5IFDKPoSUPawgm#~bF zoLyC8wRjJpat1J;H7y#CA5Z3lo*-C}v-a+h!tMO4&DQw%5~5*YtqVvp_zaL7ItG9) zpzjda66OV6U4|(?7Nk-@lz>X_jb#AR4PaT{!KD#1F+u)!PO;CoPobr@ z%|Re{f%sris`2H;=*2BUfd$*f4xs(8AiN2tE~R2pIl+3(11G3g5f`n9!?ui@=(80M z71>JaG`$bo+jUb$kKkM&V=9)z_F^;sO%{G9Y?aT!S@Mk!bprm9qeJnTc#&LhX?eB| zx^rdr-!z>GI6lsT&#R{tkLrcv8T7f+77L>XIc%QXR)@VD@-wZ0KL^eWxHpYwhKP%2 zzY_ehzr*Q$x+W~niTCP8+E-UcsbodC$V8(@H1?bmT{XzA1GL|i5d_ZL>C`g;sd2Bs9gdJ4;An4fxc@cTyPrzC69@8g=I<&Jt!4Ke=`PsP^0FlcP7At+l1|F)e!k;`8Iq${Tx)Ai zfGetwmvDY=VYV*xVk7e_k;`~~T+s^~OLQd>)q(c%ud{1Mzo+yfR<@@H#B(>lM+%n# z!S#M5YA`nKCF@IuheW|^_=&(5gEJ*IrJ0ZX@r8;IFm^r#$m=^T*oydCA@AgDM)UxX z`5R@-zusCWeruQ_NF(Q3AQ|8=s6x%_tyK22c_qZ}qizJ9I+Jp17E=jB?*UTjZ%(Ej zM>?wlNE)VT5GbRC&Rv;sdJZ#VmD)T@9!_k8q&_$}l~>7@ig&Rq`Kl#u}u zoW*rSOZZ6nb@@#yjrqUFI076$)k1+;E9sKsq5T}A=g{ubd&aHOD+n&-rZoB1hm0Q5 zki7G6m|~tM@HXgl+9Hvq_FH`GQ{j?DMZYedNQr*YD{Zxg+eKD8_nG@VWhJ-wlU!Xw z;l(U~$X=Kd;eO9MGI}=HYfN80u=JEu-mgaD$DAF7F;XC3LKly4U|fVnnlAkpD1pI? z?%oodC3Ns3yn_P_8u?Tc@KZuLCugNiXwZ3oHYiOI$wx0u0~D3MX+6PobzKU0A59FY zBH&#YS%pW#7Nc#&@6Sk3;pJmB!R?RaRiC6a&#eeYX7<=agLVf-52PAUa4p#8-3Oud zT3Z*4lPxVN@iby$iqHV>rGBX+CS3GYXS<(7CV$|~l6!xL)L=f`4tpri_dPa5&aY5| zIR-FkTiz@S@`W7(nXksSm50HKZ$6P`s*-(j(p{jsm@*AL8h zb8w+QmLb{R6eyx_QK*qsvsg5138{UIvUT{Q0-w>+it4yupEZGw%Rq*aEZ57vw$dSL zj~}C;?^aYSa8uESQ=d<5d!KcSZ#~*g_eRPY%7+WJncniiiJOQ+_)lICriCG5&dCr7 zJKdcu+~BBN)Xu(D$M3O6Dv#bE$*J(JgjznofDNKMkdTJ_IYGlG%vAlz!sv{VdLPFx z`rP7f?u7NUHk=yEh<&mrm%*jpty_u5v-Ip!+1k_ zD5LpGks_t~GILR=9PlSNyOYQf6N<+a<6S|`)b&{x2Lvg+(q^ks0<-xCwq&&erD%e z?-ruw;C{Lg;-bKVWqX13M2Bw{aOn=^__ZTLLUp%KFl1D9^rbXWsGc({rI<>gv&EUB zrFj3XfJ86aJ1y$Z$F2<}S!~CxVzM5eX>-ylCiV64A=fpp$012EY}Ffrdtd(k?E3aa z;>@cnOkVmxV)}XyIxR_4@V$hVL1an)Q+V{ew?ytvx0EYcw=}R%{XLv+k85eQN^Qc)5Ebo{H1kQqxz4}Cp z2xg;hmk(+^&7IAF@iJvRAY0-Z<(Rc+6}Bw2s>Nh0ezn2f*OHX2dojA5Mr;a0bDJl> z-yoU{TEIxGe;fboogF{Usma!4;^YDk8w!wZgVG6&lj*zINuXP^1t_)N^KMHYtK-Eg z-GMoYN|1Wp^(qK87PRwC*BkY8QU2^zP6+m4@3?`Km~4er)8ewYsrma}pMqtqAL*Nb16aTHGf zQaY5C_DV*%q)$_8JYZq64n|Z;yBRJ}4D`YX(+4?Y%h&+P@vJCbEASY^)#*2xSDKh8??T?6Qg1Qi*W~jO!<7EeIXj zYzr+=*jZ2HV0RGZWd8=-7iQPTUVC)>$MpKvO7p@^bQooZ0&EL;5QyJN#AC-n#&m$T zAS7lBH))!2Pe0MBJ0#csuJ(jMdi;BQ?VYPk)xLe#p5Ku2)Ndb`>;M{J zC$wCd8>CtT@UluLPrhqsTZm%4UP}SR8}N#zsS-QLPHMZ@7_F>f*5p$o7km<0vLi`P zHgW{2E`gjN+@O>8Cub$iJo3Wf@-0e-YehZiJ&=0>do%mi_7$RaxVJYC(4|=M)jC(6 zvT6k=ynDD^3pEVgMLwou@>R<|+038XEyJ5|{S0X3zEHY)S9HAJk#I$DgEW@y*0sBP z8#(65+c zUXg_?TRQCePNe%+XMXQyp&qXkgG$3y`i?AMX&|+VVc}KT=~_?k07Why@{gY5JWN=Mo{|oHJ|3A5hu*k%CjDPq-zPpYJ#Q17E*n8vCX-qi#Yqo zRN)nI4rw&b3rkxtj8|R&$_V4g`R*8U=5)26Wx>bST##AnuMml3MDS{3a?~7b4cSqA zB|d&Xz263=m|BxV3M|=>D!CBm-}FzE4VAY@Oes%~+vI*_m}VXoj(q496Rq}NC=A4#&3<7>mwK5I zckON-!uCoPKW|PabB}aYCFB;w22v7C*F*rw%jn34-+(@RejQz6rLTE`vZcwRs3LPS zC9`+-!jS};$;~q;Vp4f>tQkixe{c=~sPyj%Ek)a75qCvN0Dps=43P6tO7eD#y2yHq zY@1lKl4ni~0w7RZlQ`9f^~e(ew|Q-q)_xZ!W;#hhKYL{Ige3A2IxU~P<{^d7z}(y8 zAn0aQk8eOVDW7&JCza#YEQz5K>n7{S1bd!Tmm5wn4#|0EnC{vo1LrtP zZts1lXFd`j)!2?u;i<+}0>!nwfk*t{VvxUmlQz}o0g=(e=!$3#03(s8}aOgHGdN!{J3 z=PxEpX(A*H)!Ncax69q#Kn-#6jlBt{9Z6pl9PSJl!e3;O&XI|jyp1z}NG99RWLiyJ ztkg->l$2$~q_e$QrBb~+f_R2n^C`|nDA`9Ix@F>dQgLv$;13Tyk!9bMm2FYjnYG|6 z+_X{_*D1Oz97PUc6w3LTjI;`zSHZ@pHuPOY(I6kehyZ;hH>#xY0)svI5;z(87`KW; zk8TgA?k`UgH>W4pd>=%UVWpVHIP@M?wWYveLx8XwQGlpwDx}f`F7>XRnKxGlxA0%a>}+K z&hyeeqlcrzZZQ2Agj4>eq>7wsw6>t>O4{mw8#?dG-8_S(JN%S|xQexU)Ku{tUA3A0 z787IkWVQfklkcmWClIoLt> zMcBx~#XWoG@RgExOq{hCXEH-!cF_$~@<-%dUTV+K$LNb%rwvJy(#z2eTBpg6TPMTK zFb59Qe}kr=KM$3sts|ZsG&m*HEo<}>>;^hjuh06`GU+vo;C6UIXMezq1v-D z=qNrMd@H|UyfDU^_N%tvczc`F5(Kf`Z_zvWF-6+`P>ZZPqL`ocG%f}%E=H=;3+y>6 zQQ$TMuH<=^@-sPcMzFuk%!#OHDIAF(5#k0;e--JdEIAJ72;9*na=*o*r4u@2!X%Zn z)}>t{g%cs(OHo)QMnMWa7lV_wyn!4?Kv6WbTq&fPnT~qW(Tw8C>d!Vw(F@7jtTmbD zs_Ukg!@9YIP*?{~-(Pk$j@W#`AXmm&TkGl82|J6S8FjOK$W z!Yt?WX=S~u$?{!ent0VyOztj z1}#{6`c1{?Ty+wD8Ba6bUwTU-+Pd_ zhVJ*4p?WFDCyCk4AbD@f^u+yn*a;f4#7?YKzf#xWYpo$zhVwK;@KsXV0c8V1D%n+< zw48UPo|>iDPhdqoBO-LU9;G3C{z&bJbi^pz@1|oPm&@Rt%xGzF2cAm67DY=;;^0g&-qj zyH@*Gy<0gkoz0EJudUf}y&f(F1cADYz61roe_=E6FkoGAh2DwxCMeC}RA**-6LuxP zC8p4!dDAW8uFJ{=7dgE~;>nZzN626{1r?EB;XSYL&G~5@d5@L+7}@tL;r<sX@P3Bx}`h1aExW%Oe0IsU=iF zCU38;Lc`g^KO1{BQ*MLJ{(g3!_Q^e!qXKK!AVau;VgVh~5b8qrYuXYA(ByKRQ=-L; zH_h$~rMevEeX=J&AZ?rz@P1+2l`ev3 zIu+fjdg<@R^rlC*N<##GT0pv`xUHyk-59;wTPYDjAM>IR5t(}|S;lNh^le{!`o<*< zx4XuTznuCTxKG5^h&`*M4e-Ss1N`MQ@j!p>8N~>Iu)KW(KL0+c%>A00`B}o|3ZX6i zT7YrvIu|G?Bq*YNoK?auliq&$;)Lw(BwUnRK5l3*$ z4fAh9vqfQbD>yYp+N=cXNY;p1>ciaxYp>^IM>&o>!^&M3qS0lYAJ>w^B;PD7+k~(w zO}sjcwY?M4BqgWn(LPAga~h!BYqK8S>BW(LQT?G2X-HVyph))#rMY)lp2R0j!{>pP z^3o?i=o9WN@RuEXbmU$R%yPE7M1e;K_&e0g-_ZOH?w1dRjA)F2zW3xoY9eYH!{BcI z8>QOG`{e=~?A$K_5G+?Ii55@^=~oVr&TQ`yf37iH-ZgJfnsrq^K`FT%_k<;+W=T_= zgCfX#`%b)7(?S|3O>so@ARpUGGoUMMK=X5OZq3f+PZk+Iwr?bWZr?CQfPGR&wPv-dLS6zFlt+zBeigE&daWS;F_i`@_pd>*@_ljvgSB31}W%L z->}Q}c~;5#kXVWeIfyyv=MLM{FKpG56!Xr7DP9mGi-Y$8g*zOk;%Wjr zh!a#4TVOXJWi1OjJ;GuszQPar&`A9QZ&W@d_9zX=T4A55W-!NSA#un&G&AbkA&HV1S4RLqFtkg!92d9iL z@Jk(OV2%1A)d$KJo!g2Ww-_fQUQzKGL~CBAzIn@Aj(uNK2ve!nAgQ%agVidNRNqTG>Cz>p2uYW*c_Pi;TW zjeAMN!p)aF_6VkDnJ4@1`pqmR7-Q9-G7Spr2paMmWl5^)oikz*9Oers(Tbdh1)W#EeVP_sbk01=coxxMuZ;XQ=QI~=p2MS{2_Aj6#1~T_d8zw3fpVc^Hw3DnrDi7<9l6d7_3X zg)oKreT?9uz#dOds9?BWzmg7Ggk4{IxsqEWFN{zdkgK;oGf$K=u z57$slfs`~MEsk73ng~qjU{{-o`*Wl<@IF`Q6AvS!&axZdHV2Ma5rWy%E+Hgm7xILv zysN9W_U>iCE@BD3p*Ub;_mPm@GF_;`UxF3`*Vcc?Q(&R>Ue;PI>nn!66MenWG;9^~ zhxDR0_lU-jBFzkMg0`hz{VE6#C0P;6&`RBGlYE9yf|UDByB+jaD5|$H#a)fjdqs%v z)UqJa^P%^qt@C%-CF?sgm^u+Zj+a&y7_;y;zM(|?Lo^gz9RF(p#I+;*rO(MqjBYL+H4`GZr*Qz;o@|Q-qR2ErFF^fMQ1>j7)EeyA!jTJ?9Y!Mei?5+b{5F&WcrpWvG0@vpLW2-j7Kc zUF^)+!zR-CI5#P`qa#~5kWfSRxIFq4JIK$0OO1qwh(N+5S`_~T3N=r=(mnLEDmY!k z8V3*iK;K52`t7vY;9CAbU~00=3YZ@MTTOZ*kLJVW75&T|qigK07O%TBL9~mR)P|PC zGYOg(YISFXpDZ?XP|8k^Zvqo@YbO5uzE&4w?b1iiQM)Y_=#)Ugg&yv2HJEVZiIr-8 z!xw|;EtE^-c$S%9XIiL{kjy8+8U+yyXTFcdDKM?NrEd7$x~JqLqa{KcOm13imX-$; zuP8JRVjeGpsq9cpOLj^lOGXRw^J{Dv8s~%W&<)jeAp4uopCk7~ZyOrz?0bibmtY$@ z?HEu;a?UHC0x+Ms!!AaQybaL^$npZ2Lo>Cltx6etoRzuuCU}`hm9azD9V&&Py|bdW zrS>6Y8B08gL*E@L$)jzsEh<4?tst+4Rj`1yCM6a!#wk|x@yaUyYYrB(8nBUD8xp)& zt+vR#N!&bioUXWQ1T4IZiC2z%vOF$p?SRP7xiC2w1^MbJrBAYlBi zH=q5FnOM{^(n|!ZpyCPGGb94Ft1<3*dL1e9x{--kGKJ z=zcO7T&ELbW!Gw<**Pw7SRjN&Mq-HjKJ?>nLzbK%b)4zR!2oH=Y#8+21|>sFUzbmB z(3Z?sqUdb#UQ%j$UgFh<$AD{<#Q{1)Wew%k6#KW&+C%BOxWR3RWdd7dHmhMtZ_M%;9dcO`RNI~4yS-1w|4 zfXP~k2#&*>Pj}S^dg}QRk?GQFb2)umrD?}&1!&<0iJ=jj50L3lLfy%clWSl*Nwunae zVbUd+&RAT@10ehLaX)w@SwJ(ol5z%Ti}aNXdlhn(B6k@}vU?OzGRY{2ks2E!KyMFE z33YG-{GNer)!A>`ha(o6ZIicW^QSfhK=56nVFgW^rzj`eHUHU{p;y)q|#`rXeY~wa`k9!jio|W35wGC zDM5%y2#(-;)ALyzT$P@kp{V}y8=(II<8dKKPs01&vIe&J?A0pe7L9hHT5W`IXAjMe zmKx(wjMXrb^A;3+xAuGndErtbx&V)#PI(KUO+gg_T5qm#>t({5l#vS+PMrc3CajpO zQU^~^ZtV#|d21(?mG;}z==S0qTAXDq;iHS6n(B;e4;0G6g(M zt`xJ-iHR_a$r8n8bIN0zPhH{8i>7?Kly!eY8Ww2D=DNJ2S%ab}AiVY&_gBib8Tyu{ z?#;i)q#gXKy+xb0C3&FLLvE;tXAWg*3@iKB^|aL0TF(zpBP57D;R4RsU;*2+2Jq;_l$9~$$R4NTQ~I^ZOn!uD!GC7SNTc9p1)A*Yl* zXPDoPQm;U7ySy;n6Ox3rvMcm`>$Q85^EB2N;CSk|7pVT5&251)0UX^i`YF_O$it&) zxp>em2u@;0&!}5bs$smDR@Ko##K=~0h~>&DyV2$H3+f(AK3qc7HeU`)B~E{o!Un>6 z{rLHa_e6=oF&N(JO)hK}4~Nf_O=N?JR{R7jVyL6Y`Ql)z+VDMw-oHg$jEM!l(OzSO zYh3>Md&X;y_jMD@9p;W7&Qjp^$+d!5c1!8LpHlI*VqsvN3{hKm-=Tu+BXSJirEo)v z?{7z8Hj2zu%Djj8 z`#CG#c8VDv0d}K|z(@Qc8sU@KZVG}8{o-zVQ|AS89uF3tlutxR;*ob24jzMjOSzD- zQ^KK*h(`5V#zt3aHJY#yTe1%;l@}I4pi#ZN3ns&6{{mE!bO5TZ@^wB=vA81*oj|mQ z81xuIo{q}Fko>gA{-9jpPvJ50(d+ftDrRF~Kumr(38yq?n9aotV?=LDlebYbAGVnZ z`A{VZhg*uxyiTXSAZO}wE)9xHOy>N}Js#NbWHI8zT+1%AVllXDA$_h+Fe;4jh-06u zAO#eON0^i7%o-@-5t=z2S65iBILUe24X1aI9_DK9q}eED3eRu##h)NiWlGIVpC5N^ zKTspZ*Ak;gn!yy);aQgtSm^7Joy1~ktPCn+OMd41m=3!`1E@@Pd zAa4JRd4*447EipxVW@`E)Q`4et4EXe7H*H`F|sGPD*R9z^Y^CxUgJM!KIHrm)>o=GYY(p*ciEx0#LkUSVp+)FTfz`L8qBiRR3leuAH3@9y?0_%Bi(~L7}KcMhQ={1nBrXGj^N*=TvndM~=ugUPAOVM(mt;LU! z9hlYpGUg(i!OJ*ZFxOEt` zf|OLk+_+O(>~vZDkxLWF_4UCBk)H4QAy(i%3@=`0*-#S00g)b`f*aoRQm#%z;j`j} zlBN>ZeINKE(1*{IIaMLW%R%_>F!0WAD%v6M)DXXj$*)5Jb+PYss*p!-)Q1;x9H|{L zcHnsKvZYs)+Xr7lN*PTchYtZXGJRpVSpm?}I`_N|*HN583OX;M7Uwi8V^t_AykN0L zJ6Js`Fb#qI=brBiG%re^7PKVT_n_fw*a4fl=Q>4p?C@5RR205YqBzg-2rGkG6IHRa zQJWT>EKAKk6KaA=W=Os&tiUQ>r(4rp!fr@cEDW#wS0q-C@PfA@sqs!%Ps7 zo7$*!Q0Ct;i`35E2HVW~#_GjWHSl7XvI-I=JE_ffn^T*s=P@ao0u^Zm!{HB`TR>xj zsWp^fA;1OW+t9=C&=R+*qmxS5Bcd%cqtmnKnR}X42mwX02|ndBD|O~Lj3G2B-|QrP zO(fkU2{lW_O3E=S1oxi~>MLkw==Ma^1Pni-uxK$^ZP?ga@IiP!k`stGbxKM+nCU`a^X1VNNl{4t;;DT>BK&{ zzf3rcWW5H!Ro~V@Pj3hFrg#e?zW3$`G__!V z!SgF=OvHzETAxr8xY}*GAv*`htD?r;N{TYOVmb|47!9)9oX`(= z&en+CZjDau$fT_dJa{Y@3L&-+oN);kw}J|41gZoT?%=e=B_wha5!VHcw`<5y9Htsd z;(Yg}fkf%T0l6n+#5CGZtX~FRE!h;MSvja;E?hV#kGF$;O-tA9gYE&5DmZieKFMEz z@_KVICB|t5yK}&xI&Dmujl$9Bjk9jJYWq=Lal`9Ro<~;@tnk@jW?G+Aqip?b>Tjfo zqPOL=t8}R)Dc2FeN&QROA$7h&omg8UNUUd9r7ZmZqu0WH7?S9^}jKAiQe9v#?K z<0#jW48C>*8_m`(R5&C@v!&;=59Tax73z{gG@Ss z)u^Ng5@XL~eUCFPEjpcSw(=0JTn92x8~}d2AF_>S3b0D$M+yDtIu&6Q8@LsDC-y!w ziKg-eIUzw4G`_J2^E&tN{n)h1@y=JC&Nxq?B8wb4WX=Tza|3+HoOSQ_kVG*zZd}KG z@$XtI9&Qd$Ivr(?h_fg~q2trt-q;rY04tsA=ylLR<&%5{3I-f2u|gqk*?5r7XmmKR zroamaidF}Pw0GWl@SR%=fHBJ9iN{SadT?1QyVI?{cRBKZbiGVzf=kh6Zu~n_Z%&|z z3y#4IHpP@~MVazasUD#KuofLu-+b!De9jm_?lpRX6@#F|(1W~%}N<809ab4s!0hehbYL1WFv|C&r0qTnJsG(3@@W!?9T|I1CD-T!Z?s9|; zXTf#9H%HgVc7zMK5sZ@II}102z6H}s0cDABA5=z(Uj#qlARTi-zSoxS!)D|We5ldH zqeb{0D#|mB(F{9Lx)OWzr{Gh?74{-3O8p3xm^wM>W$cAM=xzPlvAb~BR~alz)J_7j zu>w2O$@1eN_4%L6?%ja|JX}vf;Q{rGw4^Bz(pq#B67iKp?#0G%l9u{=Ot^6K+4QE36a#$4>7${g7f0yhzYGq35TFzl}w*(Jw}#Xfyy_X#JW! z_yHoG;@)PD%5##erD`*}v;p^d}^VA!d34InF7k!n-L%8GE@dsC=KWBVzw3q9H{Wn$ZG z6Danm6s}FD(tb5GU{m`M5&N{Y=@fIO){hznrEUPP-x4L>+wJ+V{d;{p0%2^^|73C@ zqOjbGv-uXRicM*i?4lsp59o&^eae7x*O-PQk4=Jmw;z>+`Lb)ODSOYkJcxluX4TvpRHXZ^dO3IV-a%Aj=dG)VY z3wgf8eb_@f0FW(rBj$yD#6AS^UEo3Af377EHKV+0`s_-Wy_OV{0%GE%Gta2={`@WG z1AGH8AvW1O&J-M7#ffrwH3r)X{)+vG07XE$zoVg2d|s>`^+H}lddPI!e%*^IgSng0 zw&?RNGq@8EnCpKmg0kK1(b#%GWIT?(#N}SA2a5GuLIQk|Jwh0(>Nv+B#3&w4)AR!? z6cMdgP7#GZ zA2}nrfKg(w&0eyVL8m@;6^rp?^l!N#o3!anmyW+xa4$MuLBnZp$Ya4z49{CN-a;;d zL=l%Rd}?oLRY`Ns9u83LhKFq35$06b&MOw&==7&>7RUJ9+#LzHe-Gt`M*k%|F{G74 zDc6bHjb|111>CA)b@FFSCrWE7IxLGP9jub{N@h&iKU$5&4Hglh`98rj=^QMvOaJU- z#{!{}ujhLCLE8{4JH=3g^cfAh9K&)$+Asae{a)vF3r-nPDNJIEZ|_A`MfH)VtC;Mw z(HmLtvYL(dH)MWVZOwq8F|>Wl_$3KqV6|y2#fle}dRl>mPTUOheVu&Y-JZgFXx5*F z*I*g^dTmLx^?2lY3~%aK)c5fx%M4sP)@w8fiKY`uY}RzP+g0Uu$oUEpVUC0)!(7 zK>R}~!V6R=g!017;3p^oN;JUBTHxw6y;@Oa8!ZKmD_Fgc%}DJGX>u!cCo+Le1qDD)o>l0Y$6w^LeZsz%QYsY zoNzs?(#RT&;eT(!HlnI`OaC4f`0cEen4mm5DXzLzwJXLHm51SVO70fqI`mhkch);5m$NvO)#$G#N>n%**%ER3mM7+9 zn6nTu<6oV>#+}uk+2t(Gdo@~*$-h43(pAzsTl%|j)so)jBF29+`a2zgQW1`3)lVSj8Q87Sg-6U zj>?IPVgS=WXht~M`kFd8TYgAuXM1~RFGKVO9KOv1xWMRB;tQ3J8ovirT_6aAl|eH5 zg^}8U5b5e zc?P(wh-k5t`iQ(js~I&sFmKzBA7#Li?(%wqD9jLbu0oCY;lb$yVsRjnjx8IDhbB24 zKPE1&U&dRV4NV8XI{o`0;)cr48+5zo_q0x=<*GPS9|E100f-F7Q9mV@IX?#*S>)F2 zPS-5Ja|!3UTV{Rrfk4gobyLHETD-Gj zd;UQg0?EF3e>{GAPcL484pS^IUjhA_o6c()tK@htgro!+QB|o4dd!!fJcc2q6{iDz zvtC!r^+lo?l68(#FCzVNREUvTLQjif8jWphcd*+*LvbwH5sAEz%9Qg!2=m`u&Wx=Re52e z@NdT0L7`Mf)=q&$04$nzmcE-z2^qu%sg=@XUP}f>kl|QW8XN|k3@KDAVl~7OJ~Az^ zrS8wad8GAQTb*!BynlV_WGjiB9(tMuEMQYeBj28u7VcDrWh}n1pGrH8Hm`~2!-3f6 z+VNLDI>XY;#mBxke}B)~o_tkXm z00-HM_=wm`AaorzYiiF8ZE9_|ysKn>)_ZR$D8tv23;6I`?UuWVBhdyqMhcrwd@v@p z>mlF~_IAL;nrXilGlNRDerD$9%!>=KP#Ax+9o|mX2f4K%z`0W%lUfzVbH^v=VX{~R z#1G6$#*Ky^X%^eTfM55{W)iY{V-QU-b=AV}JA?I#;un4DZS<^eHDF0ayOeJ4+r4s>12!DT(Twn4??`=-@VTz{VLAxkvEpTSVnC>nB2 z9e6~9N?<_kf+(pM#N$+#{p%{f4cws(A4I*h5gDPG@s@KqUvkk(mx)0jXHFx{5t-nH zo;CK0gHOM>fgxvBBh3|CI=LZdL#MQJXimo-r~X-xg2K0CYI+j2-L4*Xq5`Q8b<(sX zQRZWUvAc+*c!>NUL0#cG6%KAlD869Y`i)AE7BOnN|SCg zYFmI0G`@4_;=YT|0ECAGAV?yiFV6a*vbeGC8eGs%L(}14Y~3y78xv8sDYX3h-oj9? z?9kla1|^G0LK+irZD9q@Py?%p>h%j#eH_A@DXj<5R?XYZ?d;~AK_S61#(KgC%Xpcoiihs6X409}{f*S3WZf{bDRLNP;-*L|mR1-4eD z{5)NvI8&!+yjOg|`u%FK>**Ap%xh8w)EJxuCQ-H?Y)uQJRZ3PU6A_)N0`V0pbhC#O zkhDeaBv3tbe3}rK`$QOCz`nU|ghE$k&6zx=Ww98t{SMxFL4H&$)@}6^|DKC=#+uF( z&JP^jj>#&DmCU{=%FYlYVFVJsDI|aGzkPQ4_{VtS6!E^pdNWQv zgnc<_qgx`_@k0yRGN)RVnJ^1FV2wxL*!3n76Q@;Yo;jF z!qqlnFJN5LLLz#z)w()Un2*q(lZe=!-8xb3q2v4PXeIv~n@hs$)k_Gfi8cVVX7F)7 zvnBVK^9<=#`_i-BZE0<%im#_I+*A-QQ>zTkdLy(f%o#sy3*#sZ-wB$KMLxq!Irg{i zK^N!t(ji32I64Y^E+(&?$9>ozCx}!vchF{j{k=)_%^}|0C|^e}m%8Xx@k2adXPZ1A zhajw0H_P^TFA(EyCbeK5VUzsny28XZfI-i9bMWlBxDc~19UV+bLy+m(zeZx742i&2 z)@JN@3%`i%Sxw)qh4^%t2q;H|KDLXu->!@*_5&C2J<&RN>`dah6nZWq@Bw@J_0h?E zC&S438U`ugxj!|Rjl_2_wJ6Mm8&RC2el8RR7-NOl>WMa~#h%eS2QIbDMqryGS9yFrGLLR!uX({L8j`LzvbXYW|vNwqCVhOcD z26v#NHi=mxk@WK^ikFaJf4s3!lch(GLgKkWY_R)%lj$nElYX=Zuiwk4SE|7%QyB6< zr(Zfa=>U7z1AP^Mm0Z@{Xq<|KTsm{dfV=fF?IAS8T1Ci@8|cwH7v`L1cBusAGO5de z)a$ajWKb-`62@#JxdGK>aGDy>*YHnVtz4v|gPr|+`F`SNz^BvV`GR< zvG!}r+zxI{2mpCQIoRu#Y}8VlQZb?!z%+=4L4&ULq(>1Kr;nS?vF2pOAd_3aifTf- zt{+$2uUtPso@8Eo$$#0wet`C|v<%~S7c$Ao;h@;i1Pw{r{1-i(2hpQeh zAF53NrzEIoW?`^tn5fLGA5k}+GB3QGM?Hhy z%I{r_d7?bQclnt~MGVPyE<@Z5;U-#s7d-0pJ^mmQ%a&ij`*_SaU57y3Nz;WhoH1o7r_GD4cXW?Q9MiA98-<(idhz<74mavo-w4%N zTul=`fUBEW#be~@dY|!vImK7%={h1@;YP+;|M@!VSXUELJWl6Y1^G-lXQ&Fl)#}7y z`1Q1SXH2g@i~oqu{JcNf#lHG2me_!QxE?z+nh>J+lP{AMG1uTxhZoO}N@DyQ1l3xE zROc~xvAfs4b?9K&5MmQ?IPW2Rs8z0`)62&!EkjHx-_{U%dEF49+(=j+ItrP$Rax1eZIvb?imA(h7C zvNdf{kM*)D0YA$t*Omx|%x1tRM4(sGaW28WUQKw_zZxn|+r_5-{H2(p)xypUH-kd= zNHSVyw34snOo%aBeg0BhtF6=KPnO^``K*aglliOG_g2(qbAMlM)A#nzjE#O-vb_kG z8GT?E4~Ok}C-nRPA#ra)zH+#oa9!;%?4FghN>m7n{k6zgF50(u2^IO)bVC>cK#WIy z33fJvV#ASY*Q^AN*AyX_^k=QsAt%;{Sa2}va<VdF~&Yitn{q}Rv z1&-f+N?EPFsfV&eNzb!FJ-y#i0Nsv$ECCYE(@apjdIVEJJ_0B{5=C8DiJ<9;i_i<@ z=9{&A85rz0%2<;a81iuQh`S*x;##*6lu$0 zn<}oyKpmUyRcb7SKRT68W&(L#M8vYpwDE8oT{nNatH{fROr#66eViI}M@w^vwtg~b z3pwA!fLB&n8^Lfh>u=5KSe%PZ5-T#WLoB!zCe^W=P`rI0+gY>RygL0Pdy4fLQl#OB zW&RkJcXe^>ofBN+f4jn+B~6$eVzbe1Ch9zUpBG*JJw)|q8~xv$gWe1gt(&O_zkYej zC*@}FlF1G!`0IO4w^{(+wx@xAKWFq2S^w_f$6JZ|04I46Zej)e3n@!c%05Tu5mrI5dxY=YbUW>9h~ zd(PjW@`lA()ZEgE)g4;3^6XFb8!!WC8<)yy6dgghX7`FeHL5pX&TKvSJw=69Ne6dE z?%)`-{KerbqA3Ap(^5isOlh400 z$WSW_8(f2XsAXW`RWtAj#IKvbi3`GpBs9OOFSw?|K>+!Pd!cOz^nZ;$k2P{p~d^YA)#Z^$q{NsO#^Gt90yd zogml}K82ookl6gqv^bxB_vNH_DY@X-3;l{AfnL-?$HVv-m~?58?4rwKJ9BnA_ytWm z@Ro}K-M)1B$%)cTrR`NaLyBhx@fqxa%1e)tYRS8i_rc=;(`Vubxq{#sv61|Iz7C!V z#&uZsBcN*CalO{_Cn*?gD^sLvGlV4TyErI`gPRGDrlua3U@26H%A8kD(dYvB@6W4{ zP#<}ahVZ?S`-UyyPo$z#IblSx`VT9~FS_Asr1f`yJfa{0=pP-+?96We`w7q6b$JFyB z%QOULZhDmVdB_zOH1oQR%+D?p2F9xQY zD@3(t@ek8q17c+d!PD~*&SJNg;8oPDl_4Vik=C(XWwNcpT{*05Q!f>Jx0{K^q6qK{ zB~;LCcb&sguCc;4-?9wsN#HWp;o(O`j#x_Y`<8z#OhEy0E%G;+4W4wv*L~J-#j$DI z2!`~u{U?s7@kp01M6k68fZ!O7&PmdK9R|f_aywa!-P>BVDwz!TO5s3?-&|qbeji)l z#M8BKotwhi!#^6mdPN*@&3PF^ch2?dTV?d@sM^keeZm#Dtwq=(a{sd5V$6fRoPas) zgV88r--0t`xiT^o2H)zq+%th+7c=@^Ypu+xD9qvJD_pSkWO8NA0&SbFT0A?THMF1; zZ$)d@Cv2*1MRDsu>@c$F*f^Qz)rJ@xH0%dX#-&fi2*g!f-A>yq_tOr1Wv9Cwn2@MC zk0T7Js=x(R8h1jjM=~E^52a9%Y?U>}B_e$our&b@8N|uN){4CMs+nM%t{f-=?_E@g z&|^}AaIU=t#RJ$Ipl@>BGb?g>*id_z!dw^xhYhXn6S)1|vVs%R%1-T7M`SS8>lYqb zY}FyPkcs+c0502H-8bQHATwDcvI$NQu(mJPX-mS5Cnq3+vNK+t)IK(@W|jREWs`^M z(ntx8vYMv$yPFyG6zpJ6Kha0yC4+6RRLUHIiv}!YFSj>$rLrk1gy1@sRafP1&;652 zo*Q@?O7Vk*?MHWsGk>FFvL>Wm)mqk=AbWuAF{S%-^yJgX*KZ&cge8wLf)!`P(qbJX zojW9kq7<85q8a z1$9$j5Ypo|#nkwuTqt(pDUF0gnTV!qFG<%|s=%$ZgU$)?q`CAROE5}Kb9Rm@0nUV! z-v#C&?;qB|{?=&#(ZlzlSWptw%V8w^T@?n?Ap_p7lAhejSP6l(VfiX#+kyGO<~MXw z`cBAxTe=+wguPoguUE;njdb4Xv{^MXWS$1-i6=JD;EKA3X#zbwMb1h6+a{6@luQp) zfLm47U4f&Hj~4oY5Y=1O2Wi!{0m`p2la4m4rK1Z@%>a%nH6 zTm~->#(~qC$$V70G(2$jR}T@=)#CwnVW);6#j~+WODQqU?Fc%2u}?q>qkBR`J2Nnh z)G^`W9d++npOsQEN7_u9qo#!y&|o*bd2>I-aDPeii^XOfLtNJpREpVG;CRc&?IUh@ zMu8w-hyCYdO`c*xf)kh)HLJ16>i)(lR0HHiw{u{D;7ZZ8p^R0eAA)xYK~mHS0CTEx zie2cuoAE!SoJl4-C8qhT)p154ZOf z?o~UncS%S;r)h8DRz-@%tfm}5UjG1e=_rQM@{p9wD*vdUe<|2*h_Q+r5yd#=g37Vd zjnPu2TfRY#O{j+Y&>Ja<14$78?{@D@iIEr)TmrMvtTzIAywpl?)%`cuNhU;r)VH>AzYue;=OMO6 zGJXWOruJ_L)g^UNB5+^50uv`5^1#p8JPbvFLPk&(-OlQnIFDF8I~^Au&Dvr(A6~&H*i)Lfluu(-XrD@hN#8RBmJUP?c4XXAR^**K}#`R(Eq@zzV|6P}Hg8u8Xoh}4u} zE4)ZXni=*Ej@L~S4HF^;Q|IDhDNo+pIg5xQ#yl{zAk7GP0>R?|>&_MBs_ctQhNx;5 z%@m61Q6o_#ca1ovmqF=H_2kp~L5CnU;(`g%#b~=yU@~fcv;GjL+ML!q(-Az zz$7y6hPl%R-6pbF1XeRjO@8dhh;SQ5W$W9S3*;Jg|Po=R_RnvQc|U zK$kWYD%fIZYuUCGh?OC6@pz{#qVv$zeFWci9TF6;4ZJBiYVGf`{`{FSKo%_74UjZ+`fqc%y& zosNQ}6aqY8Gb=9#5{Ow7s@>K@(`a1uxc9zDXJ6&$-r=K<)$*MEoN<17vxQxpH`v?d zmR^X9=AL*s&IiG)K1<`gtiECCme8_U!8X?f=veIdf#~}CQT3it>GC^LL9gm4PnlwA zKjz!nk#bLqn?S>hS8+ZD5GT5b#N;j)-TJ`jq9KCTj7MDespA=yQ^#p1v)93K`^@T? zncURgn|RP;xfb~_m+v9>kv|6=B_~OKL4|E@r5~v3t+kV;Ed|=;D9k;;OS}s;ZvLiL znt!#yZ@q8Zfaw%iw;Kov)>?1#z+rXEqI02*v?@u5@D;J$J;jO4BADVxp=uVofbD=y z7&Enxq0@KN_`~>|&yih8=71HCUr{_{X&c}h^db5K8i<`tF{QrJ0erXwDPVv`**@jU zVXMlj&}ar`Q(yF>2i`!9ckSXxo=pCSh_gn*9nqEWf*hDB{LRdqnVH$Ee|65xyOXv0 zOI0cPG1i9=BA%V-(q zGPx5@whwwM&7?VJO;3iJioq=`P%)XPJ?RgdVzEu-)k#>$jLeZ|&}CfuF;-1>A3@-+L!!A*5%%))jkD zp&mISbJRE>rasD|!uiR)LW8c0v(xHPLMS?L5nb`YD8yl#?Sxe*;3|RWsECB?T7#1p zdN0ySbL24K9tTTtb4=Yw!*9-E-D+z&Ql%h znw`;|QGR7*$55U$YE&)N+HI(hKw5awKP34rq zm0tc0#;OS_8b;+nBfXoacK7wn(ZU0}K3DE>(sxt+hn-PRZqn&65JTP;E<=&{tVXR= zY7Md)Ynl6en7BMUi=#3x+RdDt!1C-guVZd1!>EoR{U`;gbYn<=O%Y!L>-kc|OIa+h z_YcGEL^EuLwu;||ptdO5d$GObY{nV-=|(G!BW{!lL!j5^%EmKbQR407wvRa9_D7rb zij{CH2y~;(#lAFc*Ht4t>mrWs&|}p#sa$^k;lNYf1YCHlvTxUP3RlfC+Z_B8N2N$1 ztcNXjk<;8ul=GdSUPTexgp;B#*VefRG6mR*@7H9x=j6sNr)V)7N_N(P`R{tVW7Zd0P(-NXol(sT1XLd3{X{~Pu3A(nIA-_BaxMJXaPKSu1WLEbcp0=55RsBt z=ceLjZ7De^FNG?w`)iD_l3Xi~*EyIO zBc=!)D9)f{o2cI9GE((lLZ*yZhwr#U9pj+e!oh9%W2-V;+B&s^Jh5eF$!Fe#0o0xR z-yU->q!gPVIwQ~hE~M7aK>RJc4Tgl}RLV{DHFH|i?~<#reYO{?kvr%uvM~r-eP5ut ze?_kz^&~4z#yFwxRXpq%trMtprZiTJB^bvDh1 zPK0LJV( zYJEN4yCOaIYxGMs)bwWtK1RB`>pujmO?%C}zZ<=ew|fv4<7iuP*Q zn`;?CpB^#<$xAr+nyy~MHuhro?7&jY5~f->($3RK&58>-j*1M4CAi16^BX^e<5L%V zXA)s)W-Rlhev#v?u#w@gGRs!0>WAv^NsT&3#Ne+HR#meSC(E+>Vj(IPj^R(Zp-4n- zu(f{SR=3}*DlosTV<^8%i-^uzJH5j<8)7M?hLs4rX?g~MUaTEIjeLfmeM4f}%E^-* z^G;-%YR9KD^;O;Jbq6?Q%hDAGZ4cA5=q+1Cg&e?T{qv^=jQuRjJ|}_NgK!~dTq{c_ zXNGA%`R*B2svu~mh*Ds7L(vB$V*br2*abB@#qzp?7Lr-_<5lkbYiSh_9}eqOdoa=OC(8d#MW^JI+I2x3cC_!K7#DyG344T z8pQl+ABg~9zHU*K>eW(GNjLM5&Gso5p*Gt&`EUtt=@IPm$QN38uFQt_*LHl%l$gU7 zD<8z(*Shxx1b)baXyOUj!v^_GRXEmlRb>^&*hyv1UjNjV+^^&pRu1d5!>hQ(vbd3M zZLwvi+kx}ZD1{D##iRnUVaR5utPu1>yH3{(t-9f`J1fdBZPWwqckRroKp=&2*9IJh zB^EbGG7M{AJrdkg=qvd)U0ute!}XjglMkYhYM`H}6U>?YE|xv07#$2lkdmBQeuJF$ z{E_%=RS@ri;F0mVHNL7Ew~-z+iI;+$9;hC~_a#>!s1E<}FQ^Q1ks9lq_eTgu0-b~( z<0Z&mrm6$nhI?n5r(mSXwDm^hVed)Nsta>VOkg2-U*?KT#^oEfj z*?~mn*QX2NY1w9j1Abp5<9O?ogm@^e?K?x7w&#NOmf6X#=}xQ#YsHkfRdM` zJ@0^~DFn!~PH__u-c>E6=z@|^a*Wop`tfI%L=4{G*D|^qEC5XVOLL1^9tic*U9WyJ z_XY;O8FZASAf%Pd8^Sg@4R||1*}09-JHeU+G=|n0Z^mi#F{RAArN1YKgnNL;f{(~A z)q~j{i`ehQB10vTzQ(})t_YzSD|vbtC3ug5UaC#8+J)Wo-D&=f*=uZD_XV7*V!NA9 z1eu_83M-1!DR`wHfohexI*==$2c(Qs#D4HezYs4~f*psZ7vT~$D&Y6rcSB!JsfZ-O zLYNI{>o>?qknG(_r4(+JHl+z+?)ydgqA$PRA(1OXUioQPJE%owfeh|;87QpmKs<0&7FYwfF$uaJk*065L!qcDARjsFI36@%H8GU)&Mq`j?W$v_>7eB6I zv{&$LpigJRXgXbcy(BFSzJN)swI0qVy3Z_HIghOw1zQo6wX<8LFI!fFTQMxy^Sdk2 z=se5lYfKb3s;&%f5hQ!mK!V%Uc&=o7F`~Q6o$$FE5#k-JFRnJgz~Wlh#Wz5Ey}u6+ zhmLP{loe$JlpsmK)pkQ@x7MwOm}i{AsugH&MDN|>rEYAf_EDy}@gKnY)EfRddfpf^ zatvX{ilj*GgL2HD13gP_rRyd-MBQP{l7);-z8!A*G5U%7fkL1dFBZDT)h=ww%EOcP z&x=Gbh77wkj->;# zo9O0brLp}U0B0E2CuAJf4apRi)3aQR>ESe(=r-flE5(cX@2gFck0I`D+1TBQs!FeT za>`%oimh=RG9zU_suXRZp=L*;o^=&MyFJ4X2J$F5oIw2!m`zO!=0(x>4v~Qxl%RLS99y6U{NDR!#nl>9PFGm&Cx{>SzALT3)oS zpJ<>hKzm^RNER}v%+Ob4J%Gavau4lY@pRrhWvPMz2olM}b!pk59;n34k5*S{`orC2 z0>~BG*pdftgRlu%zOWvGr+dahDiccJPBFjr(V$4FZPqguTPJ%6`nhmMEhmY*MiHN5 zkqt4zRDF@7xBQ3)EPItO_Ix(}qIelK5(=9Bum%lcJrvKN*z?L#mt8FqEA`zC74scR zjf-XXsXk$>SX-}Xxx;ZM1yW%b2xdZX& zr}7qIbCetRjaya>*ABcOddSiRD2}sSb@{vrm3RH(!PCc?8?!JPd{#o1*$4i8tS&$L zbrsJ<%ZchE1LXjugOqJj(fgL_k}%^uvf#vz(@coZ4%UhU`t%7q>TN$Wp3~IhMek*V zA(uwdQ&qbz6bxy1H5}vOt2C`FwoRO>>1k89tnVW+y9-&F-b*Hc6bpbU^tx!YyNXp? zav4hq$MWo~$c}XQfmzxhS%(YQubGQPK8*2A9o|_SY(Xp-at^8mhBdXeyFa@52iHCN zOh!HQhn=-~ZUFvpLiMhQ*s)%bs?X7bM;SFjqZXG4QXYq< zF&#Ba)OfDDBSr_HO{ubS+ZLJA&0XNtLqLE(oDmfM!?~xozxq^T&%&$=v{hnhx!{L> zcV)s85{2$}5!DZnM5s%suHTCiq1}q)Tdl~NI{`%ulo%e8Z6)w;=*bJ|x-TlTKO;8v z;zrq`1`6-evOMg9)T1J(S~JxI%iuW}{k?FxZz@i7OVuu+kbRJN@mu{=X+J2HIYi#3 zP=;@N(}~)};Jhu3z!<5wy}AEVZ?}egJkW8Jw4G1g+C}D+}7u14UJYCC{Pbe+!3&;j; zk{0~ot@yvJQHtb0A7IH`mtyziG2JiQUw7BlNvp0TJ4tLiP5babb8% z9X?2zA%_59MbCn?cI`l~MV~jsK+5HF%(|3lNYB2@6>Rh&%uW~$G&HD;PXrh%!1ur0 zz9^<~5le>L|7au!c>G-<|JfX5SF_j}YM&Me?|};W!@O0ZhBM44sOuBRPB-HQIe@)t z!ZdZB`v~UEpSqwJ+BX|*yY7L~pfn%pz4TdGPg`SN z79iO{yjzRcfg^rcp2CQm?DC_wW4UGCP(^$eL=bKgshC6;u65oh-o-QUl`H6lBPODT zque90L^2<2IolkZ zpGJ%jgdfN{!GQ;2Tik;^tnU*~JJkY8PyKFknXJ7RFQQ`BcW|PCJ=)su{ax`>>T+?C zCw7_0QjIziOfte3ur1oU+o&FU&KU9J{Im2f{%c|isR3ZMJ1I^%m^o=?*7uAj=X1h@ zu)9Skq8&(5J2SUWv7z4wtXJ|5mplPCTG(j zq$Ey_ZW)A664rA_!3g}!ITe5?5j7KN4fF0IaC}8#WbJX6gG%F&fP@}~g09SQ?%diQ zrm8^xIw$7a%Gr8vVZ?3G+ph_m7nP&wg_qTV<;yY4kGbCTNG$yyP6XRN`srPe^HjMe zHqeP|`?(wwfO+qu3>Z@mYo$ob9uoR+w;pIt>npW?0CQ)7mrUsq@>F>y4OJyy} ziCa($(|d$fk$MDVaDGj(V6J>zTOzlhx{&t^)r=8T$BxiRULPE!wlPQr^D$Y6fFZTn z8g*|vgN8FTZnD&`t-!?AUN~Mh&_)YT9_abOcurVl)BN_S}Js)|L%HkLYt?Xar|DJK6TIp+}Xr++=ev zenDJVYyDi4y)^qQLM9sCx(8wo@O}1GcYU1>C&R11bad0=_3F%nBLnjMwP8rA0kyRI zxirH1cxA5jFsw)H^8*=k2TaJjTD5-9judwV`FcK&%PzJrlH(OeFTnW%AX=&(tnj6K z3wI^A(`qL)vy0=WwNe@?NyvpW5s zG?5#(Gzvo6pV3a)$^Fji#EiR`w2KP>>D*PwNo0Z?QE)wG8B3}WUEH^_xx)+q9KwA( zA}4QPm-j@?Nu5$MC-OO&RD$~T|1fVT&--7-sQH#XX8_?oS{r6y08&EaYq1^Q@*ZK= z5cURAy2SlFRAisu^+i0Jxf1(x56l*=qQMeMRr`?GQf^;Ug%E2EM8o8BXA#!*pJ!6q zYpEC~?O)Wm5>;^Qr_DRwV>#3-lQ!|Ae*)oTDn}ahv!c0PuP-GXkNr;)ChrN|D&1@t zP+@rW=kR8i0~y_tg;C0bSkGVj-ksPYx{q*R1(KCv6t9kK1S#QC14ipx2E_N^)_}}n za?jH}fqm`lAQK=F`y32WgEH*T(|;`76>%my6DvMT@_-tzcL^!y28~8tZ(Qvw-VvpQ zhw?FBJcMKYWnb#di%96~4jS~pI*78HaNr$U2W6$lG0orU8nwu21S%6+} zVs28L6%>jTFt^i$}V*t1yo)*HU#5#Ia;TSevA!GO-d1d#>eZaQ9X+;5NLhm(4g z<_nd?Y0NJ(Z#VXngFOip0a`eJ;A10r(>)1^*=w=aCUpZ!PJs*?31>--K`_f0klkTP0SH z&?Qh%#+KnBG?u|bQ!0OvO?+f*Zb&lso`U)2v2IggiMDh6h4QkY+&Vl#kpO;0ATE;N z-wZ}8IRgUYB9#$i_B7t4EiU3mG(S3N&IlX=o3DxIZrjzF8#rAMlh@)*0bON6AYySf zWT~pc>zL~>aw@VAs>tgv5cm4>gzHLF^!0QAV9pu$H$A_g+W@YWXk2B8k`XVO=vg_% zz#Gg7M#HG#koB{!(FBM?f(5_Rz!ao9A(Hh4`rl-eHes`%-oSO2q_%easQe3s*o3^0 zKx$0;O5)tna5UFaQ(iEZS9ZJoy)45cKSXW2pUZZAGr^#v)<#hUy-Cko@I2Aw!y5 zqr*IJ?oKEgP!bcLl3}k6L7sv)+5DQ2;cl8E2T2`$(JWsVw_ka8%9tnOs%zpqs5S%` zf7vhboWpDQOZk#GAd+V#>}^2Sd+p_S>0AHWdReOuq^})~ai6{(XF^d8cEc`?!Z+A4 z8y>VKG@ZpOshC3JL(}^zqwH-*DcIl&AM$ex{ZRnIAV-&wwtfcfw+|HiyOCR2_4TSL zR$i@T>e&=}*svf(!pWV$y<^BeJOIrg6I;BT4w9u*nnr)(8t0z6Q~fx3Iyr;1P&!et z^`28(jk}n)7YK?u?@1K{+AJ>N^9(!+oli@QI4binMDbH>-+uOHA&`oeyvRj@CQY)6 ztJQ^H)+>^FIL%UHh*e?2K4G+etc0}Nv;GQUS*oO)(7%um(}7j$XYJG-8VjDd2EBjg zFn=3jNAIC$-Y17()qKpfpIh9^7D66WZPGZgos(>=2c_aHf;!BgIKVr}6oVZZLOw0q zs&l?-JIc=X2IB&dr9K@K)lv6amLxr%G^^RZ0V03EGbAQk>;T3R-F08@Zc0}_QaGIb z!`Ze}pfbT85>-Jh=TWFP4Fmrm?Y6k2qtql_aFh@Ss*&;+oQs)>bYa8gx`x4JAkgQA ztW1a!o)Zfh%Z>bN-X!A<`}6I)f`4msW2|g_9f*KelvJHF<1kdw6kEHrhJo z^D*VT7jB}(8ValoA53z0&CJ66UJca0D@2f76$8}1;|4bUP?7(^8RMTxwnf_t!S zhH9P-8k?vvi6MF~)IM34q3ElTuV?PBG?h|{$f1Ynp(3SD=5>?1?M zKAE&KPlN7Qs^wVGxbZZVt@Jz3Ux<)_$exij9!FY}ZP$^*%1Mdi-yleJm84P{)KYGuAIO_B0#mzWqC?2wq5=fJhA>==bTltAfK(1F7U zpqPk%O=TPaMaSMsJPHa`bTpa0GlQUI7k(4-)K-ou=Q?lAV^&#i`cLYWZz@dPvlh*9 zL^u??g{yi+(lg5b&g#<_;2idpDscg*8knX(xy6qY5@o{zADOB?B#oz4II=GVz)152 z>n3G4+!?yzzNSUru$r>H>^Yd6y$wkzR1(+X2d{g#8jq=R=KKoP$GRx)Ye)fa*qPlO zgl)d4yP78qHbCdcMNb5Me>q}cIGq4R#zqYI{h*)~()VTiP$9-SJC1jB98D>sM?3l% z@lR~84?o(X3Cfmm^Bm9AhbI~oNb|!h5c2$j+BzJsz8oMExbEhcQ7(fZkbMncW@ulheH_^OaP1wafFu~EBov8JhE6qeZSJ#sYXsj z0Bon-LlWC02r8ooIG>n&o?>eiT1z&^S9qnkK&{4|QC00FwO-|3YVO($^*>zBMX04# z%KvsjQ3DohNtQHMfB;Zk)&aXiKnej$YmrZ%yA+#=3Bl*Zwynyc{PML7M0EIi%;ft8 zUXkeO9bY91v4MM&sfv8k+wndo}n_2a=-!w4_o(1lVxd1LdPp&>MDJjZF*pK7(;p(Btx#d22aiz zD6J;aQa5&JzK^U+d9%R%xU$K}7PAiggK*h#xyk>41h})xvaRsR_Fa# zTNrMnx~>uGPCyBBIKtVz=<5ypvCYghx0Z8jZvoNfuujbkcJ)Y**#_9)D)!#^P1ogk zf_uw%h3v5oeYl=$Fg~|1>F@qKWG5R8b-iOL0!1?rw!CNH&=5Mvw=z}^<9B-6w@R2? zmh%|n1dAqkNDFdlgiV%w~Ir3EvXh__BQfnMj zx)ok*TjlfI4CCBCxS!-4>%3(8x^$kG?OvL?!RVN zgE#TJimTTs-D- zumvRk)az;%Puud4*{)JJ&eZXy#GQ4!y~JbTrIiVsow#3ID3SvYr8 zl1hk4;#t2Q;4?}FnStv-$(mGby^Z*RQ&AoXDdCWH9VM|n1<|PYB}sET!y+&GN@lYj zSHt?P?X+@(2>jkCx^oI4+-z<2Z3_qN`f#uOLu<2dtrS2$}&1CzsDjduRjDQfsX2>W3 z#gC2{zfC)Ovr--H$T#7b+BByI;k0atr6_Q8AykHlz`ztum@9QnN`93g5OCVhGtkLP z$GT8&+CtK)4=hP;tr!EeLXowdQe-a_J{W}R%F(@5Zsj~JnWv&*ZSG`e*aGdgu%Ea1 zp*R>NecRx(kuu|?52&Arz*<*7BnDg6#gS|G-19|71`gGWAs%j5nX8t8)q$;HnYYLh zmFyS@U2#F8>_=QNoqS9XidHsb$oCpKGWFg0W6>w@r+Ro4xO1@=cBv2Sz`+25xFtMV zinpR}OQq7mCfA8@j5oQw=7YPvuwoqstR=_q(Q69;RnpGUndwAR4T;3tYb9k`NdjMFESBy}e+* zrFduZez{3qM25YnbeO#|rMAY;Hj&AcmwIdfo^VDz_f|Kx%fR_|r>7@y3cj49+p%|c z5Onkr{`=+pVa3TO%ChJ{nSj6fXR>^qJ$W{C?Nsay5at@rSiF+M%&nvG7US0gCy&-2 z*5oZne=<5-|Hf(AhpGDH8{;%v(vmkrroqT757eia&sMhh)eRxh zwr<3!vryTNpqRv79@YztDCh4W(;;#&d9zUpc_JG@4WFdgVcRJ>EGLo|zqa3VUapP{ zTBqlzG@-1>Ap*!DaQo0I^PA*f=uSv?gG|nQpt*fEz>SC;qAkAyU%{FPT>iEmsuIo) z9a?gMXGpf=eKk!v=;eH)@rUbFOPnyH7W4Vdn*p}_$j;J8D%;Ti9*9d>5}4uxd3701 zMs;ft3kjrD!S2!Wfk?9(74WT@APPA6$p9cCwXLl7Z&qhm|23n3uUNSg$q+r{GN1*D zW)OP)x@V@FcUX+u=n>{8#u%+cvHRu&A?){D95?T6nmZL8X1LP)iH)ptnwMtKga9De zEd&)wCgEAL7!h5tTQ9wao&_D|BN5q`0C~Wo$j-FTOWh$hKFQ^156zj$b}cf|+&oQn zX`q8?9>OVbI9$H9axXywN*F`=C0h3Mc~LXA=q-p%a$;um6fx9x!M_pOnnPgG21k3+ zOzD&E6KneH>9Ue_`nJ!E>%0V-t*-S}VKqm*w4XN>1H@5c;15ZS#96Y(yG^(T@%7HNcDmnMqie zJ84-fT6(1cWU=W=)&UQkmB{GdX8(q4xvqda_v+dyYP#x=>ZJhdRZe0EgL4A z;Js_e-^L-dSKm;oaZXe1Gt{G?(|jJfqQ_gs*VtkOYmrrh3%?Ov@wP$^5pJz zAb3GwC7m4EBjKLL%uHdzXF-hE+?tYN3)C7b?)4-qAH!>&UXBVVNdg@}JPP*6N;~Cx zlHB&&WvN|_G>6P*=H@8cjz4;LE0dISvNC2H58zS^9 zYbN^g6;V%5>z5s4?^{9B4|uVd3KIyobJwBH{Sf)P)#P25>zm@2epd<&VgyRZ0?wqB z3f8_R%4$vl3-DhH?_2$Oha(Um`RR6Xv(joyi(uoJOcIGTE4bAl3cThUX-zR2CE9Ut z(eL-GQI@}Y)h?G8-)y2WE8=XPLPS3)!bT=EgtuOGrHw-v0*;m`E5xY-UP6yUD#m-- zQKV5{#7?dFL6t0dylAJfQtF~~m_-hrczD$hLWZgmdGn`|8t%w01u6^`K{vu7sK-*F ztz|adv-{ECf~{&>3c)9PPdfcae(G_2Up43WJ$EM+qB_w4se#2|X*{NqqFT*Q3zigd z@@gT~qj~puGnQbnF3R*);V@ZYb2?MF0a5x`BaoGUh5)^?k$!a)WSPW+AMCm!#t4T5 zMbKQ6H#4{!P7l!Y1!5L`6~{SMQ0Ks+cxX*7Ct$=50+6|-5bGI7^oW?2cNkCas#KOW zhgBA^zYZ@%8CMFX%)3OGmX1)VRo(c8Wm}zTE3m~Cr}sm~@_cbi-sjLY{`#M(K};wF z_1RExiiyvy+h5{f7WFhQS2cdMm0Q4COhygk!A{zUJ6cr;Uo_wK9wRFFdTlOR~Q~NCC~?b9$y2CaE(*|y&lCE6x5z0U)=ZiLM)J)yChqO^wolB(2qHam=d8b@@{`w4OzqTPU*g z5MAu0!4WHF`tcKohDn0UDGEOz94osM(nopKUt2Yh>*h|5*X z9Wk45gt&eW^f;rjvI`(<=(lTgzcmasHPY%m>h((=7c6~{d-*Jg8wl6K)XX+!JK8E<^8mOtz3?WmmL%`L4jH}H& z5tIBcjG+194_Zqcnkg&?d}RT)@6!ii*YmHh1=}Ry2?#@DAWb9liv|RTrsTbE;1znr zxAbj`KmOWZ-dG4RynYF`Z%0Q>eP7X>jht!i*N*50u_aXl@S|tZ`+RPn!{{`NHqoOy zjRE&p%Ywv@Ue*tu*kxm`-b$|_k|rn=UM*ZVP3=|8mhSa+da6>C>UVrA9?Iq;c>d^) z#5kIX$^506jZn&3T^R0dZ}%_^kcE-64UrDw#bk?Ce>}BptCgI~|;0dM=)17N& zeBv@&Ocz^NAvee1ng_(>s;WEZ+i!hD_Z^l3FxCWShOuN(2!4A!9Ewz& zWhl*3l(!8{KMJC<501zpgEfE)w?m&>u*m%8!JS$15UZDEunXG9ZMTo`b>l)z6ffe! zT)?E6G*=)D6DTelnCk;epOPP``=;hB`HKuir(1bP9A{uvpdIy6|g=io4^4Y5! zzcU^KB&KGa`n0(ozPe+b)nXZbn9n#&b?3w-er=R6MYxOJGJp&|P=388kd3y?>&p)) zURE-yMLhGw>bYg@Qa1ut%(N{~?yT}n4kOUkspX%7GDkB&dl1(*=%X5mcB zRL!>*Bf}6iS=;425RgT4UDW)v0>0hGW^%Pqg`aS5kOpxGYe$5+Dz0iUFmEpqLO+%A z3y2rDI90#0pcFCSGQ)%>E!U>3PM+@B-mCLs8}ZE`_jHXC-#h zc>uCTSX+M~*aTw#dUB(zY$}GlI4deIA97*4n;-sV_F4~W|DSGzgn3qdbS-tZH}8FFnqKhDJxY*MLJTp*UV!#RyZ41nllz|G*)!H*R+-%^ zFcU2euV<&7AQJFs8z%fLLP%#FRDc8dq5ZB98Fc9r;RRh4%lW!UWb(9kuGp+R_imZ!v;X|PfDlDH7Zz8I%_cQ~?9be!}&Y#2iM9JO+{CtA z9LyTVKY~iuQa@DJf)p?JF@`PzH_H=|NB6yZYovsFGfM%)IFU`i~!%}qiUidn`l+dhnuI;2i2IIc~%5044H!YD{&?iO|Hm5`n`iATXD})(Fjjn1*4>&!4faZ=Z z-580MY6uVa$9%lK`UxNLXM4!0WgrKGAYE`XL||ng!1NP~YiYE5lE8oe+x^#a(d! z5suiPxJP<}y(DA825c}Uz2Ylj&_`i1WKBs{8&gW6?L~Sy1g%c$y;3Ydd(bkWqe^>b za8J+-9)INzKmxoo8e`B$9YRP4Ga)4xQ1L()KuXzuSJ4+WGSmyl)L_h4fONP+#D+FW zyP~=Ka9WlC57r+|EK7BYH9X<_1WH?GJ+(=Bg@@-$Q9b;t#YgjIAYfAb6OV!b_`e2IM4y$Nu+`>7#uRxP~u@e zuAd0Li@GscWNaDEtUm-SDclC+kX6%BNx=5lt)FYM;x(tX8zKf@&bOhb;2JscaaHG4 zR5#DrQ$bCukQx0nd}&HO^{N$whjPBF!p^w=AK~t;gFBK0={^t*YGqPut?5x~t$y<9 zFHUz)&*1I?>qUK;k(CZnpb>yqZIhJSL|D8&TtWA6GK6tPYQhE@2H2g@(Og^WadE@^ z8ApZS<6j*B<;p)Q%DopmD5dR_^K(c8+t=x)P_sA;k^MQesmKnd0fDyolxfKZVl1S>?$2hp2HO0q^f`Xp+A2I=D@0E=#W zwy}h>DiBLW5aZJ!9(}pxWmJm^9tB0U%^yP^HMJ&u)0FtJOHshQs z-Qv{xpMMp8!5TMewckn`71ji6`IC{mwUfM_;T68HH2^G{^HW8wM+Eb>yu$VYKxY&8u zWaGtAec&h^YH8&-pAA1*7ettpiVt)|$Q9y)lo*clJssdx!CJtI=pZS8jk zO!0KhCsaQ(2*L4Hi;()r-z7qC#jO=Gj6H__k#hxaFIc1wPpLw^_WeOZLMm{XjI(g^ zPOwVy+Yd>Zcpt&`&E%LZxvHFSy1Z~m%)1t{u_U=KLSBMjGMQH;wCR*YB2ZoxUV*`- z8(%ooqTfA>e!L|2jL-TUdI8`1tb>=(hGQ}*kr;(t0wZbL-zgrouX!O_iLuh0r79m{ zg|9?dgiT4Cw|SR#;#Dq(W0EBrDP7*?Z7ROvMYaa19KIPRQ2f8W;-yaYPwwzD>3#;x zq1-2YfnMl_Z#w5!=z?DC%Hfz#L2A?=_AB&%>(B9*hxx`X?5Tgxe`Z9Oi(M(HOoSA1 zs6^AyP@)zbtro3zjYhcT$d3)yEVERpKHE+V9`0@l+o8vLyS(5SMc12RGsRm9Tx#G4U5X@r(q zTdAj;q9G9{n+NhMEnv-A+9Z5pYk6DB)_-Wflv?T@OO|p`It&7dG&}j z8wHR=CrV#D_aLeHLya)H^XmmNXl}pC9|#2xq&)cfSDWeaGLa#V8@8i;gjT#7x(9`x zQXeU7b<65*hAuKma~+%W9K=$;IYgaq+|^PP|FA^%f$E+dWw$zKW6pT3tWIrIf?DRw z>Wt3`1F_ZX6WA!#yr`^_3&moxZFR%8IvTh`;)wL|FXEgc?3^s*oF+U$H%Wzq3B%LC zL(Fwwp3y|>*VcMn4k((-XJC;jIlJYZ^=2O-vQ4NGWKjX5_%Wl-k5&=U?n*bBG$3Bm zn1PwNH~xT8QfD%58Q7!MOU_sHEC=xPjl(=&-*SRJ);Ea4U!-zYQ%b%}k@5vu~x)fK#Jvm!0iWn=X7)@SP;+*gFrb|%? zN}W_fY58Z0;l>AFV{R>1iJE=YZWoh75?T&CNqKzeZREkt5h#V<@JyiU&c1{01!PWH zzCsCPHl1%+rHmj%)v6$W21qON=d{!#gI-GweEiuoHR+$-A80yXb(+JJ^;Rc^%b(S+ z;_}hpVg6K}>Vw)GfX}50zDj4h`lvtOCQH2(nFA+@i-+}~d0EQjC{V~wvV8*gpH?ph zu1MhP)W!&7kttK%52*m@3Nmd!lN61A`8RxnE`|BDK&nsH-iHjoZ~h74p(ozLO{1-d*A8JMw=-H< z;L-Lg$tNwdJ=OeaTka6$fLoo+z?HR1xMdE=41t4_3YiK0)J$0MDS61gIGj0kM2N`I zXs4;G%FY4(66uh)Nm&4KP)g`Uo(A95er+4UzB%C0J5`DOw4#5ae@zPt7cTy$At4O5 zQwe94p2fKZQ2~ywx|N3NRlEm-)s0m%1ds?HbXQT)48P|J*}aSb$lRsSK|9^|w&t!%L zxYq)M4KW);M@x^Q#Z*b=F$DcUEnL7-KKpp@@wfkeWnC};KahG|f>=|>K?1&yiqtU# z#TK?BH7r82p{;{=4P?97Yc_n?x{jkyaGe*>%M=Ti*~50|(6mM)=DRsYA9aOT8DZl3 zTfid(D0LQ@Lx(`E3IRRYx>e2R*I{fmM5iwKZe~9ik(HccMk2Mey-1TDxczlz^6~s3 zj8{B$rhN$h+O;*F=1L!hm>3bZ7Qu(MYcx{@gv)qXmYat+Lb)r!6g+)8Zw(pY8&TY#)ME6rg_v<}ROeM6G=CJS)#={Q-fUO%*4M?oRhw0L)P}7LKq!Al z{r9J5@S*t~IoH)F92-D2ZcatQV%`LUZZV~_{3K-ZK zjgD_y44^zR8{-9o)Fwa>DDRrSbP!}}5H1Z696%5h!061(6oB<+J%&q|xasvUFVXTF zjy%jt*5TqO2`SY=H3SnHpW$&(FXnuf|C^mKO*H4}`zB2!?RfS0Xwr@E3vqBwZ;C`O z5Rx95W)unRVH*x}Gj&nrRa~Z~xQeOEIMetKE6;an{mnMUV@@eJ=^^6Qn->KUK-jgWdCW9s42g==04th7c5vjy3xNDj-aBYOwW3a)BtA zs*yT@LzYUnNrPlAot9*Tr)=%Yw%T7z*t8{c5^wp3P4XE*!*66=-tz^BOoQNoT94;q zF%T6agTlWw#HOlIyOjD)(l9BDmZUC$Yw=%q`mPu>zugTL0|t<1WqX2!Q;!!A_dh#5 zzm#0j3FE&^S6S0FT45AEInb!_j}Vr0Qq|BGgrLxX z`hn4|JD<@tM4+X!?e87nkPJb2eNwC@W9Y$H1mAr4N|GQ!yD3Q+h!D~~q=3DSbN~o! z-B=WbU$u=Uat+-|dh zWgVgwN~GCxT&hOsSQfJ6Y+3@CyimqJHy_k1dz#?)NJ4jHL=7^q`OZb&wb}D}cPHSE zc&LlK{m8tid}6K7E^Mw17*D9Qt{mkhnu0990#mlLkLJSXkP!i)R*3@#?~+V;3q1OYw@S)O&RO!|;c}_zHta)MYBMti6vC_mhF+B_o45PrKtmU` zsNWTII`wTyYmVSp-A-Gm9Jilvjm2jpi?*SYs%!p!Q#>5~Z(%*uOPx^1wh2Ng@QZG- z%3x~OP30`TfWD~(S%KWT7;Kg_6+W{=DTMEr; z4QX$>K9%s_#5U-jWS{*+4Ol{9$?TL^?I6k;TeUcJseQ_Ly~xMRWrgSbCGSbkuW)hz z*d>A^^%?@PDX`NxO0je8>7l8XPe5a?X6%>49*tivEB5F1rLpp@SlBh~-;0qGXmyuI zg?zYeuiMmt1%ikL&5azLwcz-Z8;Jxn>-bp8W-z#$Mn)rk4_nr`%AM!$OS45#dI0D0 z2A%LoQdSpqt|*G1-bI0GJWenEwJ4$7C}rJ?HGF%>517uep=v1F;=<<9GGsta`whP| z?+2pFcyJrXiQR0%0~%cw1B>e88>QD5j8B#cf#TM6#Y3ELVsFTfsWT(;-5bbwT7s6yni9F?B60do0(K%Mg7+4+jQnO-Xm7N04N}u zDkgys)1z$?vt4h(JT_JBfNY*~zrfgde3&!ZW6B!wRd1i%FMpU}xW82%%|KeH3Xq=e zPLA3`onL)gzuZbMz^Hpvp&3cHQh=FYI`JK~WoE~*S5Zv~bq=&Q8RQ~Pdv+XgeiDRw zNy!@UOIwD9cvIm)VXm_4Sl!fi<6Ge@zkJh;@SDA)8RlPm(yLAjSu_kkvRuag;{-rx zMp<&X--{55YtmAi(-oX$h_Cm&uvtHrHPIik+pFSXhvwx) z97g@F01Ow~q?Y`U(^+79^DiRB)6Otc~w_I0>Z z#VluP4k1QeXpG!tlahr6BYI#=%ick^uH%rc*H(_dXTJ@uVNNVedYB0-3Zuj5d_7ro z;Akv5;KY7C3)_7-0I!EVoI2D0=0v217g#6#|K&uCIr%}gfNu2b@6ZffHOg-oHAj-T zJT_aW_z!-X^bsksrPJIMA>ccj|Kp`UI_U*Sell<-Pph3WXTXC zF+t^P)O9(k6WI$-LUPQE?d_K0ZOj>*mN z%K`EFq0lCPWNR_5kncq}w}R_@S7mKYnQO2jP;4l;UPw)8pfz>{uQbC*#r}|s>@F>; z-hCgj1M=Y@z0hD$@w=gMgq8NDACn!uw;sS(t#;hH2)xfeH4h2EH}*gI5E=L@AJVXf zQyKODkq?pB^H8Z3(=#XiA!M7t;C&~Hh1kILZ#JZx6RT#nYny#TbuCuMQ_k#UBUnoK zP;N&?V=rkJbI=_`R#bv+1n06|J{WCbavCK9dJ)}oXUP*bgxsQxi`Dcfig5v<0{Z|i zH_z0&H0~w3n=@a(Kc$0C>wK^C{JtgokPmrX0cy>S1{z_U?J=1-NZA4ZeG_TIFHx5=k@*=d=QmM8|Y3C))wOm5jTBfAAAS6O1P{&c zUJULAHb-PJP5~v+)e~9=1uYTEje>@yxhq{1uYlc_X2leQ9OC z!0tf$brL3=h_rf+4ylQ5nAfk#-x+X3&Ls>K=Dse5=!qMpihFNvqAKhCQAy08(;l`UnhfDI0N}db z5dm3NJ$8Ne8xu+G50Ez2zYm~~omi}uB?7%Vuke!0 z7oiPD4FKc!6;)j*iJiohokzM1Edp0G{1@Go%|FOt=Ko|r9CZ6n_JgbG1aTm7tw;1e z(kLT~qkEs+$nImr8_TzqYd;-t&h&%OUXVF+Eh5!jJec2LXPmOZ$@%__k1*iR^xAVtR-f_VDf>?`zZ4MO+tHNg^Q_ z8GKu&EXjGZF&ZVcJLOhZH?k^pK~!EAmJjHe3wi_l%ibcSz?-8tNYb0t#88!2G0emHNZ+QMYX!b{>$hpD77 zCnu?hW@*Z+0ry4JnMbyB-$J#UM7QgfX=!R|`*|cE9dkWlDmntg7E)pfDpbq|u1HQ^2Q~P5T&n*uDn*q%> zQ~QFNyTF%l+?SW>{GKOF&3tTV83DYgCDf-luB;UBt8&|IrFM#D3#YDLxQu+h>hoM6 z^^9HMPNvRt4#na_S27cp^?aVG%3q#W3$`r#(@(GEC!WvJL z*_+~VY$P8#jQc2XVYi~Zl9)`_Ye?RuD!c)roT=a}s$zNz>2vZ-zVeBCb3q#ON8iq~ z-)cN-Ri08h7A1nX3>kh27y2WTa2=N%eTsz(moibFmUoNtnq%SY540!BEkA0-VjkKW zP}xn^#J?njPQTd8V$F8|a4!eB8|CgKd=EPjE5}nzz3^QbRG4mePCk#W|m zn45qbZ(Am#di{dS-{dg^)ls;>JcJV&1le-#c4>In@+h0IJSvW+lc}~m)h+Y?ohev* zm9uF;#B6Kn#4EX$!`QUyWRfN6pdxjdZ0QI(UHg#v`kUkrtv#qyu3;kDGtLv+SDBRPa_cHr;|p@XH`4L znO8KA!}g57;(RtuA94Jh6Cowj2%dS&L*FwqhKmD)>K4Un)qCLzO2tD zN4>U3LtDzsMI+V{e^OR^k^HHBR z$i%(q@Ly5yro|S=85Ee6-Z_|);bV7NfXtUlw9f=Q1f|Zf-T6H$y_>vzp1f?g&8-Wi zcS{Gk=xhAdRVX#TC5i^B!o8sZzBlIB_}W1Y&knZyAdvd zBG1bgL0XD60Z#biWbI}4%Txl*vxic|wUpPi#?{Wlt!AXhP4}B2>$dxSJtp1Uc>!^FCP`{tzU%WZUfdigQmZyKOGBp(Uyfq);m@ zP}04-*iz^U6YT32v7k?o`6yHIm*8f4A;sk9a_5UO*tL?N-HW_Mc#EmEwvw{8F=$k& z@vWip%vmy$Zt1K09_q4TMVtJ1&T=FRaR!N55oGf%TWw|58C5dC`xRevpMJkt3SntN z-%jg0{!0B{>6hHk+QHCDc;goQ=5T&C+YtHodv-~bg3e1jBpI!&Eh$Be0GJS{$N+F- z1eqLl@+~ri!)R8$Njm>vMw1Av)A#9&jv=c?7+^+1zpaa!U&fKmMgO1&W0yAdd*$la z2`#;_^bjiel0giTV-$06Q1@HHj-!|*0kgV%w<|j7drNjHz?`}2^4dQ!Nckx)je!Jx zaKA3G5tN_KP3pcSiCx?Wc7}tscn?QF8g-2-O%YQxUtq-2-nwg8)AUZ{ri2To+laLV zTI+U4RY(#SdupZRe`xFbY()R&hpNQ8MB9-`m@SY>F?`sXcTK_CuuSv9T>VYcK5Y(} zox>6IIjx7cR!kmDz-bn(=4KiU#{HU~B}+xKY?h2c$K?rzl&N6*bOKvUuJ!eAdAX|7 zI?U|7%-EGkJR+Mz$mJU4Nu}-hv8uxhGKu7aKC?hC zyYa-y$$dYoBy{4A1G#fVHmSNzxztaGR#?@>bF9#J9>z`2Bdxuv`)kPDlag`e_MniP z9ls7-ds7$-(q7NkT0B>}uwA(iMKTRW-~y&shCsQ z?QbP{P5NGKXm!Td+kx&{<2#K5GzFoMzg?$=KM;9H)0}4cin42rnkQDMnv5EOsmr{l z(v;1+>;n~b-Z@Yn@vcj4zV3c6mU0ewU+^Tii$YbLx!~$1Hy?@jM)x%oA@X*7n2yg; z1=V0Y^R2bTHeXA|j1F;@e2}|EotbT`?Q|miEHtie-v@(fFZwl&@mkC8?vG zKaN=i8!{l2cq!o1eF3nYR^?}WM_+USp&YU>TaC56{8(ic(QI(M3c&cl$6KLWhg^fs(4A?& z!o>wNl2!_@k-d5GYatXkgb4vQ$F;M<`+%{);OzsVDwh>h$L-GOqrv(zO)Mt5F3!Y2 z_wBbN#Dx zMG?vNL%H&OICy3E2w~>g^3?$@H|-i2(* z5+G5Z{tPZLcCV(Xdku{-rd1{4Vs#}rz|%{e1hJ}{a|qjItQrpfWOXiHe{XiQZ>%x% zAQ%}h(eZ#JcJG$R;LZ;k*hd)%s@D97i!L=5{rjOy26STsSij zSr_+YbrH?VJU@}5V7dvhy7Nn*Q_`hGbfx&LN6e`(uIgVyQy8%$S@ec;u*P& z15|n)GP7SW^D1p9)G~i{*8S20Ed#sAS)1D=J0MTTYO#B*1zK+FF)X&ZXyc#y4ub}4 zZI}0WK%fOvvC;2S2&Z=LrCnK?11=#_YRG{Wx>l`8rUVe{K-LEIWdm88v)?}m%~bpG z$65(&<{yU3kN@;wYqPe)$^chMb;hB8*C+)Hy!mep-R=D2|Edc%p+27RXZ%S!_g`Ml z1_Z58K&5{C)6@U*3eF6+GElTJ%>i5`)R2y;z($KVp~{!h{<|0Tx9{nx|1vuGGe1=B z|KYH3|E*0+s4*2wDF!Nc2{61o5|1^v_ zxdh6tXM)_s#9Y{c8?==}KH`hT7=DQfZ`vV|ShuqmXPweZGYWxaPd+m)yuc5Jh5zHJ zgt9Q}R*w49>G$?8&m|oa_P3|^^g|*SWqb0cz_h>E_=o*dZ~pc;^3aJp@bCH0j0kgK z4964m;n_Jha&wrdAVZ^;S!>)cTtw+$SpcOm9J$G?yoM>*h$ZUgS~>@xS#ho#I@ryK zTXbB}jc~epj3hSYEc(^d0N-U@56SGQ(SKH6PfF-MAyd4LT^M@iYPpG2{Up%?Ele=i z+cUd})vfrcZmqr}vWRk6r8E(OFre&*M!VLofXtU{$?4V%>U}}zxw~y`(GCPhIGjd z*ILh7Q&IC6`w)@7L&az-ZEUM5ij+w(^--j9BwFR*(-({u-A}-U(e3t(L2{5)16Ivk zKiY?Zf9TAndgK>>g~xm$9t!eYhFkgFv~a{(3*3~+ zYhcMi$4KmQbTuoG)e<@AZ^%!0puJ)C_&IvhcYPCe=?}QkxDWLJ`jSBt2@=eqovU2! zY~kR9_$-P~0_bnTpF?y8I3J*w9E5#V%NazttliZ8?iW8Ivlr}(b!%5|JuGNDMOFvK zbNC0wQNlnG^zc5dIzik;eyQsiamC*VX8RJ-x(DRT)Ax8&rA}tTHDG0!t;5qXD$d#+ zG7Z^J{FL=?GD0YPOV?r-^b13*NtG4CBo;0uQ0+Jz3@C#m71sZydrx>QO%I&OdfQ9&!sghDHF`6Um5!=6kz8IWv5a zLz;2#j2La6U#LKAY5TkZ2PPMr5Q|=WyJ#?xTh6nJF=+cw@Ls#C!!wBmI>Z8l(LjvR zYA{h5-8L__%Y*@(3y$Q#4sG$ju!rT95ALu=zDvN!?F~tmZudiB+z@<(isMlj(^(&M zwa}Sa-yx)l9JZ(>w};El8|%|tj~40+D_@eoMLjDoJ~@penQPJwaNg}r_1Ca?Y*Nc8 zHni^?>V>;5xes{28O+Qv|0(13RO~uecs-5OGuKLSF3)yH^b!uXC-bkx5JZdEeP)LH zGJ5h?3s(UCu5|9?)f%1~Jk%*Ep6dtNxQrVGc(Hy3$);}9@8MPu`2!@=A`;X>CfcXz zD{umEbHA#yhNwYj@G^fa_W_Y;;w@J4c&~x+0ltC@1h$149{{%SK=tg1KtTQoUnE*j zhQN-0nRvtdCMBEk9iJ{BP5E9rI$ADZ|2+C*b4N?^5JxrnU?w?=aH<5v$QQR%3Dy2{ zz*Nl@GW?KcCO^oJ&b2RMsc@$Lz~$Okn5>?M4wJ;01Z4$-pLWdvQ3D|@-fRlX|yUDBHh zUr}Iu;;HhdkVSiE!TMLkE|eBcPm(Wz@&%qp4^wsX9qY%pe!Xq8nx>w7EuV4i3A`gS z1(AYZ(F_{7U_|{+7j?Bf0YsK`RQ(l`TYU2NrJxo0WqJnYBW7{Y9k37UurVVuB4d_5 z%lxDD8swRV*&Dt=yMiHaQ#|L0W`W=Q?6w%Ya(Rt3NRh;{N!)iQUznqtNFb*btq>h#FuzM()L1(!cw&`@dP)G-SCxVf4b^{FB1vT`~0$S^OIi1{IjZWi!e-ocvI zQ!x(eXjBpz1POiqsMY}_8^j!o0?PGpK^RQXg*U&;yXZag>DaLOviRt~#T^G+kLFOW zYrbh}dYXtFBkz5jlg?|mH@xPJ_Tw!^CHIs$U(_WQchiWSA%1ALr4Mtw*vJVW@S;jZ zGT{$DOu1;&%7*i46FhW zN%TCz<;`Z{3J;ST`ONTYSi!cn=!-h7_4io92=%y4S4BzO+r&-NWmbk&fJMU%3d&Mj z%pejV=*-WB^cwMEGoJ7~S`hQu)6bwpBb7@{-;E;L`yX@DC+#k{3B?nRd#I_reQm_!prP+Oae&y%HRM^@$lhWR5CruJ3IEa0f1W! z=g7td498nOs;f`BaTUzsh$iFJy17j|wnLzvAv`~ClZ(kN8#n>+w_V;PRO=#7GiCAl zWcif%wgPxYt_O7sB#DHU1q7$(sa($PESGu&%4XaSY^db`ps4G=p#UyX(pi5=L{;KV zy_>A_R~v6NP<=iGeW~Q`r|X4SE`M|NMWQg0;4gS!#K>stPIQ4v%m}tu5}R0($gk8f}n|-%Q&Ip zYDNHtKzYBvKou2M3t>5e9I=DdDAp-193yhKt~ZJjh=R!)&JS`%#$b!kQI2CchNpX9 z@AWxdS9R6+i%nnh2YYWy0mvqh2-Y}_kozzUqqABUA|AN4Q zgrCT|yyFXh?z#o{A8pux@iI%hsGY`jQpEUT!0{Z*sfJ=G!Y^bUUI>LQX*|ITmUf`n zU(F~=3q}?TSU_GCB93->z#v*&#)ADY8gjrNNc@=IapXnJF}O#6w_tIU%>a;2f#d}? zBL!#Iqhx5*Me{C937_5;NU^qtYkh(oGs zmObRY%9IEN_BCEL_?-bt2bH(KWXimlwlkI|s{YW#gu|eSm6@=hV`aP`v>fYnr3Z@> znig7LF8BjtE{61)gq@}LFT30D>+Vh zY|&dNSn_fWj!(6YI$V8k7HNRawJC^x>@46~m@UJ+A1 z1LPb6H;zH(_6HmTHq>dlJs{GFPp5U|Ksm1we(0L319Ct*wki&DQYugzR$$pPwH>*o zB%A2-1ly&M!tb$adkP^~1IAId7V{>M<}00qpw2!8(SJp#WsQ}ZZ-5F=96MqLw3As@Sa>oVqG3xK{G3&$p)5)H3nAcb zmC4{VL}C)}MCgE!;!bIE+HYgZ;e&i>_ewGy(cV@8w^)ZMFhB>@ErLZMtm9yFLi}Z| zb>U&XE+J~CPK6_<(QVZf9#d((uxLeT4Yf1#NDQvt^PT|m;EB*Vt_1?A$rXonLV(}N z<=N@)cf*q6Kr14K&DJW|jM;?FN?lSbibIOdStiUvqc++sn{gov=+yb$93B}}CRfx7 zqLHBodtXi?7v19X)@76`DAy!E&G3jAH%qfx?3ZSy?-MoCH=@2|uW9sDIU!4F&xCcb z@*GqPVspe`nd7v@R)Afd6nn;<$o z4D@@`EQU=&~;J4&Sf0gPB@j29Gj~7>8hv&JiAo zfhhEWs^_M-yFiAXs;ss(2!{w(12@};BA`q)5hwzFL{d4PDFuaX z3U+{&hl59H$QqP4!3vMW6beD66S#RLN1M1nWNLGu*p=Q|-f6QtXe%wa-%YHftd$T*W-=A0gdxXq^rB8U7F zig5igMi=X7CvY35YGr80hD(H5ciYg*P%>YTi`|}&D-_L>T1eaF&>ZPfS&A$@RUpwN z=BzQ@w~={3cec5S_-Mp?9e4osHPQp949H*mgV2BoP7b{{bl_?M? z901pAj4lx&K1d7U)H^1=U$Vfk+3a@=Q#t{tsvN@$3z1w_lGcogSuB`*kcTGR#c_3nN5#tDpz#)B(D-FG64jL4)W4xBF|_E zL-9*j1-9mDnPhYn9m2LHW;Rvr=Id@w4O4{MPlXme<{eLYJj`yl>wVB5)DnUBS~B-I z7jjns561m=HU~EG+T&Fgj$KTywhoRQ_g=7(WgP8PFM@Lo0KqDZB36KHu*zBaNNo0q zJa>Fc1=MJSXX@G&Tfhyb;F7Co&kfg9%aaxyU=Zib)-FA4g@xNwO~4sg6To`qcHGnu zTLp&`%La~a=-@|gH_n9~!HWgumH4ruS2J;e(!D*?Wn@|>YF>oWLUwY}i*sCCoy2fV z{hF}SNCg9bBZWbgB^EH}j|XIdFtjC43or!8ojkHl0qDj&9>VS*ugoc!SV&kS2w@;7 z-c?&$#^=mFO2rkl4-}FM{3*QmsJ-onl_AcSY_uKcMg`8WD9(s@s*=aH12!qw)hs-3 zssZdO$c~l7GF4~4J<=MBSlhbAde-GtdPI-T_5fD{%5BP1HTRW@L{|}S9yM0yG!Sl( zQQzvE&Mljf9^(OEcE*ASW@DZN2XV7!2n&K5%viM|Lcn`MRACb+6e@zG&>(hkjA}I2 zola>q?-roxDJzhWW&ti*wIfqLmKp?Q-m#5$-F`I#QF(+YwPb@VA3GJrGek8# zwM6x4u~w&RLX5VDEXik}Cvx#oiwM2-(xY_{7jqZ_)ut*5ZYMa|obXW$iPI{u$7D;H z>P+BQtF2fHb!2PvsneYLf$z`;C2M`!(}i2R>taAmh(2)JtTFP47A+Y&A}uX6c(EeG z=CqCcgHjXzbWjq-T1Lcxp~RfS!DwVcB{|lBA84vi;>q5}>W)(EYCU%7x?hx?G8}hJ zxv{0FVWuYrmhh-2+l^PDkUmc(wNCJDvp{7y0y`MvKuFQnG`*S*`?=GKX=1H5>+rPe zl?5Ljl^%tbrn9d#RIu@5=<4_q*N?UqXj$y4InK=u%qNt}*Z|eO^~!Q!0W0;k%0W-K z1;C*0hMhy0wOxC`YGYB>-m5Zvi4#l5qxVs`S|klkH2ZWnQ$k!~p&hqB$o(poP+Hv3 za}^UiJzRwIBi%_STwsJHN!_1WnvNPJqcc65(elPu%f*Q_XK``lHfb>fg%e^{qd*)e zAM3N()Ci!%ZpEjIzLf`=F4x6sC^z#;)f=vA!x8{X)=+0iZ?5g%jamHE+?arFUW0@}00sMq|cL&G}NH3dwMkP)NEoI8t=ple})95M!|^JbGB_ z210`Hr~-It_8VPY^l-itq8xIWov?ygVAu0OA}s+^BqUnu8x6$);psv&D%+uPyFhd?PV%VE8G;fINY*j2JPXt+U;Bu6)kYzMm z!O&6h6QeYCvakafd@iXrlP*PE3wbeRx6U%!bfS#SEX7)D2Y#(D+yj9QivzfH5pooX zxq%zN-sx=0_8feTp2u-zmpl3)PNEiGR!6b%Y&L;4B@QBURqJ*RW7Z(HD+BI*Swjs) zIWDndZ0u<0u-NaFYjbWR(B>qz!K{T(>H=ljWq@kx2FD!U@lGtStcc4w zB-!@17}zr)xWlDZrEpYq7Fw~fn`ohJq9Cvi+{kifn{IZL0}@ix3Q$qN6tpPNMomSu zwNLw{O-W`V=(Gw=m;F}LqZ;LBMCq?|&glykVfGj`s-N07!F9i}wAgg8pKN>zduTxe!R zv#Y4x-rTe}m&se6c1&32mr)5YYD7-KwSXj!1Q*QypoGWNT(}-Yd9{mDJA4~s(qM-f zJi`#l&9I$Y6nH4&QazT9Ly`M<3%AV1khLyW>%N?V4qmk~ys`wR^x55XtYR2dD|eTO zL*?mPg=~Rxv~0Cbd1(PHI*~C=%2^uPC<$9&4FG@$=zgv;Sravkok;a^gjm#`W)Vw) zi@s%VXlH_u}D20YL9TS8*0_?OALyz2R$AdhK zJAR2z*{zlD5-4OOB^Bmb)}krYDu*oGDbnO4-}ylHfp1?dq-7$I3` z(K1@o@(`ZHg`jb*(=(*SbX6mHaWNS4!?s7%8nP6|Eu)OW4{jo_mP1tg0Rf*z-xRBw z*Idkjv;4$r8))8l-na7&jS&mTc$XF6Q+@J$n>+1cUcgC^AWWVxQq zfthUr$cdxlsm*k`=Od#r@IE=DowW!C6*++{zFQMjIB#7DEEK~hS}*Pp#NQ09K^ihx zD6_5w>jAWzxf_Zo5t~eOR5>UVNuGB`bUTXc%Lh#oni}$fbnCtaGlM#Az(Qiz8Mq$? zo8tU%Q4%pP=Ub!>Jdxh8_yCGNS&dG&C@I^eGuFo zcfQITvz{+$#~E;mPv?HiQr%@eDy z_5#ii#y~ofwhHwho>h|M^%u@6Wi`fm)N08@5jUr?xN)|!DXNQfAvW`*9|0x+xg~bs zVRN;D=W9sHS9r6OoEfX@;#yt{q_oVTH6+ny<XoWdLc1eY z9}8;+~`2Mlt*q{Q*3%l%3ZD58Pw5upmK!b%UTRD zg{ogrFDrx;1ULt~8yE zC1rN<>&iIJN4F`>Y#Gr`)8@DvFj=`>>AOL!GPo$Z$~qQF=`Uz>WzUh#2?FvG(x*0= zB}2)0F+$>z>dOY&*ZaP1Z zBIi-dc@$Vn-5HB9+{r}M#G_-dPT`0mAo)9nqsf(!Vzs{YF`PM|MaLn2)UD zs8b%UJaev&bA5#3EHe^E9iR|8ta-=_QO=es>1=pD>Cs{$T9^fZzjN84nlL`1o8F>gan6L z)PN+#3s4tz7O^OCm3ee-Gr)QpFo#wk(yEJ3kU!`eKb0~o_fASOmFSqM!6P9pgPPFE zIc+QN#q;h*lLjX9IXi z;jFjw}BjEncI4@d+CwEm zq+UABMIzj`tR>85po0c6FRX?0|2uTmEEY@jIJ5@lv%2hANXO4~RM*ltjv4tWpR`y| zh-#xdjl-9rywFv&DwnC4Ci!V7<`6BMW~OGShPu&snUR^z%%lL46~$_?EXDG$kMg?W zXETroLv@>2(E(l7(?!QR{Q(s_(V?B;fZ8<)vu>PM#=xIY_L`O$Q67n%7_g2>Yo1Bc zkcD=acU8&MoAU7ZKU*hxBs5~Tc88h952w(@na$}Gc{GITkgY=+N@*^u2#Js%#&u=R zP+3&`*g>p3M)n~tV+;47paN)tr0j(#HU-k&5&hh%1g@|Eu@O$)@><4siox- zmoj|{b<>lfxYHfsbB9ikkR6#>ILn0xdFOk|oPIiqa)xTE-Ea|Hvi0C?CD_*T-R{$H1jfUyEp3g-Jnl0Jb#3^oRdmDEH zlA4f=kd@-^j$+Z%SSjvpkxCg4o9^y*-kP zK~^M!K_EltRb8NG0Tvx+bXzQ7bF7l8aOGA;!U*et?YaintinhTjY#A!G9o(m#bdKx zaX}T$5xyA@xH^?7qEjl^cQSHAFiVy2XD&c)Te{w~0Fw^5>h)*?Vv!4H~))=4lnJFoW-sTOgRqu4oY{$n3QV0gNMZMwgc-3+w|h9&Eq>2=s)my=bHtXgdW=F_hBxqhZZ9?_k;aEp5G_^Q zSk__jCDz)*vaI(}-pTlEubr$$WE~!Dqde-8wZl4V)Km?Z+6o-+-|HwH?XZD^zCLK@bEBTdfJ%yVGVGRk3sToC9RsYiJGAs*T?nD(qPrH zfwW1RnVc>2JqqmSE_4Jpfwk5k977XTfK#9yxIFDhhUy7$nRcgPjUs^``7_t^;r=9G zAdYo0Y{a8y?Uy2E>1qoVqZI-i8lBiprr_qLQL{ry(Eu~w^5c3VBMi&Sei(L2VOv>^ zYqqg=4c&y9DK^dfzAJ(4)CLNr1w=rGBrHgo0A`4Knn5!L)JOt!JaB8OLMEFB);Wwm z9tH=`Tx3|+RC6ZSj>PD>*ep02+hpBt#EpH*Bzss-k(!kPq?Jyji?1lS7}EkpdG=U} zRf>1V+Uvu3O%;>^DILhSCrrsVNur|VYwVQ`aWtD^S(Pc=Xhv=R}_jbHpl7c=x zn1T}$n`Y0OAkR}6r>@+EmRPi<5V&bZQ4}Y0PJ~TPauQ*2V0LjLrrYJ9YJ_Vp)t#zp zbj-vIGh=7MY&O$(i%8Yfn2s4nfUjxl;*xI_9}lyIYU&g_WB5aVJeQfz79>NfvB0vd zuyB@5xY$MNrCo+)*_F3=XhRd}g=!kL3NBRDG#86#r{o$llNaTyK4^5HFRW|*5AADi z%yLN)Mae?R)%{dLMvd2Mf4A3oB9o8vT{3eS&)UcP#GKhW>=(1dAYq%W+9?!u^RjGJ ziCwJ;YrY!O+SR-bwNd>YVv_w;^(fRR`rs>rdo|YS3)8kFdFL{x-W@f&jV|1e* zjp?8svLtydcK}VX1TWYXQY076P!IKxoYAR~|S6FDy8vRzou#~G6gBsu- zIp+4tJXzAh!9{uouU3ZFqy$>Il-b)QB=AAF3`E`R*_P(^LUlmbxG|R%GS6|)wAYz+ z)QhPM9+*(jc9=KU!FH9|M!p7jZoip|%4$Qmq^D60EoGR^rF>0iElO;Sb%F7FSHY%* zxbBB3bZWrW0E+>{CR5F46`=!D5*_Td4fsCEhDW+%Ll%%IMC0@&e+>9;pY=Vo*Ys}3 z3@2eqX^k0)dH+2{eFSNyHIX83>j&v(^C&8oj{(o7@Zf>9Xf4Wpk7H+ z2(B7$Wptg=drH4?+moxdvadUoUTp+nVL3U{g?UmV#3|eQ$a>KmQwS&GB?N_jD3FYj zgNSAm`Em#qTcP80RN$p2**N3W`U!R`o~anyBaMSYAxJi3_sUcs6vakrLjpu1mMmAC zw}91-z|mMIl+G@;rRZto8kg-A>{%vDNTpKCzN_`?TyCXgf7)RLUf^kBu!h+0m}Xh9YV31{)O zZz@*lsD05ML}IHSS5B?~Sw6+et<$dkEe2S2c%*t~H4>m_K|UlO3Ib9WyK z*!Z!t(j=qEH8Dp{_0$M~Oqg3^4HIh*z?1+9PQ`eTHVUZI9^QDS4Fq~hY@M-5BpTT) zgDs#_YfSQO3Zl|gQAfU<_JN~zIl*uDgcKYJZ`yAetqI#@3Ik&=E7H#I+m$ayu*MBE z-y1-B@K`vAZIz`9KVPccrYKc8}B*c;?@&FwJ&Nl8+fXQ!aA z@f4?k`sg0|vEA5n84?at5fY&lgz#Xf)H%9VmI4us5HckrCe@w9s?8n@reYz8Osd9O za;jpd=AGGW?+_;x&ksZc&-W*9K85|BYt6b(0UH1cA83RyMTroYk0dZ9$|)W8;)t7m z#L0}z8$iXUEQgkR(BA-S8wgL#CY+}L&>^)#F6CoQAuYqDB@ltzaK$k&2^1Aht;5Vt zy_!fzZ|)-KG~CM8l;Z8aNs4J;w(YVDm7)jG5OJv!KyF;W$54F@PzpCEieQfda~ll% z&D@$R*kSIjQjS4WaAfg5i~JI6cTQc^LvuV>1Vsiw$Q2DnDnNhAQ7O!Kv|?#%k%c8g ztLqLfMdRcEJ^|Nsh{OPkuTTtd8Gw{*avU@VIr>;?qdRm8lDJ@6a?_5E9r*}Q>n9gb zruae8(7+9S>Ck|T3aiH+9rt!qM-a+T7PpFlHL*HUp;dzcB_NPlPixjOs{MR@I^b&w zi(QpPawI$C$=*-}q~O5KbX(?JY$yDDdT0)G+fXBlnIUEaYOR!giO506gM$PU@4O zY5aT&1L3BqE3}s&S=s ze!IyNr>||shw3oPlo`IV{d^~dsp;-$2kpZX?tliTNjoDyb)JC&V<=~s7NP!5Gl@r)1l@WF<<7)2wL_w+-?cq>e~G_S>!y@926OJ)&}WjewZQ==^%rk z_rj5Zg*8T3FmH^J6DJDkNxi+0^(C%uA{?EIl?IeDfNOnh71@d1?CYl7k+h!B!c;GT zSmxy#M|PwU_R2isrs49SK177#x*C zXTzm73U`NePeL)emXEXjdhOubWk=vpUw* z0HJh2*#a~8n4eS~;*P-%Dg$N)HNcK3&@Nsn8Gf8PnH~G-X)U#>TZYqJ)9z^@r`USA zZQJAkEvJ;U(Ji|icA6A6Dn|AxD%v0ypXNKdJ>}q*YnRr)XqhXl@CieU#+!5awJa$ zILWRS{k{NC`F_}L;7W9mkoPfSYZYJ`+NPiIq;i^XqeXqpPKV6(F$g>nTU^3=tWH76 z+`ul}XetCKyQ5JLgq_LD91e_3nd?Dmerkxg0cSp<v1se>$VnqbldbrLj_GMwa2TGrq4 zq$ul2TTZ;JYucc`bE;(Gl|@@SUOVZ7x=G67zM?h`-n^RR&N%U6r-*`y8?-|Z6q9S6 zWqobpA!qZ`#O>P2|1Qe*f8SU5P@r;JFMiDT?fUjUPgnU)8%)|bX(nNk1(UMK#>o%| z#l)Eu!EoQmxwT8P5B*9W$LwEfa;ju=ef9letX`XayZ`sw@orBx-;xsOAt$S12e}m5 zCx!ogBHd5vCF#CW{W6c=FG-Wh-L)6rC(wPu6XG%9VdlP1ddLl02l`=I{5O=v zenVOGHf6`Msg%=0)UE9@d z7BqKGQb$g8R|iem)n3p5ZID-)(*_N2|H{kn&UBq2-$p0TzS0H=f*_8fm%ktgzWj@W z5QY+efKZ&k2?9e2;1KeM3HZ++{vZC(HLX+s0sPHvy&l}}O_ge%=}MMI+tay&02JCBd-`imN5`Xp=k}DBCq{nQQml%mramB<+Kd_IliJ6wGDt zLEYZvPT@pBeXc$!(!gu)Jm)T~%lu_WfuwTsyC$gnq=@d$C0{DbGRuPcE((gvWVl_D z`PWMO$5jHqLC81oAH5JC8E){IF0TLmFfa0$7y1A0|3QCP2z@MseU|rPKD@R;u7r?O zj_+S|dGqZ&z2EMIZ&F^eHC5m}OpsR=4-@&=Sku-{8${#xi50kUS?(X-4AGe`5hKX(t@|Mc_uL`QYmRoA}0n%(=}J)^+$WR}mZ`HQXi zlG?7Uw@~Qo!ab&ENz;li->s77X)smR)lT+e$)DCSF6&l)*_pd@&X>PlwRktlk(YTc zzu(XGrpn@P&syf&L=Wn7RcG?=GXI|0+esaGWmF`m z$NHN|TV5Kzn5ykN^ z|F1_Q``_O5_ewoy%bny%{`CNN{u$GS;u2+Hg zg2()zN$N8Pv`!nG`Q|a}w>MRO%Q!$Zq|JG9ous&SWT8x6D}xtpJMEeE zzEA%A=l}Q5fBy4d!8_`2fB!3VNB!;kFLe3yAMnqAhyM!Rq4%jU_E+!@``cgs@3+7F z2lDeTE%lfG=P!Rhw{}i-?n3&G|J#2+KcPQ=|I2?6KM_B_PX7CQ8KIwupTB?b2LJi{ z7wf=&{_~rx=XCg^0_Xe8Zp)iuV0Jd|_(NPnZOme=$wI){lQ%gx7{ITA(c_&ZJ5LFLow~uFZGU3a55*(ep%7ULJN%)*j z?ia)hF1FKoY94Ey3`rX&@0ll$vvGFr@26n6483*s!KAz&dKXNxWFLH={OK&>pLO>? z&PL$RfBK~6KM!$G2a`XYGydt?$wvx5r#;ZqQ)k=QX(w%+L{U&b8qn`O7u9@Lc7K_a z^?5dm@>w;P%FioW1zr*+f&ZrSe}(_{Y0qEI-y|vg;5dONNpYR0s`UTzZDL%gW-MCg zcy7&$%O?12rY~DKZ8?dZKA1FR9!!QH%kHk4(4P#>c%G4m#XQrZGpU@q{UJ3!*qFwe zTYtay@JwvcWjp9>gM`W1UOXF$_Zv!QN`2QvdU%@dUIdj7+gz8i2a~Wn+Z*5BS`?2< z^JCtB-|%~Q-Z21Q3!eW{)9Dus^x`LdaiH=uj`(z-FT-zs={4tJdO_7TK-mX%p9BLi zl=VI-qPsKs-d*XV0WKi`;D25I{N{08BOSkBaF+uA86!Nm(*VC|fDfL;FVmI(re6h) z_qzO@voxZDaL;~$)6{YXy1SNe+A>ePcS`t0bMKFS!EWSa{lR&? zkC3KDX9)nL#@yu=d$bh+dPB+i#E$jS{ zx173m#&_OFP8$r)_ysNzt~noABzpK+-5mWJx&C7u{i-apFHoXVme~UtE|kl!tIy>$ zlPD;H`s&)(Wq$MRZ@&G_x4-%JH{br|+uwZqn{R*f?f)D2_EjB($?+?8;w9sQrI}p`E%|ZClE}&Z@A{pG0D69`#Hxaqr9)|O^!M^bZ4vPZKv-( z^q%gn`(E#)pUvd2?OouL+|CU7foHkgx>4l@8x;f z*b{!xdoS&E1<%vp2O2&v@-F~0WM4`6-xJ923a0o7Vt8GH8@}*{FTCLke~0+O3v+)3 zU3kg(OR6{s-d}#E=F$3nNVwPpuMFU_{>Y7*Je;1m8OS#S`DP&B4CI@E zd^3=52J+27z8T2Bdjokg3F^A6rJ!k?=mXArF;TN;*H^=TL<6iw}?pm(_k+!ViE5)yrSc+qq&4s@K2Y z$?~G5CuBkOUfQeT&ywHAAUrGZPlO<_*U5inN<7@$IB|olETSJ>aCDV24|j?F-z#7K z--`ipzqV&Wcvi`kyzkq7mj15(_?4guseJOUp-;-l=*=quZMH4(zPugcPU@)Vt&9z_sZzvTfUnm zPl{DgL}yzc`ZZ&_SlC|#9=^KI@If0rDTkn$y!7#&KVMf$XRn5HTIWeQy=eDrLY*hF z4hsLGv?odRVF>a;ZA}*Kc|8`&-NRO_6BT9CCf#C{t}JrhRF9u(I=7TGlcboqWmkM!@r_|_4D&u8{D56PHG$t@hF@n0--z@^ zq`!ekKRbB-4vqfe<^EoU!NZyP=7wokB+H7JWcD=?U%=?pL0J9Gfe8Hea46H z>ZTiW-k9?r&74i=7Qrtd+DrCFBd9GOOrYRh1L#xMd}bUqmpHiRG*^%J${N?O{ynxX zO8TJqX_B;`1M1G*t&{%#eA}h6=Dy3-Bq_Z5f))+@i91f9$)EonqTp{3PJRQwLI3_~ zwP%OuS#A)3(SQGJ^8ZU15_l>B-@ilt3f{qgyRqtjHLE@@4ftX)p@;v^>q-9Yw{!Fl z(NdrLS5+O*Sypfu3V+--5^gN?FR+pD+Q589<1gceRUJ6jcUK4g?f19d zw)-Ko{WrUD=_zXci*|v(c8KV*5B#+=M89S$_;R%1BQbRoXg7iOdlqOPO0(Rl&Lnt` z$G)I~ekju}r+&uE>6u?6^D?Jt%`3L$3xaR;lzWo+LD42*5;WJZ%-^3DyNHCrX|B=R z2YK*5BZXz1JM9&bcGo8P4U|3kr+~8WfBY^`*`ENRuZ8c+G~ZrU{pL&Xm!kjT0O{+( z{9X{!UzqRT44J;7Utc3@pODip-oFc=en}-yEB!8xI!9h!*XF%y_*vRpp!D0z+Flob z!b89J{=fWYwzmN0e-g_0RqyiWt)Fc%EpYtt{cc?4?YH_>j%&lO%Y6lZEtSm$vl|rc z^+eF8?S@X0b#}~e@$$R_a-OfBf)Sru_--b|^Uen(@K=qemh||s_`sO+VU(?{GiIpG4L<6 z^}(Dt#pLYzUUY?b?#AT775p|?gp($?RCac>f10qgA|aC@$+9zDPm0q2=;Z&^*g2Ox zSMX5df}51r+c%!hlV56Sp0^b`Srh#95#c;lby@EVIb5okxZ|X3|cgFM{$ zb2T#E;2|0qOuE7k>TEpQOHVCc@6GuUZZo{X6Yk~Dz9@&{r*oafq-!4Rugh>A8#^z@ zSmeYhr*FNY}a=j1B@j{LKWEUwSXVDTjGa;KP_9pH0kA1at6 zg@0D{=h^Us)=9Ev;<#n^zRq~;;(6X4*Zh9zt`{Gj%~3a)1bNktpUudZMp<9{m&;$SkQrwZbx!RRZ4meuAMy2!Ud{1O>;1>fcoXzNowQ%amg@Hf9yC;QRo+#W zcu70)GN)S04E3B9_Z=Vq7ezOV@syn8igf{^mYjGJTm<$Li9P zCyD-?<1Y8kote1&c7H41H?PcrCyxAlJ)B~ke0!|<+qq-+@q~#}2b0HJm(I&xmre7i zfIsKlEZGMWx_6T7EJ1&oxZRm4J?Ct8I<=d$wNsDJ43!5UXV(N__x1|T=g*&;AeekR zn~V<;!>4Nga#2|m$4#;`J+|e<54^Gnv&8!$EH25<_P_Jlb&_AavgwJJW$ z`l(%Tcj?XtFMlJ<={^ek^-G}m7X==4WzamL9_!#5;t8GB$<89s&ED*(JUsPz)x0Eo zFgz}X+%*Vx@m}sF$mNR3$6oZW?wk5mXUktipT9ordvW}qH|nM8%(O8KF?d=f17Cc66)-6zulgA{#@)U{YrCZMR+dp6smvl%bs?$Cr)@t zxZl6}hx*z#c)@>Dc)@vU9zOnd0~kC#|GfYPoYOiVeJAc!j!!@aPqgy1-XFjW{FgX` z$CB@-zQr2&Z@~s{>v#<}c%9?F9B}Y<+W+YnoBgAAjUR{b>AvxK6t_*|+otht)A;wg zY5d6NU)?r-EbvP=NFFY${DS#!Jltz}FMFO^eth%x({Ud=VzS;BJic!NuMR%2GJkC8{sP(iU@vq< za_EA4lj;9w?@hbo$c+Wj`}zI~4DXyH>0DM(Tgx`z^qj+{s5VDSb4bd5b8J6fR3@ql z!%QFzAd4!y`@g?~z>-Vlf~+bok`f=f#Y(J!Kp-|mAY70+lSa`oS#2yj0v(;6b5AT9 zbT?GCm~L6{F~8U~6=9joL_1ajKuL3H#7lt84y)PwS+P;!199$CQM(Q8%2h_p8!@jH z^9H;vsJtTB$NK`o8@#&EDEW_)|0wy7lK&|AkCOi=`HzzSDEWVFlE33AFCBgic)04@ z)Gpc*d+E5&k0xx~b=#u_Q+zj5bnX+drdUNw5+l68n$Gy6hZh_JA8&lk?>2^nTry#^61;FhuOI-CWpIs@ zDABEEBzv;|8t^2|&pO6nL}M_by2qb8^P}fqrF?sye;YSllLw%y)BvAAV87!D=#i$_ z_%@F~RsFNnxb;JWi=f*4si~(XU%^_XJMlbX97q8@jF1yp-N5KSf9j(xKThacaHA6-zxYn;fV$FLY0~k+Aif zf;0Lvu%Vr`HqBtr$gLV@)G)ISOV2M*)|igFw)l{+@w(iQ&V&OS6MRqBK6*4Hv%=DA zXKZ>OtHF00)zdqIq{*5;fOJC>EnMzxah(Q$rq$US3073H2w14^YhK;@`i6P6(JVVJ zmsSkTiHh1XJC)|Sv_bh>cI?h}q%W2|GE#v(IGvSlNV5XQf2W;EDNJ(xF6z;zbVa=} z?~%2kpERjN>ZKY5zS^pr1h%J>(`7~sQuypZ=3*=LzC9&uyosuFZ@rf~5z1jQf~e({ zzQELNwRRxL6+zC)7b;a-qA<546EnTI6Cihs#oR8U8cg;5bcfOXVwJQYsP>eXK6dW4 zDIqjqydIDj83wKI7wi9FR;6qzm6DGH95T>N^e*gHb0bmtUYYL96}B2a$kcMGXuYEk1TRLKo#H zEC>j~kapGD?*52He2WD^Z*5*UhXBQ1^ z%QM@*$ts(z3zURMM)BKX6#Fnh&ux@KZ26`M*C>TF&vTSQ z?n??WAPMEpu1xK{a%Of0duGPWO!pynjE)#VBm>UtpymAuPPo&2Di<})Y|EbRkNq$v zu(rECi#?reA4hUO@4M{yyFc+tD7y)zHy?Ce|IX9A#dqt`=%NV_xTMB(Zo=^N?2>z) z*G_K24)ct&xaYK27V?v>U+e_-q*H$|AnEL^mk4f*Si%4eMHr`e;fgRU0Y>g68uqPn zPrXnoh%ER%bmKwGvVL+c>vs^q(1hp1qThKIW^5wYK{t9veJezv8(~T?=`2_8x~q$# zXZw-Iz4R6}floK|7BT&AJ~zmq?-&iYnGLFs1M7!_d=Tbq)cb!^s{V-O@`5Kc>SdD923txJP1B7kM_?vXs?ZY4CCZ>f z!#&M|ppH<+g+da#ghy4Zyl)Uz!9oH~Prp0;5EM-CnuwR-RbTz*>jC}#=c|2hURTJx zqEs!pUVtrv=oN1to(|e7hEvKG&-T5l6i3$DJa}~e7S_uXjekD^R+euH1*Y%L$vngvc(pM z2+h^W1--MZHW{?pK>~KUY`mo0nsjx%L>z=+EwB7)ulUZH5?p46^$6}ewr~9c9_|eS z_yDXiRkwn2ld7&v%@=gl8MM4wa1j*hZq_;o7gLpou@KI+@rUQn2eTa4pFOW}{doh? z0=i4_7nzR4(Kj55Y3W7zTy z%NVxy&_zAD))zy=B|*wecL>XaN(o4eMeG>O1dSKu5XCEbh?cj1Uy<1%TCOu9R)>hM zWEfwjaCV4RnjYtph(olZ^Fx#^J2KrAWq{=i<{DHrUWJ_RiCuA6RRBs*RUSCH!eJIU z581HVv@6Y7Q7>Een{Wrwgm58xpR(};rg*;s^eVw!u`bbu6OpdpBsl92_aQXHI2Ff= zl^eMi2S!5@U44|5gJosSpPs)R%t`$Tnz@w$ z+k5_Y$YNeU|HGR*S&U}Gw_1*F*z{`27_wO4^H1bnENPI~JWeyBk4sOi&+>X7wHRnH zCaBtnez|9_5@SGT_T@rwm<3xMJ;rwjG+VtMARV7ytX?+>$MCz<972R}lJKY}p99)e zQicJmW@Wt;HwU{#4Pu6S7rqJ9NF$}~kcFdIQ2bwx>Xx(hin z^zE-Joo|56`(Kx*&t+Q+<`8B?A1M#Jc#6*Fl`$AskVuTqDT%{GbmSiIxn}0&Y?@2R zyk>d5hzp`eGAjsE^y=~s{J__UtEI{MCE`hjg<6}leps2kBif`E|1iru@bRfarCcBS`e@*`d45J9i^1#wX^P%auM)D2A?UoG1xDn0Y*f+d{4 zMNjqO_O5XBk?KN1M6^x!Vxx~uaTW0pivp^=rB@u~l9*?k%G{&_q{%^WNVegu%UpGZ zldkL?&a#9Cy`C8~W5IJ3b_rG!y+gBBR>|}l(CL8Zfo-f3Or?=q3RM^B4gy&vQ-&*D zZN%?z1zl4pa&LFgAg-$92Po9+RDxSm@nlen2XNn|ZMLT0+)=TXruxW1O@v6GRe!Am}BJOiv=$!xCPgf07*S`*)J{rc3 zv`olzv8&g5V$K@?t#Cr);Wkm^6X2g;tlorX6RVd;O(9I#@Wa75>nw z@V`8t`~gqqCzE%7``3%Z*S{S<``7OdfA?Gc=U96P ze}CE5;B`xbS8WYmwKQm*(#w_xKm7LVM*XMFRp0#f?ANw$zx(aic76}jOxFhGOGW+H?nEUsQw$(e;u{IJ@wzisPe8poSdBQOP2?ojmo@HnYY&& zkIKAJnb%!LW!`2Pm3bq-|Ml?uqcU&A(#MUZqcU$)=JicyROa=RQJMF>kxf%ZW!|XF z>!>{{^ZG09oSLftdTqW=A7g5&-kY}jW(~enhpQ<4rP*?2`YSN>0`wQ&)2H_s@#opE zPsa=PAurfxeGGaq-4COH1Fp>AE3$s+^{i;?D=`QZy%e&if+A^_U_~xn?1yF`Re*C{ zZ(|}yNWDnCK=<9`?}YTgA5D5-_oZbyzMCmJS17^^&9scDq9utDUSP_kDl$t8L={T$ z8sS88lyTZhr|rDT`{&ke=l2#XTnyg<$d>JBzhx&VN^+@)_|z1pqGNZY!YXf|($z$% ze)bNuSI`W_WKJ28HVHMLTMS(S1U8#(((CRki?Wz}X}isE98*0%oLuzYd;KDH^&&Fk zRzppsI4f3VQ4L`hn_0qrwawW`uvDM37^^n!scK9rY9ksGrs$j!iEfvKA+@B^ZYa9N z5_kEoc`&TiCt_a_=?6vXr!MD z>^abhNu=K1aP?wF6n=4x>_2Qxh#XYS!Y-%PuBY|BpsCDAEqgLf`y1&HcaM{QiNKa_VPEE^t!El47TqT&Pdg$xTrDDy{xi8@TkF zEdOZ6*!-o|TvE2k6D*D!zsrbg8uiI-up{8B+7?YJmkneHKjlfDvdU7b>!hHpBk*!teW${ zpb~xbxA}}DoGoO}b{OL8j^AI+`TMITp6*oDf`yq0+rf8&SCk7um_peS%NDG$K&#iV z+gAIvaR#Ppl>+IrvLq=k6D^(*c5-q4r&m`SpBfp+kHw~Ie#*4+ArGrm1D#x)S6P;J zPO)_Jck{7N^lVMd3hQc*yXIZZoPd3Yu!Gj;q)lUQ6cX0A1k^s7x3{_F?NxvTiTHxi zfBOEt45N8s*~AnAiD5WFE1cxy5ZFvDgb1QXLOCn-30342edL1ZD}o=RrBazZJ~~=Z z<+z`Sr)kcpS|0(!L1($*LLS9rMUo>)7ZWU^B~=8jmLr_e2~3{>*E3Dy|M0xnlNJ`R zkw0vXt61F?7ediFESMD)z}G)%XkDINT^CUY^#(QV2<%14Td3F;4M57~CfcM43kv-b z7K2=8!dU`~(a^EXXDL-C6eW?$2#}}18fpPDH%$2yoilWbQ<9uwN$z}8KrcAaKpwU& zbq=@Qs99Dlv2rbYSvlxe8HpW)*bZBsQ4*2Lg@`DVir~20 z;D;H~1Wh;>%|oZhfUb+HRO1K2#u|YB*VQkdj(%=dp_NvIa1;?~lp-W0OdTSbM@xjI zqeWNx%QVG|&WTi0I}Q=@FE9VrWnFm31tMQ?nkD2A(Ye)t*{jDL1u6|_e6Q%1swM3* z{bQ8z*n;2|mJUeD?b36C5_&_9(E%{%#dQCrnYP~!I(mM3yCj0316}c;rb{jBEQ`si zC00lYx>)EV*U>dxqWW5T2Kv%DV!YH1v$2DVFw*tO|K;W1I%i&mpVha$G{>4s4Y6la zbPZUuW(tGjPqgHcbU~W4WUbe~#4Ca%PYJpuNiuOX;})+?kYlr%hB9SXs9tP#+~D;u zZ+|&9Gt|hoU@i>zoNCTa-wK8g0ZeUVW?YfEK`q5mw8U)TgKy7s&;)GW{eElu&wh94 z>jqY>PIw-a$r-TF?&#Omg?=iXh|Yx;@tgHpV;)Jp%!p)49_jmJMak{aEf+VGEhZX$ zC)SF41bUjI|A7DPye^}k8n8HMa33qwG%*WCfb4;n0{F(O54 z!-=@O6H4TkA?m&3D^O{z*XyVf>d|^bdS3tqdmiW!aVzE(r2@ZSY@^C!DLt(tU^1R) zVwV_0){e46)UtP{3F7 zu#okU5s)%W1vu7OB3lp-@&$a@_DDK*b&R1YUW6!J&UHPfIEO}7A>y@4Z5IB1+7&HH zbR*kTPa9J?wbhN@CyjrQd3uQC62JW6js98ReoOqriy6Uh+=_U@$t{a4t1s7B;Q*Wz)9q1xiWV+Cxad0`bAZcyUuKGhp z{TKhx@zo5{U7>6A5CxHO6bXaoTPknfL4&FXjX~U)${X8XI|%y#BJgd;*MCI(wtcx1 zw2Eoh*EDYTKc1k3uE>PScI8tD|1CQF1S_!Ahr{^a+PDB##pa1XOtOTpcQ`QJchbb4 zgO<;^XpXenL-{nD`L@vlu>pdQwkp8ED;K5W!dZqY+GoQRM}oAG?UJ(D`3{0A*Sxcx zt>M>P60t2s9iV7%%CVf$f8@mK2N5o0dP5oA^4iqh2>e|1n!T{Q6A2xvQYfZdw)dD{ z?3#*@2c4VaM)&N#fy@r8*}GuKir@qR*jox^5RSkttF>EPLtyucc0}UM6^uySg2aVy zPXG=V-ag*oS$JI|@65x>70nIbvf`&k%W!;j^gm|la+2pX{-4cG`#q4+7#?^KKijGW zCR#rfgK{7yEO`=xmPMG;#0ZI7O&|7<&9JcED_$_0qU$9o+{*OX;F*zs{vSk@0b)$% zI8S=K$t&8JC$fa2U}h=h^c>Imc+NLkbiEh=4szr7{k#=$9w6b*1h#boF%QAo(7S3p zcXg`|+I$xXOGy{ZXjqNMe}@tj8KtbV-l2$Rl*ENsQPo-3)7#>FG2hV*J#!3nI4$K*-7GN|V{U5NhEcG3Cpu;L$Ez&GSIU-&bn&gMEn3z8Fuu^Na4J$>+@1^KIUKx zz=$)W;|n>8r@pc$4$igJ`rsGzVdH(*t_Q~t?#BkETn}7G*xpz8LWlA zy~=3GxdhaK6!TmFlC}5^7o~KgdpjvciyRBg6d^IVrq>~Ayns9V-4DbiSrI{1r=hVH zi@-E+90*W5@+C`XL=}n>&GgKv*DZD~;nM6~#A9-ZB=h>-y9B7p&5SUM5ss8T#$3ddEt0j_ZojU6YVh&%)ipTj5@p=JfSMTQ^v8EN zk)5O=Y+G7*G^;4XQ{Ii^W2$j7d`vx21u?;p&k~Zt(;XJk#PK54*I1f1!H8D&YV8+19acol^nK(!n{x_W ziSY;Gi-mhCVE6!i2J#e^*@hZ_W#wDQGG_KUiUt5&v3AE-1Q8*)u;y@FdUo8>`y3ku znXWB}zA;FojBGq3XimTAYtcNKpb<`zwQ-*ZZtbZ)iLE+p!{75<;RVr$M;}w?DsH(Q zVg{BxC2DCyqRw*`gK$Qo zLq|{j2IfrWnI<+QcACrbx-3)#k(s8xv!ovwh$=~vIhqmY-)0dZrP4uH1LCg?ov^h< z#dhbQGJf(X%7uGOW9DTKqTjCCd%*~|9lsgK_!?WKAqKKhx$4X^n8io-M8eaNw!N#s z?}^m-oaJiT?8x3j!7bgp?BJ#w$)4rM9x2t6c@$9=Df@7tLhuTkfg&Ok#JsSaR%u!r zes4?Z3{7j@(5)#QYK|M=%5Id-(6lysw=JbBpZ&HC+=kNCXRQtrlMo?mPdJN#Dunky2642 z&wh;3rJyT@Z;sIcxUe`5Zo#=ZsIIqLBXm%SQi7RmV=tHdRyXqk0HW&9sESPw5fxFM zN`<|nju9h_X{WVY4c>$1XJiJzGtLvzC@i|*0)YhavQ)h>2!iXc6b+$`quPjqP$8zk z#yP$N`0^6zwnw(bdOpS=7-JBOF$l&O1Y-<>F$TdHgJ6dRjxh+v7zFn(&W!HuqkH=( z@3$V1G4}X(8hhM@2pnUOSIRdTgM1@`WJ@e^SFb-NxyPOY1KMJftLmTC_Fdl^f|aYy zpIZ8BiCSK(_gJErH-z}SqbTNg9GSWt(zGu^_2xdCGRCbQ<5rJxtH0{F)jrA5u=v&6 zCOKj}CYK~{H(P-mb&TdXkIuQJ2zw3h0kVa_F)5xzby>UGjWKFiMCy%QaO}0MI&)jtEA}dG zZaU(_SUbqU!7IX3Z!3{DqhsUB00W&R&uWq?UR(|%XJm<2v@;@@vjKL$X$=i_Hz4?W zPTRhS-3ft*Q2|4YICm zXP6D>*sCP(%0TPNc81!3j=d>&sKGX%?|Zsorc_izPnAm zjRxJ29Skw~`pV%{sM`eW%GY8F-U0yKmWpNoJQ@@6mh0`YYqT%=(U^|6Sa`50xq10} zG%36CRhgEzfOw~=xf#lj#N<49u|ZLt(H5p?SNg-^Hv)7>c>Eq{_~7}&!sPc!1T8`I zcMq5EO1Q`n9zNfd?ZW7XFy%$G?7*1Vt^~$d9|9Ls0>bROGJr;y5*l{jmAeeT?-y}* zVfbAc8jjyjZ76)h!t=Wlj6z$^CNylnDPbUTsTeZ5Au7zC^aQT#J57Nrp@8g4 zTTs;MPG3;e>q=u#s@0Xwps3cH*1(k^a#vTH16TH&?qKjN!|wE+GzdktwsZ*9dG%8K z?pNln?C{#W2Y`id=&tD!TnWEXworr(bKMOft~lI<*OhxveTBOA2HqZaiGy5x2e0jEAPW!tv15%C?85Fa3inyQYB%;@bwKgQx>W+d`bzFbgWl8h=_=b^+w{Jx>FGG^)r~77b*ip#q)xT69d+vG$lH=v1W&Lp z=b1hLjh{Mu?#i~Y;p5-i<6hq|jW3oS>cx^ECK5IPcYLi>D&N*?rORTU{rCDyrBa=a zS4w4!DR#Z(g_5ZL)i8 zP4g77Je?6?T(gTg8Jlv4cZ}IIO*9s*x*^Rv@O;p$TpBD62~E^3A#9s@b&B@g**& zTEeNm<&5kQKh-hQL9snuusEG#xHvdsGc-E#D3Om6`ByKI2ZxzyfOuQ%BdFKbt2%di=uK;=vGT=$@aaV10<wFIz zk`NpdF@cy5l(UK8KBsio>O`J6^qc4<{w#Q&l@v7xE`HSpu1;*y(?Z8HD}6JPMti>z z=OVT#Xr~n|Uc*2T_OfN5g%33`0sWl+;}$FL$6J{Xyc^5n@}F6yZcGy5=Kk0>ACUPG z@BQ}hJ2har&og9+LIJ;ffKVq6SMjojv;~3>o|{c#7c{xjX}GhwYHZMKViZOX6u%)% zfK6db^3#NV9pEyt+e{?GoyKjkTr`YnYi>{V_B(#@!%>A%da!u~O=HKgZt@wyacYg0 zS%O*HE%X3qCVUxI2r+ND(_pIfC>J3&e&|GmuVP89lz7|I)J6IkkK2&=KA;n3$!!7_ zT-x1K@d0*wPwNRLs;zUqi`i**3j(lxGw?1}^mrluO#%B6!?|wo|0dw=7xg&dUc1G= zdXNV(ArB4hZw}ELp6q>7Yq~3J%5XYhUNpmTEQpkkjRn|g8Nsl2CtoA@VBQaUQ|l}GCkk#|cYjm2`-99%Q|NIG z;0d`Tb2lRg{*DFPnl;~tKpz!*e|S!!)iG$FPDqb&?^@kC9&YQpJxm7g-2Hi9mDuBZ zK6_<0xx8^ZZcUxv?{Qvv%!leB_GUwZxreQ3mYN>o&{*)7p$nO+|Nide>iX~3mnWz1 zkI{es*T!!@K7mZwPkt-!9=t>Th_m}TQ1IV5mP!d6-Ap1FKgHQ@u&99jzLwJb;<{@E z(|8-cZJ1*s0;YLJe0>9xsgn4t3^E?u)^86N2r#^yL*`8ER$8z z`PRGf+$C&%sD=r+Jsp=LH&h8xC8&eathObP$LQe2^!Y*4ac=7?bi+0Q-jXP3>(vig ze;@=lAAdGIey#7{j;k29j=+^{KJzTn0GEHAAS@QOwM@{&pH_X)e*8oEpt%}^;aNg{ z`uN9BI3+(}N#YAZaN^RG{P^Gh)l=j6N4U0r+vqu_c)_?-G?Ejmn)uOOdvDKAe*W~! z)%E%5)!$FvzP&uVx;p;x`1h}0zuN4FGD#v0@=}Msqw`N!XQ!Vp&&oYE&M4w(it7*4 zC+MhYYY1D_>)9xWzr6kXr<0FoR~ILzXO$W@Q`0-a8}jAA`_vN8v+>PDSae7_ZH{VA z*lM%;35pzx&^W+=yWJF%k_-JK$7_xM2F)jwACl zhHbB0P9^Y~^Jea(jWgsrY-9m^&w?u+@#Gj?pI-D1@Vs$==9LcU`S)#8Pl*yVsz1nT z?^zHW)2(+*w_Xp~FgX2Gtxq{qfAQEBO9d>WgLb^NJ^VNMtx=AJ-G8c7h+4@rkob&ecXsXdCe~ zyAXU%lMPHU@A@utrf5punnVwkfy+|br&hrkx*{UAZ=8M>I3gEBP##~Ah_hH8qZj2P zrFcR_J?s{k$>wtssblnsUqwq2=Sg)jH)MSbPQ4&rPOAx$Q>=;O-ny%>68~PujM}_g z_S9I`>Oi*%H9qo~9HZAS>$Ju+`qVB)6;Z~%111_IkdcSBlOB2K79P5p(>=d9`M3{8 z7y9{*_}o?wlx7aP4jD$qvr$Xp`yJWNk?q|4KC+!d+0F*502;Z@yWu*Uw9MU1XFX(Y z)&50}h;nQ*_Q@M%;R`+hq36HSL>r17~iKtxP288GE z!T(rYYBHB}!ALxzLr zS z<^8qoZH{S@3*tnycbGb|1*#GE``JHoy21&mIcZpKVp{1rC{%pKkG|2}5d}XmD<6SM z^LnstlMc6D>-6&M{)^BAG!)+t zPLefcYtHI=kEx; zYVkBi%qqvbxH}B{4hdOHERpXV<2KV1?-Sd~A+^6BOlyelGGbXv#;rTTw(pR>bz}l- z!M?9e@myr9gAD6+&LET33!G$2{9@wYz3=s)`d+8aub)HCVN=77 zV`tWL7w2v>tigkm`Flf-{VQ^8pWg;zJTAS=yUgXHm`c>(^{%E`UcQYNxV1GpfEwZJg`2TWojNDRF z%JiSVb4bRS5;#)F736Dc^=7M9KWx?N^;WH3ZPn`KR;^yNwyK9OF0)LK!hmviO;aKj zPP1dg@eoo3djiJlcXV2=+3|X%gG01b(-k zPhY&AKHuMlY~I>%DI9yIL*BvREIZKi2|d zS@y8ZJT`Ng@CE;rvp6Bg=ydVpkCjgiOlT{PwX>wC%9gg{W>GAUYF1qiy;H!Una@U5 zUK=&=+Y1vost5RX%0<66oyq&Nmj;ObLqer`U;Fr>$V!AzmgE8_m8~!Kkg`RdU{U_+ zILe4;q(oR^`}=A`v~UbXjn|dYlBAVDhCCze3C(9Wg#jy(o!Xb$1b&@td`Eg9+Zx511`#tg3lS3AB_lpZ zYDpy$Br_55fEwwaF+&`ZWlS5ozk(2763Hdcli1>#LV`qm!RSAI{}L$<0|V=#5M_!8 zh7%Jt@DO1ZH}sz3H4;RRjdE7%6B@~;`F!MpAj;()!Ia~ zqO)9aA&+9RBFT}YiwPFdk}3k4vLl?)2`q>KVVMwamFcA@P{FW zNanMYDvc)p$ca>XTbsH*g$oVMh|S&=H&r@k=oF_UImMDZz+UPdlM}r;gLbni+G)9w z0e$UbJVF`3ji9{8( zu%~X&GenSUM7F+(!Q|o?SR|Z$mPEX51ajj%8;_4GCmX$*Lj{3Hky>J9Vm3;YOMM&^ zw`*OOCWNAd=kY}IaEJ>;7lxUu!9sD3@{~nM9+MbRrXkZYwFO~BGbC}T`y=1CSzt3T z!vKoR_20VL!-0v+xs9*{M9lSN?4faJuvJ5N&P9rq26W7$JS9voa!CX!&hiaqE1ulw zvmEnC9?cW1A}l68Oz0$`EdO$3ZVba+>N|_F#Zi=4^~3u5E1#%Q)SM76lh3vLUb;NMpk>a#*UVw^)(5IAvl+mB3CgSO_4p2Ul^FVJS<{kwodOz9H))b8BXp3LssQN~I~)Emg~&AsnUxs5PXgg5X#! ziN;rrw}d(D6l6{WVG%h>d7LLiPM0c8`XIv*2$3-&U#NupytJ#E*0PsU*pKs=IoIe*F~{Kbdi!J!!i+srVUZ8EN1%T^Vp;y3Wi! zX(4U7PsJ^3qOn0!Brg#QDIr)CQP~nIxCN}I=U27?!jYmYO&j!& zpcP9fW|3##fTDL%?T84ya(&C|4qIyymN!IPcV(g%(fxJuV*0Wkhjo$Gj)^Zw0OP*MPV5e!A99|xL@zohHUHc#-XU$z#B%2J3 zpl}voCi?haoqd3M`p46d-J)|#o2Z14--o4UhGP>sgZmyy0&}p*&Eg+*bu>?K7h_WH z9zv_P_s?@9EaMqp_4FG;e+&~HxEJpX$6bhNdLlemS*{#6&TACAhZUS68w4E~EW?>Z zEmEf|z0|1GOGh;)QS5@+kniDCkXXz7z_5aL+M6Etf#c^rW0)J%GlxzIR(yxM&e9}_ zBHxoYUZO0?7t{%w9aFhp6330CI4ddS;1uq`#L0X z6fWiz=}z`3k0tOwInZ>rH0^&eoRZ%T(9_!` z5diV>45YY73^Pr)7dUWjF!O&S<#-PxT^9 zCUCgomY6MwRokI?4sOr;IP}dHfN~jj-oY|3h&nx}Hhl|-fqia|5c^a*dpkg^nid7r zmXVh3GbNAsiii~@w@0^J+<+T3Rm+LNT6qMf(WC!>|LqGv#yY%bC_$$W4=Ozi*{$6T zgp{+44d(@V;dNyQZB!pa6O-E|jh4=)TDp}|9Ghzkv-Ja?S-l^*&@)@RWQG&WfIT-_ z(x_Xl7q|gA-7E3?eE#;~(evm(a=H&nH(X7b;%s7CVZ~D#wY1VLE(HIw4it0VyZR?$ zA+7Tg*xI!e3tYPHQFHiT)|&s;{N1h$I{BgmKH12v*g4N9XReWvtr9AML9po!5oisu zSb)u`dxH>qY9(w~>5$ly~)V z&%iWOs=(7^VKbTdq_sigIPMiDoakMGrT5-MT0o=G1@G=85SW^v3K|nomkc=Uzm(fm zTwy?J^7pDN3wnL>4D_YApOkg608JO-j5NW;IsF7%o zM7y<&M0+IK^)eFeK_Ihawp+E^M7VVe4>V7$K|#I-o%v1%zJ%lWC!Amw*}ThpuzGx` z^@$+8B&1A+eUN#k1t`gda~svOn9OVw@B-0$RjQ|N0i02jF&JUdJY0rbs=JcX{$L zIca+BQ7=PDR1hAA@A0SVJQ4U-l%A;+j&qT9-{H)7f1->_RTvpjwruh5b>%agbD?sE z6-m~JDyOl{xRi93z`4g+maHq|uPAnhrAzk!9wkQ0QJz%AxvJCQ2-0#^^e@YNHjQ{% zQX!Q83F$QD(TnH5fBw49C8Cp{XkdP*y}7BE%6@+G4G_8nZy5q)SD!7ZumA@$M_+n0 z|JHxby!mMdPcOSPfVy_ENg5WPI#t3OkkHjH1ewz>$o|ioVf06%4+a!IJ-ImVSO8EB z=cl_9CDv=W#ociV-nHkn+!MO0%TV(#+9*Q(WI}k4(x5pm&+z zibU$YCZvh;JlO}ka?#YWcSABiBb76KxMpODSCm^G1)Pb%Cl%2-y74uQ@S`ukn9hv~ z+Hf20Y+8V5r?O9Esm5{pR$M>^3rv* z!(@7n9lYHRh>Y+~*DK8sERUwO1#*U^B(Xg{;_n@AwDXKJAN#I(X`Kq2jfqvBSW#wQ z068tDX0J;R)e&u1Q5CO|+aMkyk6Q`9>n7NE%tx4VQFL&ma-4WQfxQ6q+`EW>5Dm6{ zz7xFT(Ngp5beozgBt|v_3oo=9JqB|3OgLysVY&~5B#A_q_ejH{uAqs=oh!41B61AE zwnHPY8YMta-<5@d$kn~FA*<8nhIG)ymLZ3#>@9-FMo2DFQch@(&uDTOvFe9hK%ibrGoq;r=m|y zkI+Q#SZ^IY*&vm6ujfO^ye1aNy(Fk-G{PbtQ`Q-vrDmuw4Qkh;>!(Z~9TnSXMQ~*i;3868!#qzC^P-Y76jOPFjQ&w^Bo*)UpFsP&Kr?_+siU8l?grsesLkp z=tZr`245Pv4~oNEbv$pEZh+60MCF;T+Cn-y`O!cgycGa~3|)VMxS zXuI_BPJ+X=T{O3>hyx`_H^ktsIi0L3MY;$q#_7w8mMQIs-P6z9*}$0l^M|ULFU>4V z5xvZV`%3t>+zM<~y%rUDdzy=X+wOp{5AGf3YI!xBgYQ+IA#{@KTZC>}Z_RKe(=BMs zMCyau={XUm03wd&hOF6?>m_kRq`6e)eZL|IgJcY*D{%hY~H2}fL)+27Hw$-w}W&& zo-k$T)?9zMGIpN~Q=vEL^yKK22zB(Hto>0T47`IupuE+88S|bE*sla;GUK9e-N=Q9 z^Wvx+CUc^J5)x&SM7bbWH#GYb5p+J>%yPcb1>_f)5qPSgxbb-oV^cYjH#F0N7oD#i z@Z7qeNC=Uti56Dm(3$eX_)rrlGMoqN_vN>>6RUFxli<;oq~ZF*Re6|3muzbT(iCK! z5%gbG5}*?KUz(&xOSHri<(Y2u3S@4LDS9E(NN7J!7DlwhhmBuC#2K^v@-X$nFce3F6#;0^$^bO)dZYmmmbCJJMn*k z=YMgdP9f=uO+WyFFyIYADK%vOvEz)O*&66gInEZ8qCj^AAAD1T=w@K6lGxxooQb@ zIc(i?bZc$jHtO28ZQC|iZQHiZRl8laZQHhO+gxqG-uLsp?|$~!J0qIO%t-!Aa?JBO ze?E3WL4G@{8zO?(EIWDb9u~(ovx;$1(&eq{9Zv$qm0&cV4+#t`zd z&ZLGa>PN5=+bNN#kXqpysj+B@;ti(o=~X0j ze=zp|f(AblC$8hndS_xD1&tIOUaF@Kf(`5l8&@Wh2QU&UY`eJz@#N!0jjSU=<~5|(IBR3k zwjAQM*@o0SrZkm6z!BER-QdrsDUN3x84@wbkO(%Tb5pBp0_-p&FoV@5nNlXN!2tmg zti42Q3hUj)vW40*inkcsTSSH=FKIONX>l$-tahcz>a32J04CIQq>G5n90JWXSLuRe zvX=pwOT8o-0b&-F=uAiSa~g!|weh|C1kg!9MO1dl;12Wu9DhD>)BqeJ(W?&@Q_iF4 zQ^Xo5D#}hZ{Y`|IC`=MvX;7~)09w8VC40>%%pxl(L#S+c0^=VpVX`<;*h=}6VJz)E z5|PSrp<}6ue>|0o!miOtT?>oNsj1GgKwrEO7?>=2JK)ZACRSLTZq!~CEi0-7MbgIL zH~f>XxnRa8zJf4+krmPLln(f`=@BDup$G1o)dpU8cbpD_9K|>8Z7Hja5W#di={sm0 zUEF;_i4htw@CXHvii;^8D6L^Xr{5$*PA!8hD+NDCvob>8A4k?8A$8@EG##-DVb(_S zz#}L}N@xz{&@*X^u9P$bXCow&hiMYmmu9wnb^;k*q;aSaLj!IsINg50Os~Y5)*NbU{WeoIf zbqG;;r%MgX{cT*HY>?v*ME>A9Nzj#h84_E~M2vL1g=R|k&QfKj%zcB;9zIKx9vfEM zCp+hqPba|iUjSM!JEvpxi2FZkdl+Kl$`j19-4Np$$yRNJRyRKOovz;5sGEP0%|~%= z-Vjgc2d&LDvdDgWtQX&$xguEd&PLQz~KOow*f`%Pu#>IThq@} zS3@tMU*^9|IUrKEKmQU=ujj10!)8nF6c~{~aZjI7EH6~5J+rYne@Dqr0On7$P-u<+ zmH7gp3V*sjTla@jL4D`&5BGYJ;e-TAwf=;JGH2y-vK9V1YbSvWD1SCDrDZA}f*LNG zPd|Xpib%)KbC*?~*Edas`v%0}u!rk7{J&&rV#|$O&oB8})i__Y?^<=?h!jF}2|tR> zhVBN7MmCOUqL45`(yVzFQ`UxY{x4Iyp;usl$sgh)-mrGl2_uf`I92F4F|#>B*0!;A za3xb5BNj3cF=`?yjAPjguSJrxZ+G*`)kfB)xwo`J9v1O4u@C?Jp?%B}UE8N{Y-|76 zU#^w)y{BJ zk@-0;vmvZ(QhcyEf1+?8-WxYaw5K$Le>SU5Npv< zyfFuh6DcKfGCF5fBf_5bd^(IUUK^*HPWLY=;wteCcG)TJ;8jwQ&age z9q?E|yM_Nlh#G1jMSyM@7n9m1X!9w8AR%$bc$p>5YJ&b#bpkLlL&ktxIIdBw0|{ar zlFJgu8pB01nnRd}rPP~gR(%XCkf1H@5Sb9v4QLA08cH~{9aTSWc$nwePBIsL3AND( z>a0@&tIe@m%$Okk_dblhUFz^WLmx9;mqOVQp9}2pA+YlmkNjKMsrK8cyqf~K4QfAT z_Y{nt#UGit(5S>WILc8U4t&aeB~+*sJqa<-&cgoqIehoIg7}&Us)K=uiXLPI8GbWi z;emPsU{6BO9kt94#GDMJVf3MU*mis95dkokjA_BZYU)}*54kJ+x+W2QA+^S{;_s|h z0X?-Md+8QrBcs)fr%oYTK06z$xLp~GW~;N9;nXZzfFqZFO)Q^zFEYa2k4)aC=Ub%o zVkd7oNGt8Mu&_*CX(?fM9Y|J&Xvd`RM0Chr3NA2s*zvsXS1|9YzX%3SXLMADhhWN? zH?mbnw72t(shQ#DW`EtW7`L2mBC&jY-PA5l)^-q?(bXVL8W=8o{w=K#?w{+uwlPg@ z{>rMuoOvxT*@^qpN2NOOyq|@rW=VMGXfiN(ZrACW`pj^qbl7ly3JvH!TsrUo5+Yxq zNRPXe$>tlswZDJo4t5wDz~wk(VQy>E2%! zF9Flb))YAzhvv7(>(I(MK}P?Lv7f_lz)l=rGh-w0$pDG8RI+MpAI^!{t@8WeA;36n zU#Vz7)k1sSwQY}#IFqL$?#lN1p}aeR~c6JUBhu*5EAI zJ`}R6C&WC}>GmWyD3rgTeLnpyX&7f1AictC3HJ@%+GF`;s|JSK&v9`FmOGNjyfQkf z3Yk34p(?~+4)U%|gQj15;YIqm*hY6I`USDM!)$j9_;LefzhkzNRdxGxTT*VB#|Vc2P|P>gMnq%;&sW8w~Rg8N(d>FG~GE_5?Wk6@Fg00jWSdhZo^$g&FZI z(Rg7(vK}O0I%eHs*%Dzdj79+d|07a}4t=7hMe~#)KBZ3Rny1n@_c_jtoYC&W`T$TKLBUPSF4XKDF<`|)~7o_#Oe4n7xn{rJK^}8 z&HdGy83t*$`frH3vfIHT%&X9YU@Fmz`^;e-IE@v?=kU2BX1TKS(`J8w)fovP&CvinH~aA@(|#swZ&8YqGV4({+vY@G?s}Q6 zfUYy(RP4FJn|nRXCrBcvT9P>h4CsA^%_2rhkE0oBZNy8KZVY-oyuC8WXmqRZJ#xVR zuR#@@jGVqPdiv)6nA5)+^)Ejic-{R)IEIvoUGE;>O3gr_a;N2)kR7`cmjLP$h)u2SF{D94mJMyeJW+@0&;sKP>-a!LbH^te`3-LZV)(huI= z08(>uzpD}Ez-X*sRVHBxs+_vcW$&RTYol{~OZ2DZe*A_`a7fIV^?}iR7JIRYo!*nW zctGnRE={_9TMWtF+-4=&z(UFArwOKKM7@c(c7pjjp{1$o04lbioLtpoNhICJ`M`*_ z4wQ>D;0V$->nH;U!Qfb0#Ju!|FDwQbK?W1rb3iwxD;{O4e!*wszm_54cKCXRj0S# z^E@~i^LQP(K^qNKUh_luY;2I)Iy%B!a>RDsHkW6;pyr{jSx}sZEKQu3r2LF|uqaP) zC3CLK6q`QQBA!~i@A%`KLf)?_yBA`~u35~KLeiA%ivJHLF>1PiBm7_zg35nkl9uBC zV$!S3KbW*-^@B;t3je{R@c92=(zu)hvQUE-+3E^t24cM8sLW5!{UzUANlU4WeKtc% z5}nsT-`(bWw(o(xCg-M|_cLCT^-zoN8bgouKrvlkayJsKKT3Bo!}_);{v(%z2Y%$i zH9%-HE>!|4*{t0X`t0;j9N6Pl6##_iSeyZhyZvP`l1Bv8+a<3Uc4z&ZxpCSoh5*XEg z%W&b)GVM4bVw+~x@|xk{rzCjfoTY&~d{3w2W&Z9Anu{L4iATMf~p$3qI7GRGpoq$J}c z5sre@w&u^|M5o@Z=||oL(5daekn}^#F~zvhXW~2a($P9ky|4UFmOn*=lob>Aqj0z` zJTUMr4Vgn9^gpj3nq3WD=nRl}))QEMu!;(Pfnre$JFb}EA}aU0JOLni^n0F!S2Le9 zg<{6JK#jo3N@fl^T}+`aao zen8&J`JWv&Xp`X0!69~j;!-mbX`&bkw;m+ z={AeE>5bXO()5*`M4)$$Ndm0H^($$(YjQW(ehvi_x2~7?#-aAz07C8-(9^yEkzAo))Slv;hFzYnp zAcW>!NKD1ieBII)XY-tG!PU3>?=JH4QGL%#ZZDYDsmzB^>zNle&fkyWZL-_d+&8$P z32A1#pp-ykZN;IX^(yfBP*(l3oYdevPK7xnZ?)Ybc`ws7&wyw!*3d1pgQ)xn%}ABT z#u%ldvr3BPBm%iwfkSCBh*z47b;1`Y6}(uGF(e#|yTvmXVmgp`Of!dgoQVU&NM>@_ zcaSDF7i)aB?X^$C(vm3=RaXplXZab-`@*(V9?+fkf#g|@JZgu^G3~CoLRuFZW{Zpc|}h#7NVh~a!htNAEiU_XJDh$>aJ1C=wFH2R73*2 z=Wz`#L9EKPu!+m*98`zpGPTMpK+KSdoyA*B&j|UCfYKqm>3K(xG&o84(Syg%=M$3z z=oDa>Y7^Ckj1bp&RMLIky}t^>#x!I^fWTr6MGBxIZCbf54-&Q*e65g%n6UL=XkAkoU6jVeb)VppYAJ?UUm%^cR%GG!$Or5RS zFSS7rn3@b~L4=6M>8w7o3U-wjnA2*P$fB6b!45EvkXoaU$1cFTM{VE%(UpP3YKqP0U+qZv8$%@%a7?ZbF3nBo@PQiKBfY^ zZrQ}j>ni~|X4ilgogQR;AO*2ZIhx3*Abv1B4fu>&1!XrLP@x993|&CIMUlhtyNYPq zEb3LW5z;Z9;iheTzKEfdNqpcgeY4KL2EkA#NYhUsJ^xwS3ejZZ+L4y;?P~6XF)vbp zTe!cJ?;%9o3S^PtkZ0clW=T))%a$IsTyBb5mGk7R$#?zgN-+$Do$CMmnuJ}(^Be3} z!~k1PLPkqZDkxzhMueY+Yk!#wiOVYzLK_L~1i7^ty668>W)9&JM=LOaIgXbxS{ZXwTM0 zWXpQ}Uiyux@H)h(+0`rAJV^g#>sKe+y9j;3Qf@3d4+FQn7|T%Q1|`d?c4Z3XT9k1m z%dTQv$0z1T)L zD|-wWHyqYTfX-z3`EapG0Z?^iDODuI)n&mgJlyXc<+Of=FT;6;jAD&HeL2DrX2CzT zINxVWOT#6qv}s!T9r!Xz^z!GCHosX+gqy8a&Yj z+N324#V#G~9T4Mrxv@r0U#~`ORSVzjif3$v{~()o&^RPl)cM9uoRZDIJvZZatD-kqCx*+;S6M$zB~FIK zt=1VH{)vob=*E1~WeLBAs#}`ME|gk<1oOuXD>FDl9`KgNfw|aSE=@n{YuGJS>r-uO z^OcVtqeOJyRF_n}EDsi?X&vg?SqEZJKpB36`wmKRrA=YtYSN=nb>yc|#!&oD;33OM zOR|Ra98-+oQC#S$@1dGCTdS6e*7O{j9&6e*S}MXqVMsRkaK2N1j{>SQJ!E`0f0VV8 zOu1z}RCm;ofyd%LTbW}w5;?H#%{RxT++9%wD0f^>q8sy*7l35lSE*A7B#G=flU=x)Aq8Blp6PFxM$9jkidUc=+9ezgBtMpXrQI}* z87W}F(Nav=mS%x(6cB;t07SAu+sA1Bjf z3}O*W$3NO9MP{0n#}}F7+s4N&MlNYMJ5b@sd;Y4-FV-HFb)P442ZcCirF|OcAed>? zT`&V)#1Rf2b}Dd4BW3hSUtB*;Aar!E`hXkvJw~w@rP`+%@wrClTnI|!1`<-45@2gJ z#qO%KHVtZAA!+k_2tZMqK-+W(D1+@}5>^8rGn8>ad9hF5NiOrj1TSZNsX^vXb1TK$o=o6N~yp>34sw7&!KN^I2CoQ2)G zN%EZztJ(ah|4e&TDv6HO#w}OU{)>SNutu@+Z0YDJS>tn_n6Jim5SLVN*}ECbshm^E z5iPd=df-=xHU<+8=WSbWI%7YS!}6Yx0!lpjAqMZ8oit63RKjFQ`-Iu)ik`wT zTfagu11kRk%|+~3D=P6W7yC=k79sU%fW;3{Ur!~kZ2P~+2k56ojsdlE!eBUsl1AGn zRK`y>L`mno$1_VjYVydGhqTPUK=L>ToetD0UK|Xv3P%-~m9gxePqXs0gn3vo>c8=`s06#=ASf_H>NxJRX?$9Qc#fhMs0WC<}F z_<>f<sLfX|G{xh=AOdrdL~Hi`LfI zZt{~n(oOC#fmtj+iix2jjt%dAU*YA`T#QkJeyozQ0M6j=lf#2BsoZ0<0f8>-=PNWu zhcyN`s4z$CZD#fGR;Uo}T{4R2sxu5MJAkz*4oG+`QUe5(7PTDssMuUB zU5GDI0ulq(n?x%&BD8tW=0L3_p1xy+@@oxgc|D;x8f0y!(GRqE0)>$5Jv4~7!%0>) zMSGzlCOHX$D^Mv4Xz12(1T^ScKh+QcO^n#Gj@nKzPlNQc> zz)Aoxz}*uH>xm;x+U0h#<5$$W*#xZUzHWKW8@leK*DR2(g<#^ssuc=&aWWr8b4 z&q3RN-hHKn0>^AOy&x5`T6BdL-SeW+*Z;ZF?27u&Mc{}KT{A7d=u9!lJIxmQuPj(` z6{~v3^Ep$TJ*fZZemF*SEeWiet8&D5UZ&VZ#rgut zF3_1&`~BmEF)V+pA9)d~e}0jW%f>2gj5mY0&T?YLVCR%y2<(Qadb((}iij^8AZ@3N zhzK#wB_s+pUq&MujGM8Y2pz%fM-iMCz?x`FaY@TW2GB?^Cwo->gx45FKES%&=@=v# z$09$h;wDbok~quE$x`27fQ(Sii~pMp^QQF$gJpp~g|EsSw93eCo?+vsR3vwq=FHTo zXnI9Ca2l6~z|%}09^3Gv`ee?~T7)2&%MDiWn)0>T2ul9w{Erzfp2rR+6vRsOuK$vw zn}%g|q8EDhOgv@PHNqOav#FeCsmu-Qc$50Ttq+);Q}ai(ETx_+x%i!+m-=OuM*k^* zxbiw})5nW7)7#3ThRy`73J`-80J9y{>H(vFCggKqBNAEN+i|4mL%q8#mAWiZP^6Lf zS?s<`_0XFn7%N_nXK!U3NR3qX^6n{>3BISpkd7`3?BS;Tz^uq=43Hg9s;gkjDQ!;{ z!j2I>Jr`XA3B+ED$C!nUoVo{#Yf}GLXO{KX$#hmDmp?SR3JhRu^Mx>ott7@ZG?7O= z*O4`!Ju#inz;LC^HX$PbUXk~tDc5cIzy}l;8a9yGReEDIp4StT=jG3hyjX14oDux^ zX&w8&+f^oyt5!4xBf3RVcwRfzBiRgc8o;vFDwO4mjSN8^1L|~rV8>z*{_%d#%J#Z< zgyC`VQg8|&jL>k13JSG|L=c+^dopxwipHnESIN~x7l1&fp)g=Q&^0qe#`Ya^xn*xX z>EN?LIp|$o}88XSSSgRT)KRn)mpb|*?i4p#rWBZKn zI(=O4N6rJ^W^|2m3k2t}w9Rg^)l$kE8Wr<7)P+WK<#ohYHJMEaJ4Q|Ilic|UY-zJE zad;fnbG7NG@TGd`_mm=$*EHHAR1K)cG^=;fv6J{uqZgfTC>SFK2M1Q7_vW|Fl4a}H)Dk{q2j`3nHW1M4Gnxnn09uKOF4PW-wSM&nY354F1QIOB zsy{-(HvVIduYO(U`#CIwGKN%NX7(dNx9L0e2-98HxTRW4#8Ia^hY6-fzu8FwQH6}# z)AE7)+PHq^;X(a`_L4Pn?+WWB?E5RK9kR(IBG~#cBg;Aka}(ja3JH5gw-`w=5h;_g z9S#Q2v>L0b+7_)!d9kHueYG|~b_2E!{td9bJclARL0)Rh73nLYnNrWRDwElhziPlE za?n}IvKz;a`kZc|#xn<>XmWw2OaG|j`v~4VI*AiZ(u5}<*=X}^dGjSus;<{ey{U2a z%()r>y*!5Y`>JmcFozz?i##H3P!r=Hhn$9Tu>nzhmg^qDvtl3DOCQmYW{=*RX}#uS z27_hw$So@&78QXdM7u6c6miuyT#MRw3JJotNgYh8w_R=8n `u)=Nrv8OC)_D`wF zTa#48@yQ@^E3H{45*f_W#rpIxX<#yN0vJ%rc0$9XpBURO@TeU!ub&WQ=MfQGK869X z*qYci&UuaDxNn!L%$k%f&S~E~!v`QoFy82&p`?+61;cTpduzs{fKM$M4*_~~CA{&K zp(I|9&a`_5U;1Ke(U^W8eVMfoq^o^+qjBPgNXDbDr7+;V?%yp@l<*hKM&rx+c)R>Y zW2wVQ;7_HDCe-eBM>om-;kALFG)hBtUE~ikjQ902)V2sz}Eo z4K+mO#`7IQ$+xl1;Mp{XLc-|mQCMJ9S}PC?OR;g|ZVRf*r{zK9)!sQD_ZQIVMs%HG zJi8z$At)Drx?*^wxJ@&CVH9?uHx4(pbVDxj+zdO&Clhrg+qfb#zGpF(An~kcm6}2$ z4s@w-)TXEm%iKS*0R%4|G(v;K|3Qy%Z z-u`~X)iVF88D>p0UKmd@UAVc6daPM0D>@!VJLOO#nfnlw%6;^=@_k%t{wX27;F@r@ z&Ytjd)g$3d((DiwpSkb+4yeo$vj;UE8uQ8WyA8>D_~f zK5OQ-X`Xu|X>0~%z`KbePlPrEp*tkV9VQ0{Eh`LpqM7`+++xHE4O24sZv=JV`WAnh7sv%wLbJrWp34i)U^4112y__NT6p9#YC0$lr>y0S^fAfYo& zvs{P%hb?Qi&B_OC40LLTVcX)SMAQ92i1s3E#kU+Z*=SU{F<`d^!svxY`D-#fG}xkw zZC7qXI30pVs;r1a}rS#B!6d4We6=Z~Rbtudpr_Bh^SnI)Um_!G zQ;{I)98<<#axj;7UZqfql+iYS8Msy7Sr}kO7y)8xL1v!N7%ir8x-#B6!4>szsXy{% z4i$X$>g&Gf&YLzx_S-P0giX zw=(BqfLHK>d8PFe8iETa<+IQ1!z;7cVya{{f#K|?E}sgRhz8eSU!sUxk*70ZfL&ZF%wXqRP&cMBChtXHXN zf0|wNla;9Z(J;>DJh6mUg`7Esq^n@jzxY>l_0HO_c;`0C!9KN6`D?@ScTNU%MTt7_DiH=d6 zVC(fc;n7-$C+3*kQ(J>JmJ=1JF3EtCMuM*j>p*?7N)eStY)F9<#3GsBQD=AkG)7OBVo1;WX%diLyI8H$<73P)ZP_qt$g7mnL{9}zR>)NE zMKzE)h<+Er(8$;`hBlI%Dj7xotkp-1Z&Jxy^QGYobY+lB;R1M|5{!#~?7if9W{ZbS z(=g*n7qA9zazvW%shrDhgJpQ$cr4|lN(mJk9hH~zBcrn7)xMi^-?69a*H+oyXx}z= zB;JsHZ#MWE*~gdgEwV=d@~j=iKZfrtU6~J!8Hlr3uC^M5bTQ<4lA)sKi><{z{fANyh)<`9SW(^Cdz-UAVyrV;> zY@T5lC*zv-`4tKhfPs>edJ67%zif9Wyt*-tbF~Efr~VBJho8{!*bGS#|27C2|Hk

8W4Wcpp0-K%dLe$Gk9J-QvecYi-j9PJgiTdGC-6GxVvcHMaR*`4esaIS?kH`# z+?%V5xHH#XGi{)h=9^KV

MB8{!Ro$A>nQu7TrgaTMy6*=DGNS)Qu~^V0?<=q#OQ zBcz1GRcLs3r^DR$RQty>4GY$N7kbqjC+GmyXQ8?z$N@o+&J#){LX|0_%c6>GJGQ}v zRSVjjj$1l-G-OR72_&y$4zu49^Z7Y}2P3I0J5ffhM%0eVzN0n4s5++Nt&raze;-P) zTy=jxnRHnTqCokOAMP%ZYX6Fn{*hsHYC45s?6NEu{+N387)sk(4&9 z(+&}m!Nmr?MLn*D&c`GvkhvPRxDy~)H({u((3EXW`J-_k_5$%`cAZ^Quw@etNg>?la zO*NMlO9Jm0opZ}Jk}vCTcDlUKv!qg?2aYT4;33lMod^pfo|-qG{c#)RLTjSwpBxZw z$qSS519v?3we^a6^lMe zH=WMejiR1mJE;_I)UJ%D;yK4XUZgGpmsk>i8*=?Rtj}ku_#$t)xky|o@#FA8zkoq= zsny8$%U41Jj@Ozw!k|J*-3{$CF?^|IQx14B;<3p34bL!z$+96gY+mgATZ=Fhv#Id| z$z*XYH?zvMYBh=<;U$)NaXrj@tWJx>&>H<@Ma@0qt@cmXHi>IgOOm*QH+I2bWYf`} zUH7>6hztSCBYZ8LX2amogll7kF$}(8zY5(ammMi^6}lw;gX+wdjAI=>ECG?S7ej^v`oBq4i=JtLKW! zMV1y|(4logMuROMLLkvXt4d=YMI!`4WMtfAkhyX=$fgPA#3CqdO}TBl5=N`D;j3zi z^_G%AcA!zy1U<_UkwZtLY#DP)GWb5&d#wz{v(z@L^OP9g-Om97IV??ki5IE9ovNRV(jJd@oubwz%jbp5Hh{lne;6#VvM)c9HeNZFn)y2G)HUURMpJJgdY z<{DCjU4U5;%-O z1Y1!?mmm7m`CoQCqkx}ceBSmw!3zyvR7RP*_JgddCb(?_zXj-QHTvyVmPTtH{6u2X zBF=_ybkIr;^CXW#oqRTlTf2%_2UTNCAWjKE#p)Y~(hehf3!6&scXJuZ>BR)$^5DHP z!|I84E2HX0EGw#FER=~~SMV3TQ+H<{ZY3Yt+pEGhAj~Td^S#bsKBlMImO;G*yZt;O zyREtv?Sx(=UxGK4r9uc?4S^-?Mt0$*#iLiTygviRCx51BU67_3Zp>HcHvHChz2qHm zoOSvJcm&e;O9nsy2bSAyYnw;LB}UD~=1}p_Uf(Osl5bYELh#slUT=B@y|jJ=>y=NU zt!ty$hbQ(}fK|qIyMF;Hh~wk?_iFwCKH1yc0Br!N$?i|-X(z*Pu~gX9+OGZRKG0z# z&Ze#_Vq~zgdKb9I4bX?2z(p;9VPlNE+y%f6CR6(HvSqy@DFqZG!(O%Kco+AoZ? zrIrNjmhtj#>Gjc*iQ+HEP0`v;k`hE3dZM8B1~WOo?a4E*sf@2o%!L-Nm{3!xogM=;ts&kVVJM4h9WW6Ik;daiYGxUmHhWTR2J%?Sx9>W|$XKc*gPZ!)gDp*Jb6q zoLCyq6thhO3%zs~+49X$=HDnya!}RwN~m%a`%>f&lqvo;tjRSNL{m;AYDwM>tRAdp z;jVSauPn_vyTjEA$c>Z#*vQS^2OFsSHP>m#ZmiQomX_Q~$w9p)-am%FQ5Mm>!DMVD z3gDO|n7d!Y0OKuaRJ;avg_Wx=To}I3}zcnIF~(Vgm2s8Unx8G9Sj%upf5m z=nSg@5YL;b*+CsRDy;$*uXAizs`vv0bgpV}@#y&kL>&pfwfW(f5no>N81bojEJPiX zeQ@K%^oNJLJ^k+TyCl~Kf7oXZ7ldelOnJE&bPQN0q^4THpzXB z=_Qyx0#(|aGiH=H?s~$zIE8sU2>X6Fd^@eUa4Z{QW78jc`Jb}jjP8N)l;yyh#0{nf26gFG8%6A3yr(?;zS?7kG zgHHQ8@<`E%cxgNq9m$ow@{6A~jeyxS0ra(4Fsjn5Y+sF!218!0?J02D^!ZjtF_9*d z+q6jQC3AhDc(j!0l28qXr|IsB@P&-sK!+;DjK#phLQbMkQRYOk&?MumwmFsMMX?i~ zq1BifcgmAztt+CWa{^Qs7PH@JJqDC1Wkm2}o`za00?r`%nfAt`?xo1K=M@phB|4T% z%ht|C1V-!lxq8!maoy0#3f9NU8W7=fo|$1Vi65(sK+W%S#Sp96=*ehZUg?ziex+w1 zwg5331(lVz%@3A8U>XA8$-RF%Q3Q>S%V`Wowk)rE%^KE=WemzD4U0c2GwOiZJ3HCE zg4kumThU%V-2ddQ)VsSdFh#$kXt(JdYd(!Hrn8xVZz{m}mQe|A!#dZB7hp~KZ;>-)Z zOb~cyeyNEs34hA~QEzwMd%fxM*`h7i&a(>}aN6Gwj=&322=s>{zjjRE>T-uZNq@DM;e=m$T5Fao9{#! zJd?Ta$H?0~RaAdc%IR7?&qnm;=u8f>^TP{MV`^+V5+3aH$?)QE!;#kA>}|@$j#6v< zGou}DcEV<`Do&;ZvCw6{%(HR>(+QRvcdYR#$8FX0-|#duhn8b_k_p6Lo)~=!zQ^B_ zX_o4A*n?NzUbEg5DP}x*?@^t$Mf9anY!9X|_)dRIySj7dBbqS%DXk~)4*Y*oVZ)Tp zvpAq`S%jCgHqx)99U&KP}_fOHIrLKF{JTjbF&}Fc4kKx5-hMIog zJ>Q-`I`z*Ndkuc|^!Mvg$=KD>(BaAhJiaX*d1AxO%-8Mp)<%zAX{rd6R%dXSM3v0bVM+G=;B|S-cjb$;=WX3PfxzC zeq3Llug(ok7eo`)Cc}wKm~9z8@yA$w#g=xaf3qQrpPCXDU`3z%)BeWFUN`%b3jIQh zGBv&1I5y%~$jIKuvm+9?YJDt(ngEs?`__AUtz=tu_YO@-W?_n7!))tnz5eXAH~`NO z=gK|eZ*=h)i`pM+_w4L488RPl$!65@Vm0p9C%10^>TM2-4z)-bt67QMd5D@?EBa+F zrZ5HbVQ_U7eC#~Vylwp|k!&r|z(jPC!)GHu;=^F`6+<=H<_fd$antSfQGE6`vz~4F zCzdf;Ux{lF@ff{ROfkd6*YO3Mx4fncc^7NYJBgvm;CcYFMQ)jU(EL4dRMiS<1Mhx- zpMhG=cX8ELP#YJ_ zH&-v!cgVTf5gsuCmiIG)8g0snay%l1zgiqWn-D1eSn#3K;NG2IY|umy)FtD_TmA|` zhNX7mCSo5|j5~{z@y*t@Z7HMz_Re2gl&S2K9%o|-2<5ucW^v)roAxTwvAS(zKxlg= z&;0W{`thel(!zLeC1NThYf3>#oS8J0Hi-Ld$1%2`(*7rE;lNyy?xjfe!OLqWFn4*X zy|((Ii!o4{c`+($JERsn1IXm{DAl*`PJ%&JF`gR(3BDiQinH}IcTrd`R%)uz%0$dV zmEySV8lQ5;5=1A3b=Yko(zS84yksjhhE-}qS7)p#qq^e=G2U*wli1P0$-~!6<8ANc z0)7b}OJ+p&+Wg1r^flvqK{XU#Z3b%XjO8oDl;_ioJN9NE z_d6_S)HXNPiEIad`tbYB%3!z5+m9oewyZy1@(axFlfJ&NjVv-?Bs$A?nkAmOzVKVE z{4N2yjG(%1Q8S+@jcho~vLn>n+Ug0B0IxM|l#*Ew6B%R!q-F4%I@wPNKheTq^d^|4 z#|icwN`D&uCQo?(+wmsXp+{tF1VafRKUbu-=9>7~>Q-Zi9&b3)Hd2~ndC(a9!Q1gW z!}Kk%yDAbkrtmvb2_*WLf6S3%pl)Woq83mW4$Gvd(Tbj1q(Hyhh=ibt%i*4TY`mf>Ki7asHq&9Te-Wa&tRFF2}a;PfBb|t6xk(O zmD=AGzqb;KX&NS`5GKq8;_;Q(|9n*?xgJRyD00UN6{N2_^VOSUl0jeN;PsB+166_g;FV; z$of=iXgtzc87!0AXRl8k`mtLJAU2L@_PA?JKs3V_dKal$oJy?x?G8N^x+)e>218ba zYXqSUZ|6}QlH5EF+P+&3`I6TD}J zyQdY)nF)APK*(j#vV{SEatc(KhD{V_Gor`d4gov)mAk7oikPaWMuye+lKJ9;4>j`4 zmup$ZA&-HC%Gh@95`>7HR5{al(55~^Ur$%@T0|!3NuZl6+ge65BOWd)^tOMo;Z+fj z)xb`J9~utDMfw`KAO3wW$IDv8vtAF8Tf$c~8`(PywR{H<$4zP9GumX3K%;}i2y}kR zo0I9CtfWSeag9eBLgGaK+cN7bfDGh1ia-aW6ljXk?kZDi-j7g^lxFBJr}Xc^2FA{d z_&k{P190wr!asR7?(%c z)=a}`Bu4CAk#uBIH_h>XnU^$`ok6#v5Eh~ZZw{BPQw!3aCYYc%a&oUS16?>znkMpV zHz^v$ZMPR-rc4(YCo~i`o8Zb|5~Zz0x9J)shHfEVI&V8-vpwH*dUqs@nlN`j6#6vY z1mX)z!S|c?2-Uox*jGC8vTi}6IPt8F*+l-V!_Bc z$w7fTYws#RyP~_dEiIQMy^-kw7|iG8?C~x-%M4St^-&$ufO7Ah`j{I;iBTuSI6PUK zVaz3L&zcuqks)s7ge(h3WuXlZH<4H++&F#X3z_U@y7f;#-d2PTyxCB#qSwz#uhbfJ z*Ypg>!ZJ-2bYr{N&9T0ZW8xakmVU%=QFx3Nm;hnh11#uteX6B-sBq6wz?+&Nz-Y$a zf#f?jln42m3{w$=VOOU;bmlv87(X)FzoeyRcSWk4K6&_Z$zbk)99 z&D3Qveq}>eTevejun4leD2En}>iN$!zRM3-nGSpYG5UT5fyectAhC zS_R=~2~5Bb&I|#3QTEFRuQ$$glcp$!a#qBe&#S9R5O6cjLvxG{%X z6Hq#7U5we7$z~KlPa+P=NmA{6fh`BhNpZu6g|bEQ0SmptWkVAo$eCdM(!>{_CNYHz zL-whDq}H=%-hb83EYJITLG0N$DZg0X;g7y84~ft_(`XEhMNdSW@2Kiw*}H%4_&*Ev z9G`y|>NRDr(crV`Gi@N4ekZ|N)}9w4cSjOoWET4S5kj%T3+<}h#el!;A{O}-rJ+Et z^2rnV2~vEXK<@ZK|9G1PtN4OLdXm}y?TnzjrX8Y=!_h#_sgN^it4x)iCQSZzC zYVds%!t&F@{|FL^0)*L@J-G!W*bnXbNn8>>&=p^_b~Mz+?-#*U0?Hh0A8+)jmVYH5 zY?9}9m(WT|Vu5*^7%NhI&b$8QvCsKlznbF>4xxbUZOQt+;!QN#u&=s?_tv8uSChH* zAcY5SP_x3uT)^r-X;L*~O#t8ob#$<%Q03|V<0Z(Kx0u8_gZN$0rze{qWI%7v3`jZJ z?r|Jn)ef1gXj0$Rotqp;5HPSPJSngBB2iBk{y?5gOcXncrnQ|&!f**3=1|F&VlI9_ zLl`LDT3@B7`d~=;|CB+3yEux7h|sB+N2v!w!W87fW|mphH5iE6LDht)l{W-u&e5K{ z7A1R>)kxbbz`mFg8M?pBK^fhPOk5en>c$ z%UBqbyc7(tuBPS=OH(O9S*o`XZMnzT&@~?~!Zm82c(hdbeB~(hYIHaw?kNOn##)wI z&ZuM~i21WAFZR+zp0OuPM#AL3<^mxX$?4{P{(8{Kl@dM)FpOx22GgW(etAcxLUIJ% zVT6m->1=JvhryY8e_1Gear<<_;98Q+(RH=xJKGp0)6n!jQ--#aAL#M@&x-%xT38uk zD5*DKMq6e8VrS{fy_O}f#~q|S%I+E;p{NtI;jCmjJsIz_qSw!nuG09JymA><>;FVO zxxt_;%JUlqssZm-S&+=_p-a>F5yAs+Yg2Osl~OP(G*3EnHd(FqH1?3smaKbc9N^GHs`-e_>yli+hOer zZjI=BlV;_?W41zfGh>ZTyVRejI#HIf$)HhPi<4!9oM${2d5W%eeIhN=xAnvsqDXFK z%I5YK1gQ~dV+(KC#*Lr$max2KxS34j#)D2q`|k_Oak%*qa`3B<_5dw>fD8J5UGLj> zc6VRE^R7g%{rAKp_d*6xf3wgt+iDd_RF8Si^vvh0I+Oh#ok38fr3rX%a15g)0qXrm z1JVnXqE{rjXw0jy7I0B9c^)j3l}SPmXu%Dw%O#y7=*|OTE%nhgrmv@)2nU8!c|g!3 z&}D3NZa#;%WHK(}&4CzAjNf{o|3;xjsKhIxKl)AP2**XEtw9G$ooGHOs>2$}xE@E? znuN?eTX2VL#R!Ps&37vw01bTVo8LG}H5->~@c&qeMY|?QeT#p~2wN$yTR&B&9g2iS z2R>|0OX;owt3cVQDWED$*rdQCj^p~LfDh`}Xuw??HzO_3R6uTz4rueKW{~e3&ei6# z%vfwr(douIn?*%j5(g)WrulCHA3hllOA-6Fm{w2RjDSpDqz)HKF6U0+7}7bGum@@~ z5Rc6&#Bsdro9+49{I^ub;-_L4D{8G5R2Q=^6cHYr4eFR*o0BtXZ4G%fkygssLx-zz zswF=uzLgnxt8k3Uq+uUSk501jxlf{7p6mYMSWm)*9)F3lrQSg!zLJg6OG(JC-*K}x zD^%X-&Ov1OxRc2Bip$HXWk?uHijwtDVG#mXRqw>};aa|*&lSwJJiQK=@lPlLYyqsk zOuV!0G&|jf_}$o0SYD0Q7DQcWJ&D%a)rt*o>^=mZs2Jj+uwFx1Hy?>hSj=30xdgTg z#}M5pfUQCR(-8soJ0ocZ!zC%jC;s3Hd=w@KW3Qj_2|T(597}V&Kh7w1@}@P+Y@|_D z2f(OV@!kmVCRp8z#mesXa&5bKz9ImLuWy&|UTr^aKQhvpMp_oaAnjOT=2Vc%I`(MV zO*PW6_qZ_0f?O90l+G`dfpvZ-AXTVe+0EJ8hJveuTAaQ%%?xKjGN{2sBL5UN%{XD1 z=Wg{l#*}7~vrh4lOq@bEPAg>^7PdaLMUj5T!?X1C05(mO*osTC!*um|96ToRsn}wge8b5EfFVA#uWkW#6Y^%hrJeL7~FVExw!G4 z3f~55e9T3{>FRgu)p~=fiw#3`rk;OhUe}3BSIjZrHm4=`vd_}LV`0X?^}MFWTG;A9 zwl6_6G6L!IN2kvG(M*O9%O2wUfz0oHR;7~%0!cD0ov^8<6~1^@hSEN_Nh8#5C^V{9 zJJ0n_nc19)px5`@pLsu@ai3Vx1~ei}G*fhks~J`@3OHiUsr3+70{%5b zKUK`jFJRxwL1%4JvI0ezsOG4dGK)O3^G70MjEfU=UT+T6o4r**h=z1%C+ig6Musv zi9F` zt>6`)rE4h0-zd{?D|MUQ#V1N%b-xg!E?t}urc0k)qOLxVR0}I7czHgC7DE#BskZL0J6F6 zy-~!kKf`wsYO6=cXI3PJ;xp}g30g zsR7E#G$VXfqmX7UW7y&@WQycjN&#R{#3>cm695JU90mOk1_e$7?ZI`bwMSV2)IW%# zoaCJ%;1#FM0Fq}Y%9z2;ZGgNx#0L=Yk^k8a_4E8SIyaBQjHNiIJHiI|!s&eJ1b ztL+m1xj|jE#n@)PZO<6}R6l*KX-r-6RC$NVYag8myxA|ed09hFvv+Y+;~j)M@&Xby zShjfz24&{wY70}TPjzrKsp!vDA9}q4pJTWije~1tGXr0rEuTKvPCUHT))P)9yT-+Hhov!DW$)E$K_@y@6wGRDA%eIqUvtvdGa4! z<2>izl}|574` zYCd^}@!49K1R^0w2a+>vMs>=~NjocIbVQIohBIxCm(EEi_T%>?q9(b?{ZMmn z^hpIZm7h`3-vRbPa<+}NOc4YQ;-^DDl*;`;!-3C8yImKrN6P%mQy;3I)ofFi<*2Hf zJUIO!W9q=f(X|%ty-W@%S6$(0aodf8qOC#dwk)E@*=vwfb5T5%e}q>}Q5}l#b@_f8 zL>u`qY`=tqJMi{BvcQ-w7peSRBMs+$bYdwvnQOV|tXDd!lxWH`7$Lny#v_b|?z(cm z39`8bxEf%XP5ZvxJ@gPU;Q6!MCi=P5k_U$g8NPTN>xVhg0)m)pAylvVHAiPUOE;9~L$G>F8fG^3gIJxWJzphD)$28w=l3O( zi2*i5%laVAs&bqqL&#=zD~_^Z%?Sb8N95qMAkE7>G_JB?z+fUki<M8G)p?4_r>a za$z7vI%yZyi{jeG^yc@>7_q#n6O6SJG1rNptrJw|N{HGh*PPv2bU%|r@WvTp+^iLsj4pO2LDyn;W~^jhh>*cT=-H$S_8FRBu0PuqSWfb4mFLBdr&mayRBx3Q}`i zBhiA=|3nn$+pek9zoAz{NL2I_^Z?_~(c(p?KUPAJDM$RRHgBCl!hIy_=<95OkNv}} zMNnCVT0f`?3j5dhGBlE9iGTeHXgXp#5Isq4dx3fG>fpsu5oI!$f4ZRfAt+z{F zF~{Ll$qps$^5E+5=d)uaW_`jS!6s~hv7Vo*6^__R%t^}2haxQtAZqDJYJ_2`}RF!)6thV%dso}fAUMZ~B z?zLa#6lR{JF|tNf;$|p#ll1nj*(n5*0z`-1E~hCHB8v-ZL9b2djw3C2ke%r8_A6-8 z6}ab#AA)@*iqQxeecC|4}V40D%SpB|x+#jqt`A8yj6WKXp-Cmnl<5NBl!J|J^ z>#F+k76fopGlA<8Nq}mN55~x5 zJJ?wB^^bH7UlWdVEY^hBj~)WyVRpVthIFd?fMd7}nV_mX6z|1dB>j+qc~yx+X}?sa zzcj!>KjFjza?&Emn7pm7C=8%XlwrSBhCKha@Tr$|fP$+mBZ|85yo3)N(jYja?vBl$ zSZ3T|&X|u+>YUYhG_U!@@6J;zm@(qxO!0WcdYbw++Pej^W)2HCbwwDP0}FXix^`1} zM7nlYd9*(NBNr3#p5q(CQ+ULScUhViF1JuTgBypFtI()7125Qe19)?ozVWr-)wVrj zE^Etwrq;4vLa3rgg1f zzFzt2ma{S$!=>2kk7F6u-qj3L229CiI!7lIwZ6_C!dp_0vzjnS$JDj9j zNbpld0-#E*?K}0!yu@M;m7l1+FBiC49}|njr+DwNmRS=Avd)*7K8e^xWNDncr28E1n_bcwp_PE=j+oNBtt_llM z>9=XXQK)~gtFVhpF!m)5MYnLb4kxkBs9eUuv^g-+6?I?`r%29zv^MVXnpDPmFVFjZ z59Eu!G&TopVEU;-t9v>1K165-oi;G8Vcr)gRv)*WXzMdGg~CezS!61)O;uzRKlm0w z-o%jAZ3vT4?GQqQ6)S{C^n2U@BIlwW+R!i|d~8L-5W>}4O1U7-cFczmCBeW=j9KuT z2QQIW9;%4*zyanJXni;w@g2}%0X&RwA-YI>UWHAR=#NNqw@N4T-Bu*8v0~F)h9bk< z`u)_o+hPgDRrk`=c0b4tlzgLorqX5S<9Z|Ok&sX@F((|I-HIw!2-Dt@m7aHJ>`lWg zR64^z8aZEIpOD)>2@0h6l`fAVg67!ZT41bRK=_xI??AlnfXB;0VDCD+p|7I7pvSIV zw9rQ*rS0yVFG!?~K_2@yNY;s8c^58Q-&n28oPL+5UT1H2 z#QC6654mNiN5M42ZRT2_%Od=BSSep0=R6?VG2na6PI-^KZvi77K~|oRsTX|#@I}i9 z$hr3F6#_8vz_7G}jWVz-C7bmkbwi7fQl(U!1p;QZ%7inp~z&rz{U;Mt&7pN`Kz*ta)o zA!x`Xakwc?hq}?#FH{>QLpuh6JhxlijMh%0EuAXM=H|w=cCG>#hD`4xEQ4yOXM8s2 z`-5xilctii2dX2uz7ZM}>8Nd6V|dCys>jB=VIpgoAu*}=e(R21WN6R$_0tt$(oN78 zH6BED~~)&um$firW|{rpV5{v z^>Nn^UHz1j#uKp-BYg>iLavq~Da;ys4ss$aN?vA&dr0#mMq{Cwftet^mbr67Yu$7z z6T{pW4gHhey zdBcYO#-A_vX!KunI^lISE5UCw&~bgeJFLBy2!E;9(umd3UIHxYCyw#FrAMM-hNX>|V`%MXj++P72+N>mT>)DS9H98SlMH`Q&@*Mp$uTTa9jSgIJ9b8;y*7&Q_R@0yQ{ ztu^QyWnDEyy>1#w^WT7B`R~aVrI~OCP{-3(9|E>XQ;EsyXLa0``iz@;A`8uZtUDLS ztvW#HN@A3&uLbrRsfy=C=W#p*Z-u6r7MaMI zCK?3+_rVe1dF@cm4^|0IjDVsPjl^sgOtLF3vNU))cy(EHkYIC}%)W_RrlxEA#eC4) zOuMIen2|Q$M~x#FkIoiNnxCRcPe%? z-s7duFV6&SQ6+rFxojbZ-qSY~_Wo06l)wFl^-fuEW0pB=oI>i#m6w&%ebBC!>uk#9 zcjgGJ*_8QprEc{W!r;eg_$I$WniD~zqNU99w_p6w>Uk4G&-r?>ZnlPubWl5HeS-x;Mxy@$=~w7ylY9)uR?#dIpkv zVY2t5^%EAqYGirF(vb#r)5`u%ZXe(Kx&6UD5U=m}$C1QnHlMgMKdb{`o#$?>b#db+$A--w~u!4P}Z^*VatXaFAmkWzLMR5XS*R>gis+F5K z3Uyktvq*(#xj3XOwN?xoF6XP5%m$pn&z7$^jy8c)glmr+Z%=TWwoIbWS|O4|M{-$| z@UftG)@Eh9r(Q%W+xp|-M>m-!57n-kTtz$TYbsRbq{(ea$>t8GLX@sn%>!m&wMjG* zLWSjUb({=k$5d@H0f@paV$T7LltK_LYV30M8?89VYgKxq<}+Sl59AW$7?-+WDI>5M zS;|jvr7C2nnc?oKYr(!3nnJRC%kSKTqL}EzgU~y8^7_)!wIj*7A99`?&H z*xRUWZau2!bl^IvNh%tOFEF@U=6_`-Hyd|2Cd3B-=7`b&kjVR^#Q|-&jabMNbNQWw zXV2Y=(@CqJUP0zL`uUy{gS>toFB6oILuCV#vYDGquN)c4-G(hp0WOxZf=fl`&-^u^ zp*8$CFwnGl*nBq7?2S#rA$dae7RkC2wrt5zB5A5e!ml#8go436nQ$sbS5d&xxq;_) z%#)@@n@g>Sc7DW1a?jazn_Es4|L}+qDuzAT`A;s$*4pVMOu?N zO;N!sbZOKbOFMsh+6d_EnuCfVAhZ6r)FdIxC}S&V2p~2Yi#Va-(G`pah)uSy|BX!w zT_*2$?fnGACc$Rpy)cwn_q00nclOs<@~utVFS97Uq(F(Z)S-NPIGG1X7!Sx-S0y)M z#bn2amxojcm>J&jno7~tP?U|FsDAbVgHoEKFAjd!CpccyzsU57P(j(Tg$pVzTs>g3 z^U`~%d5U@BO4zvR%M`@uF;4BK^jrZ<<&|%6TEVoXaDm5zVI5nRS1XW{hQkLp`^S;D z0E2OOcx^SA(}VABP0jST$aGG&rn2~j;ptboX+a0jv_0)vz z#KeAOvZehVzAs665U6Bga5vztAX>9s%p?7}R`?8b5yfqk+K@byC7P_tse8Y_Mkj^6 zRV&p-l{J9WSgsn zNbCsmUApF!k!xW3_wGq9-!B#$s{q4ZCi*+m%$~(UO7ta0g&LDJ6q3?Mz66lZkOf+6 zr_;^~c*FdhC(s)lN`KJ-c0^?}ZbI$*dm-jtF!f`zKto>$fF2Ij-uY(wVv(Or%;v)v zd{_6;1Fw7s8z2^2q|OI-_ao8<)a{)cX%rOdJFp3NmZX*d8Xv5*14%JN|2M?KRiiaq%U4P5Q;^dkZ#E zDT99gbs&?wxO0#lSbTYiICGGkZ}$B7r`W&wC|~_~EE;RTjIhbw08z#EYz8OxCd4pT zD-N8EFd?sQ9E2+Y5~tC>HSK46Ei96A7=D^Tf!^Sp_t|jX=|yLV%!Nb-=b9C3QpHLz zZ%r#?MYmH(!VvKWky|kGnp8J_R$dGl9aIRy{wljc_Ip`YL*gYBlh5=;JS+q@6jIQr zD)?fjgH}HcOr@}#Qzr6?V@)+7C}Q`XFnPC@wqc^D-`s9?d^Xu|uj(<@UXrq531xB- z=jMp1EOAF?f2Vr#LA!U)O(6DP{BVd>K~hL#l(Mm*s!w|l8}l(YeIL2 zmniLucsclIG*o}^$oG#x0DuI@*|?w+NRI#U<0xO$N!S2V8sX^?TQXH~qz`EC zRx?gkD_6L@Bi0#1I9BtxnGAaDc?ukgTWR_Q)p!zHpyBqW)-NhM}n;&ojg#dCow2TKFfGMDpAm zV>eYMPmygTGcMH*#E^(;RCkz!wZ{JG8e{Wb{LSCg2M{~F@ELVwm5kcDutr*}O(1r> z`L=Y=LWZ2~I1f$HXo}qjW7VJBlYRbjD)+ac-7UTd_cY0J1?28bFa2wz(-ooT_NE(N zq#E}{#hF3#0)gQ1>JPv2Tc+-9mt>XEzzA-AQ40c;@A*}GacsQtOU!uvedrgs?O`#(5VqZkW zX4fttDY0l``7UCm)~Fr+$&p1Z7NUrGqiGD$gnrd%@>YFe2cd+NDEAHSlHq-DEo!3h zZHwY?@>~9kp+qe**X2coR#A4GR;`vPCQHMGvL@tbr|xoO#!*FiS{+%+v4WO(J)xNj zRv9m7n)bZ*?sW92iy-hl8jw#W-9g*ogf7ggG~wTC2}GjY0%JxISjKD)#IZPsdqpnx z3!Lm0xLHjIvYItrK=UR*!+nny`a5=(8v8{W`d zOzP5l$kg-+@$@tOM6g&%hC=qvTGI)5>fkN9wF#k(C-3tw)G1QfkoW}x;h^2fjwi=j4v7WO=cT*o%l_7*f1X6EX;l7vzBEvNwJC)1=My*RAi%ErUBvM3fcEwCrl zR?Aix(<H0SQg7Ulj8DEZUUQRDG4s5U%aSNdT34ZHTl z>Bp={R9B`0DcjeBYlbTY6yOyQ;;;R!sNYe>%#6?HdM&HLu3W^?tj!*qr%K(fB4K;u z*t6l+C6qQcEwSB-Bi2OpILZ~MP|0&*CkB}f+=nDwYx&=(VZJ%EL-WxH+fv2A|_2YNIm%Iw;g*>_bH$hYQZ25d21jv|nW9!z*c^q!i zilaTiKawPNcfg7XDMAi1?h?m;E+OS2CSbiDlEM>l4=CQ>84nUCqvA-YAFF}@Fn; zW2)0%(>;o5AxDtNP+-aPMk9uZwoefz`S2Z{n4%P5%0Ycl{MASnAOGSWW_1=-Rv0NC z?BNEO-?qcli?Q8M zM_bOnxrgtiFMxYENCUXXwZ&iVF`xqfmwQauz)v=^*Z#vjVy*w-9$d};#XWS{*#6-j zbav`F!@uGGa*vMrcv_ubTVk)=_MvjqfbuUG1&*T$*}37Dad4&MLt?Fv>H#ozz5srW zI1rHR^#4c?;hp~%>2b;pkRI$|O!kya$n)g~YswN2xUCxo6yXep*^oSCL9%jMfjdSfWHR*bS zv-fz6oCw#$Ey&kM6lXg{WN(Mj1EE;Zd9dw2j+hg<-W6M+pJa#h0u^?5DU2Qhrkg_z zh7*vFR-h{%h4O_r%Kx6*RSn&xIiQA35FFAsNBaOPp@9kvnegld%cu`oD)}zD?~UTz zpfBYb?Ly0kU|zMiu7XSb@^Y*cPDJVKccJid+XA2-CZ8=&ta}4b0P1l&DDZ*XL1$OD z+eU*rS$r&7k&KV1ATolbdX|eO9goR04&tpw&>#H2Qx5`+c@9~X4yW029_YwussTL5 zVW4xg-Pm@uHs}lSdhWsq#O2{2G0GArN+2*S6$k@bI*aS#ex#+!wJ++l>+V4OE8qS_ zl#{AZrr49bD<|8qeH8vA?+XMq!CBbrEC`kZkBkk>jp3I+ri~ovLDP75(d1ie-C%s3 zLu7dmYRk^;X@N*C=zT++?6f;2iDg@CGvBO|2Ln6~dt8{w)UM}Npiz_^%5mM9b);Bn zQD2VEH&ku;+B_d!nyGWsHOA0*8^>>I6vvrhq~0qtAWMo=VMTtB#KF2@3aRHrAz0%n za*@13AzM-lG|op;Z+DGR(Mu#$i*noX%7_xm_T2EWInl~>mjTtx5&PjacX>NEZPN(S zxJ=o$In=&lq6|AuD3cOsgdOC;7%cYKoiEj07eQPyIH3iDbj7j(v0jU1IoMYwr zV!TAFsow#d^1NF3f3B!*7~6erv_|o+VESACnh}@c2qL81-q&)_+W0=AxN#pnKewAc zs8;(c-dmIUD(irag7O1mbyr4O#uQ{gtN_j)Ujzo`nYXjF(WuF{^d|NTybXL6kqRo? zG98uda{J$~!+7N1u%q}8&W`)Qmd)(K2LL_{tV*{0Dc#5|U<2t^B4fX3 zWhG+!rbC?iBh1|yW3cGXlQgB!mg`XsF?-Vqkv*vT;AYY5EzmSOYhRR2FS~Y`SZ$RQ z+Z+)r!wH9zAHtboyWtYderC#64cFRz>_B;8a2-H97W@B2JB}j@MJA@30sTqmPWok9 zL#r40P&yLlfC>$;0%v(pPXR~s8r};?`!!H@YXI#adjn;^1jcy;Lhu3#M3S2Fn{-@4(K>Ck5wbRaJ ziY$IredC46M!Z$r@ws z;a}Vl?7?8(nrf12`OuZBQEzMsld(m93^MS@; zhSf)TXjYVv&1+IfCI9FTfb-alI0f*JXw51zLGOsL&>r>LFxq6AUffSviXDJV{xwOW zs^|92(!G@DhSS~!eqbX+d5YI1LZKsNkc4FaS74QKzIU<0fRe~}d!S;mfs4i8ovjCp zzc03%z1Shzi@4F;IpA=ps^fTu^#abK<`wZgauxa8xHnw518+p|J{+4%0-Jlag{(zM zv4H``N$FT8GrcP7*PNwA?{?I#OKqyTy=5 z^KX#ZpA0{xOwA?0VoA3v3>UiN?}!$=;de^^wLK z%c1DnEPT^qn+ex}!B&RMOGcrK9h@0}0&^ zxt-9X2yLu_fAH&dJ>MoqX)(!7Ybu^C^rJrCbDL4VXMT`OS&ZuAxx*uh0@v?D-t9h# z)p<)yFWfL9s;bmL(esp(RCI64jB)aC70Ie_HW0Ly^V()vcD(r~A~n%+hfc-l>Ac&e z0cP_54e~f_*yuNiBo}qoiDIgRgj8C&8^X*>wsHOeqjMT=2t7}6jTo(TtXwmE(>4{nk z(sL@(oMSY%i5@DUOtt1E&QQQ5rKvmY4BJKmsl)YyswmK6NZMya4SncPP;7VWgaNhDohCW#b^!%g~;_h)WJ7rkz{nssv0C?A2u0u7IusB^!@<0*JS?; z;Egyq)D-4Zw1xz?!|hgZVx=)&1qCs<++r>5W}u%u7frobE9b|^4Sc&LpgxQS&j8jA zlbnelLwQvY9Ocl$t9C&QUcIMkGv5*mE0DJh5^DD&nV=;IZQ(E6!m~bYN21gV{OHlt z4W#YW%)w2)OHZK8MaguGJ58DmlWSk@X96p9Ol2}-%bGwx5R#|WlJ|nrJfd6Lfv>-N zVW4g$yC&G0(4p)ic0Fn=RI?R1qWwnWmj7olU%kh@H_UR~@D4&>z4*ESHTfl z5^lI)GSqfjjxN0H1AcK%09!rB-{iI19K}FAyay>PJryPBJoa~ z{QSiH+EAgnEDf-c+?vaDR<%WEm`yxN?eVyAAk`ncu91(;v52xVZ5SRy<;?ku(S_#I zR`kf?$E_j_@BKKNxT^7yRiZ@C4He(myK}MB`N3}EuPV|5dqY~1N`b4d!)m1g`1w9* zEao3BnE=so#^fm6d#?98vv;R{xt5zJ@Vft|Y^0p~TDX;RQUD)i`{sX#9se>OV~%s9 zRjEO|WJ!SE7oQt(Ke&Hs$BL6fxqK|kP_i%Jl3DKUWS$DbKfR|bpCjLhg{-_V#xu zSVj`&2-^;A_sjHDCDbUUO7|rPB~UIG-}XuWL~!DQy;f>DA5+8q5F>mZ9Fq-Ybx!{> zOZIPOdy>i>V+p6D4$5Yrr&_j*^_l?}Wio2(E8^lYI(MZc4PwSia2LcLT&FHUTE|kO zDEP&GNQj(UVzSqcmsvrI77=cpU2CF0+A2&Mc^0~b&iD<})lHcAd%_8^BbcUwFgbV5 zJTFqz*bgE^e!7i3er8VvFzAYn7IUz|aMxDOuty)*`Y>(FM@%8AM@(v8Xn4I05|KvBk&WFQ0@~f6 z^zboN?&>wo^eBQ`6zW9u8zFD|Yeo?Ff&h;*yf}T3Z=&yVFudloZ#D+ze5}jc7cYK5 z`8->oVP5)$IM)G#Jo1GjzSqFDhIo#jVVqt(PePRd(oy+)(7})Wn(NJ;{rc}6Jhx7o z=6sqe3Ri+*0*sH?eIAX>UC7(`A!naNN-j02oPd1440do&zpS#s~9GgX$`o*n`5e&>hBX+W0WSFMgG@eDdf1itHoIbB|0X0gdp zIzD6x!Y0!{18U7AvA_;7+blk6{?;q>T4@II=5Y~h0D8l$<%tNZ&UTYNFUQ4a_b3*n zRN_&WMWwrb)=X=?@>-{bFOJ}>D?R@sE)$i@=>jojR zMOvyeYB=1UK}i`~#XoZve)E9|xB8@G$Gy;qvpK)STwVT;^@6xap)mwUC%Jq%tD7SX zHjjv&rB`CL+6IXQn~?;-l+bVmSe^k)3C-bOQ<8Ng`sx5MB@Hd+87oXI=vet=-p3w{ z)JYmYmXl>$oH|9xCTuoKBEGxB4I>>Bb>Wo2`wT|&`AnwYuiw#gE{HfIRJ~088r(az z?!~&TrErL^(hs}MajPCp)nQ%2?VG!3xhE8L9xr2Ujf8>E?mF7mr5Cz1&Mjj-r90F< z#>JI>#*!MB25e1HwV`|q729xGo_;MT_4F5nZm%KqaEEZPJVKve84sbx+Ac3(nhFU8$D&GHW877R5;*m8LUKr>opf-AhcXGo0qz&yXZ6G`y?|#eU>! zF?#N*pTwWlHSr!RUSd%ar^s`ERB~KU+{p)c(Ir377A`Ov%CH z|G|`ak394Kmno5^6JGm2m=ZE9fGLSa0hp4XKCm-Td6zvS5|{Hj-fEj zes^k5BtshO)ik4YXf|16M-qoQAJW5-(L$3(n|6?aQe}oD?#Y`f`9&+g@K%v>RPRhj zjWyS7lLam7IP;U-AZmqV^N#hBBF zI+m)cS-g#K@GWuegowvdpHWk9SfPoxW&7-qoU7^Ezfg(XrR(Z0XNqZcpc;_!AeamI zoD6okrcOhjoVsLTOaaG3@LpJkS&5mfX_8rpVQwdTpy!ZRwIH+!G&#yQ#pv%$mLX&3 zk`l`U*Q0+fN)CS7o~Ll_;#aC^+Yefd_*rT7HS_8u+j*&mFAMhi;DvyTpc;=zS3WX& zcM#9(tO1f7|^)vbGT7Zc`q_^?mm}HU8{GrQ-f|~3!&m2Q* zw?x=no$kRns{-hUcXCQ-ZlJH%k}`D)b%{<7f@q31VD`0^S5-4HQK#U5TY@#LRx@CM zokv6Wpnh6?2C8jhx~--26P|kfqZehdcUT$hJb?OgvHNRu9*R;uK&1X_8ej&n1Qm6( zFFvf?5&M9&hZ6N<@z>zgK~8$=j6*eb=lqgk2;p^a8D`n3)6p2 zGUc`a4eA+CiFy{pYvnNW7@X%sy^OJH`Vwki6>^{)bQ(^SfI}LSaN+Q+y#YoKHzWM6 zRKVt6#kMob+Yd+M+w|TU@ov}_wX5c9J-PJ!+S#!WtBfPq*H^Wts7erluOFtXRLquZ zjF5mAvJaQ89nPkFr<7+~A^zVR2n#b4_M)FdC9sq?1BtcIZZ0t-n22bpuVm7vh#}%k zuA+3uyMB6Jhu;@2GFxyqHj3JBVzs+NEiuY>d%mw!94^t!j6uitbfimqZq<3s^mK&i zZlVzbFwWKNIoNbE&E1a^-1|LGT@8VhOU31+b>dz@QRb6hYFnBY5NTSiPy<$&tH(ws zmAP$nVYy}@1sbFKRH7^B(#`|EjXYhsKTPYJyoreCcg=&!MxQuq{jACu1F0$9_EFNnrM>mSXW z8}&=yAi-VZp|)t%HcUJ8E#{_5sLiEZN0I*arVtPtz5xr5MW`Xk(3&6rKYg8Ja3)>U zu4CIaCZ5=~ZQFJ-v28!GZEIrN&cv7`ljMnY^1a`w^Ye7o?!DIPKV4n5yJ~me>$+8g z*~@2i7BQ6(_HE#ltPD(fPKox2lV znl=Xrb#&WMt2W2MaY1WL{k4H~dL@$xL4ad1D?gI}gZOU5Bw^0{d^-t27Oo|O^^Iw1 z!2b`^QsM9)rbQWs6UST+1DSf9y&!z{jzMo)G1)HkFcy;U{ch>%7?*pFMUQBpmV!RF zfJ5@w{DL8>^wM1X9;c@NKammQIs=LeP~CaRKle8Fyx7#G1TKkQ_04ebC<$gAJm@Uj zv9zp-L1Gpwchlp4`Rt~nGGiDG9dqM^y168(sj78uD~IMF&kcsL4T4vX1auOr%|;&5 zo23(>hJmD1CuTHDWTrknKc^m-fe$7WpgX?*!(#c}r>>B5BIiR;h)FIs4rlBGFi1W_o+I4?1)YsOlkS=32XF#v$T6T@`w*^daNP4IBI?Ibt$pW+cr5{Od{g(_`9j zKl}?{Mkggi&k?cMFRj_hL&g@qS7f@}kJEKN9Fuw}Y>|xZh0feagdL;c8&HTc#^4bS z3($tFG$PkBdTg+UYh%!tmn$dds&r87-LJ9Tc1}(QQ{UOW4;rPu_No*j)wZpV%m;_I z$;RANI(tdm&ePS^t8UnDo0UtfP3gQQyaXTM(f|GSqV|1%TDG}s0|cO z6AWS02HX1NJc_2{35_58H3~_x7m1}-6ZgPmmz+u|7B*Ao76Gh^rGGFb z>yT4DHrFMB&folFXfMSNt!0lhCtQpAin zD3Ct&kM$pTd=?4uS8sq{qq*abSN`)R=7qN)x)M}Naym(>@E(j~Vk1M|Mul<0NAsTd z?z>9I2h;qrwLCozBNz7mA}HMkMt;a~TQPl0d;4zKdyDR}`G_D%XER@z zciQtt8Ofp7Fcz0VKR^C{8&MhVQ+jS;NHN*EpxEot*_x?5uKezgFI`doctGH8d87_l z6*!*tIqA`!%VfRmyfe3_(OkVhnz%Egx_)Wwx=oV5Gr7`MpjVviIvu=_*pPQI;&=S4 zMhXRv`>y0>;~#hXtm*_ZG@mqFB%YSU zkPfptrd4qt{f!a5`$t(KUjbc_%EJQ*_)W!}7mQJ&qk*=Jogts@Qsyweg_XpIc1J%m z59zk#ymvegFxbzDk9!kw+dKdiK)WmUog`O4dsAKt&)HD#*&GnHJRI?l@4f#`8;0f= zyxl4g+BxsLDiIjZf6klmn`cCSFJP4R=NrC_haL0qbf~(gq3W}_&UdSAEjN%e3n+Mi z*7@($3xwAB9@#@v0?^qx-v)I`s_gLe_P)tM*0!Llb+ugx!w8alhd9)ve?&+9kWHxl z1|oEbe^`*lvp;fx*jQGg-9jF6Bum86;^fdmL8qqffs6I0!sY59xn_{F8b_a2_6=nG zr19+>(o#^8gD5yV(Ew*`ogp3zKCbBU-WC!FEHlnf`n}ideQyCN<=WXY5TZtno^($Y z7^QxEt{T8|6}NT4hw_Y`p2!N=+dqSH7iegw~N9|Lw zY8P9QdMtp~|L_9gWOyB8L2%hfL?dldpks!P%*}GXVn8505E%pdM$&T;51Y7y&2~N6 zgGIm-&rG}<33t*_zLk_3{S`7RAhuBByK$M|A&P7I>fo1GZD$r@_r`^E(TP_=SrFtx{gb=CLpitJ6}n(trXbN)x41pXhrV+Q}_we;VS>35N~^lANV?P2|p zCv|0ESR<`SMjf7YU1d>iDFi(3uA%(k1d}ir26yrqB`i?DIWiIADIN`U$At`TPKpL^` z5!2P+v_z5?rxG{?Vt;vcRFL&=8f^E~9JDL}T44?O;v<;|kpS9_ZZtd3#8^e!BKV&n z8NKsVO;al6rrt8%*HwwCE}j$RWEK@w2glrCvYayPeuX|}Zfb$UrpC17ig79pW5lFN zkAQRuWY|#Qv=gA(Vj8#Tm;Z49}UMvr=naPG;uxq*Z6+!t1RS&wt2n zF6fTI;$5z%4#6(oQdRYMB&FDx`UIL2PPipbb(^+2l}d%AQoS{;9I;V-Cq$rSrCjBJ zZf5Lx5%M}$k~(!+S{)N@jV*iiS-g^BY z!LtgrpCe=fQy=`uts!&xjS_8TN!6R_R+obx$UyJQ&B>N>cecH0gL?8mv6@GQ9yj{=dCk$sy zsi5PTP31N@U1@@CS^s5a&b^0Z_0hdH1%K3uRn%XJ&RMK+%Vq(e9U}hP_)oT9aJGk< zM%F+r3~Kn|FA=vEdVw5u=Pize>vXY@jbHs7?Xe90@UE)%U4ap57^kke?cfR8R12|w z4pUFIvarkk;i~ScS*W(Q(jeW0-*UpsNK-tVBg!SOX#a|wvj$mI6njYovEIYWs>a9o zdIfVsG4W;IzVGn6bRUyi;rZ)|&~Pn%_qMeW7+;^Z$lLdM$a$i{<4je3%l zH71+%)b_2R_&u#riY&KwPx06qXFlF!IMce^EgM4)*? zEz!70dFK-Bvb+i=VQwxive{@kS7HD8F;XLi>gc&+9X=2rwQ1Q76D>svHpfD+0KZ4b zm3}D8dzh=l=$InTp67(Dw~F;27I2u@`s@JCA@ZQ}7?`*I>2NPr)_Igk_2j0Y)rO8x zy`@9EdaTA$S)wNt6`~8p9!P&Iw(c#Vmy`^F5=-U~yywbLsbE=Gc3{%XU|e>5UKNkL z0NAG(vu?h<=N=BcSaQ-~2M5ptolJSk7YUQ3%HbTyq!5SqHPM5Md?kcQ9;*8t6h&`N zN-*ecFDgtSLl_ao>P!+FeiCT}kTczaM2;B3W58`~r38?~Gm^_NgkZ&$&5R)#pedCG zs~Kq&KD|P&W;SylsjG4gwhL|k`WLdsVB$z_r!J6I zqI_QzU4Plxyer#M#70s>8U^YMONm(M0P45f%e0r;BHlHc!Qk4hdd5{(|HUFK(clth zn=z2c7luDYw}$bp5SD(j?+ha5ZaTiHi?6u5hH>tgt$He5&(htS2wF#P3^J&sY&3zf21+t``K1b<;ghFQ*U$t!=WA53`guG^k ze8s04V|Ujt$j$j8HysH}Y6E=^?Jh(DA9rt!b_0E$`Sm4jWc#x-TORj^r^~*QCt?X5 zD|zN)8)K%~1V)$)Nx>xXPnu*1J=Ou#dOTOSZ0&gTB$n$acP$mjNQW+vWo5F`C=%n* ziL;=x0BV3j*CDY16TA7g#Q^ClH+&LfVlmV&3u3D(2!q3Row6y}AQARGSd>}B=o*|( z4GX%YC{JMxx4COGn-K}})AAr;{HBUGMVd32Wd&7q{7}89%|;x)#4u-R^?vU-wE!cZI@7qKGJ)|be+E*SgV8|g8X`)G z&$BYBi^qwA*=T|ma&x2$AC00qncUJWF9%s*%_Lz<1RPOIh73^)Q#4Tv@+1-PFC1}; zeJQe!#R&3dsQU|T;5=5x>Pa+7OZ_BC%Y@D|ZP+~4s)_3{$|gD_>Sii%H=3-4^3_q; zIP_7}I+Q~@1Tj_83ZCw^MTP>{N|QWKC3{(^B%-S|8;2=tC73E(!MnrzBWqp*Lw;A^ zxA(fAwdJ|){tGVy``=ZS+k%meE6&)wH{l`rt2Vcn)K&RcGS>w_;TV-^vp z;dP4hVk%M|nSvur`1d$lfuwv!)0Gznz9 zu2aUdRL!=!Q6B$dqf>XjPNsy2!~Un3E`>)Pi(nhHmnt;SL=o)u)Z=|s&q~!Ply|${ zDLD_A%}fkKIXh*g7{tv=5#0$-_9ejvdCo|;4iwn+8#jev{j(dRc>+XqyLZ@FLbY=q zM>*yxlMg=UohiTc?_auK+{#T!g{8$cTz?_U8!0h<`WlO+uo5xj0^ehk3bU+NyXGb4 zK&Ysm_FtH_h<*{V>UAEYN4!ij8L@A|aTV(;0SJjeeYDMWN}KmFaZ8&L=m^2jz;IKO znZuT-F3=YKa-4IvDSak*4NeKL5aTlZwqo2~)-$NLr({h$S+ZfQ%svQh6-THJKJ2g> z;a1Icg^OCno}mGUyT1RSV%tAM65M@!f`|q8l03>*qT;vmuUYyP#)5&LcCa-ac5%;^ z0Xq^E%0IQux?W}t?(m>fD(HbYQvez2Y?DBgi~{x~6*kum(inr40MeA;kb**QNBz^E zUoCA*yN}woqHCIn0D-89*hG1o!8J>ecTfbxRco zvPwI!1ePi_<{_sY$Rc|nF0}OU&NP1Optr}#TX4)k_byx^W5jJETN)B_^%vqVuRg2s|!h?$!q=AOI_&4F@H5P)mGP3im-3?qMJ4(Z1l zjDYZ3Z=0UwsgvxJ)6R>?=|&GQNCQQ%szO$VKC&rO3?^ZN9MtWW0xTq*?kKqtyYBDY zL;QnhM{AbzABaDVM$S~O3a&*^o_{y9C*I+yzoKkQ>Ff*nmYyK2uOT+az;g*WewQDa z4L3G#Fv+6k&Pj_kQrr$civPv7?dKt7_6%dLJ`1-Z10MzN-I)CiYnEe!?Bx!iv^hpwQ*@xIU_aWX41 zNug7J?5~Jf@@O59+M8>Q-^3Cw#DxJ4AF?UF-UihPbrB=#28~Prm2VMhYnzb7OMy@x zS#)LOc5?kqp}3E0ga_tG@VkxF68UpbneJ?Od~@U^X^eG;lY2vz&%yGg?TRAJNFh}v zY`Gh%qor5^T``QBy=4&dPpG=rQsYt$xaV7A-ytY)aQi;@trrQ zjj~1YOcw27tKZ`wnI8WlsV_9A4(n&^42+70{@2eS8)H1(bVfEd(KP^@hjz_<8Z#>4 z@|!T-Mzm9U^7Q9rmCm4@?HMHI4$0D78>EzwCeJCO7msYJm$y0H<#SOcT%|f7a3$0v zyW>KdIp0F&2ih6F?ONur*DIkE;T~;Xj*0PbI+*-s<1IXgqP7T{wd6@dbz=QicsttG zoH_XFIj#5h(-E|$1;9sg+C3aRnNMXFt@ZaAs%!LEJMmDmT9FAo&x-9pjrX7xp zF@g%$F21ZE{(e;4R54DudSnSLJ5zwcepkmZt(pT7PqgmU>^E-X{0V;|Lfy|kW{YGQ4=Uq{T?53gM#A}uOr zn>KkQhk9<_ymu@7hDYqRTdnSDT|~i?2f@xR-n=ea3MnNnffC+u>e&U5QyqR7p=<|{ zLviC{$QMUm|4!VT__#Lu7 zoDNMUXzjjWCb~%CS8RuAvn_Nq+1N7F5(({c*AOkLlNGg@|$p$+S2QPR@d)`rD3upN3da6Hq1#Hj8?P{^9SR2F7c`OR(xYLr1V z-+OkKdT-2EMWkx)RTzu#Bri0o&pgLQlPBE#ylBu{&2Heb$oC6&aL>DL=93F09z;Xp zerpnnU8|jmmyp!tsFhU$Uh9z)m$=4l$~_K|RrN2%38Wd%zQVaswM6HAn{z8k5(07xl_qH;+} z73e#fBmYSppXWs0PeUkHpQTY3&6;{}53ajrVr=)ji*tTXEM+tnh*SOb;#cV}u!j3q zli-?*$TU!y$*d_y%09(P!JLm46>3JHIAJ_%i@YMjb>|vTu@UKlCNs)Ul4WZ*unbLL z{w}4&HhX$Q;Jl95CVC&^>dQp9VZf^}0xx>$qJElYW<^D7Imkutf;~tAgC9x}S=14N z&2Y>)!WRgf2hnX;lg_MByVs`^bh1$>S!MLl17vu%fx6{Hv}3W}iF}?wOxI>;{P595 z`-bLQq1l}`SdUmsg2gH%p}w+#gR9yFOOyw7{WO&xYpnjtp%t{9+LB@+reASTT0Nxy z^-q+%e&)m1N+?N)^SAiDl$~)ljPv(QaB((72(-^7gN_C-R))P&y*ubK_}?w`-xKa zTpVk^VxHJ>lcIt6aTBN2y>BpQKXT+f?{7eW|ME*5jt=(Gi~YZ*tAe?kTu#+ay9QeQ zpJ(ljv|9s(0S<~4E*nm$JcSF6wv=t5QvIBnK>XU#@DAXXR!aF;*_RDp!=!nL_;sLC ze_YrOoXp4W{<32O7-8c@dx%DY&~yGzqU5B=57+0F8HlpVg@`!U=PQAjJqhpkE{i)+ ztHFbDO1%!Ad9s^LQCD*n6K9b6k)h zsQCGVt@ron^`B`3zP9@OZ= zDMZ;+si(K1gjJDt9Fwzr%aj9| z=5^Ujak0;ir!>!27IcAdy?0g*D^nTfJB!Rd?rwKFtw9Ffl^I>n=y=f`VSAe@yzzi z^Q^)NcIgFXgvsGDRb(n#R#%hcWx(IjjSqK&ypDLQi1qk!y;@v+VJg8q1)37-#J zUBp?xDsfs4BHhoE@Y}BK7&u_WUdq?*e*U`IYRaeFHZ@LrcNgecjq2bd#|ofb+p#z+ z`oQ?@U!HUGr^T1+>Tz+%x?Q0mV#xtl8o7K&=~K;V^FnT$?PXX|-rkP)2?CJhcMI*Q%M1>@ zq*ADS@i&maNW4XeLbaYPb3{_C7)j~EOzm)BGZFBwT?>K z>Kg3W1X5&`GpA2wJhC&uMVYVuOHy~f+%F|~B<6D{jZdPDcyq!kW*e0rYHTp58c4_- zz0jz%w_6*+H1uOHbEs5Nj|J6YWUVU1!|Woe(~>6;F9Pu)LU$hrZOe@3ry`JNVYCb_ z4iz_p{CBA1u+o*b=31IanN8RItriR5J|%fcJ~yrDavOQtGd7vwKP413OTJ)V!!|W@ zkq%T|=_;y!pI&YoIN=Lcu0P;mba9Oh>pA5@{W+w5bTREANcKzNnK3?U9>X z?Ex(n79R^iR0FZja+uW~Y^^-<9JH_PCq<=QNL?Fk5R5EZ3)dUZ?K?MW(Xq~Dv)8Fr z`iyfh*8pmPYxX0mJQUxCi_$jC3nUW|XosTMWYF4$fQ2k_fe5FiajaeT@-QmCW=W-6mYP)&1!Hmh$- za}zGIB1V23dDdxXGT10Jd;$)lMv~p@_faOL;RH5Ckc|q)qWuq6Tr` z3qhF>o_dyKF`6O?$O?-cScN;3*Z_x4WgGkoDF1i&@@mWY6P46{FyXzVfMuz-ikd6+ zLf4Y7XoAfl3Su$n%fi5i&_N*nnt=-@bQBDEX)XH3|M%^y{81YV9V3glb=M+BJ9h8N zeGC87e$+#VNA7DT$kVo0?7zh}fpu}2mbO)w&pS@opv4PS3vhHj0ho>V@!Oo$Kgtf_nqAnl5O!ysg% zhBhWkK_Sp+YliC~KY3kgaZ%vu*@+^`vim?=>h{ksq!02J0-cDLY?B zOV9hDNn!nnaw8;=QxCwXQ%<%Eim$|zKN20XiKBjt#5=RB zuCaQiIcwKIz42&nyKqoYQ3#bj`u?Ir<(4;t?{;IZ-Ki9C61+ZH+yD@09TM)ldt7@K zBDS_f(NlS^P{l~|M+B2kM?1sy;S0(KF^9(8+VsY0n*J5zO4islpj|ZPC3mp6+N%1F zhBFMEgY`VELJtxR`5v^c4*d@&=c4+3R?jyr-C*h4=-?(gEYYmb#o$-$5a{ettg|mE zGkDGPb9~k>dPSbO%>BrJATCYH?)RqN8aSuY_w;Si^FlN4lCw>0#7==oNYmf9se3CI zQ05BQ{CJak?g0ME21kM@u$%jOjy30^%l=c+APy1UdmK=f=1E>u7hfHL&!WVis%i7^ zY#I!?k>6NP&R&pRi(_MtAYT3wo~OW_1tx#pM5bB05o2=`Z-mTjVB=nw{i3wh2jj8y z`!ALKp!Vis8*dR#{|naKe9!?gw7y_Nj7g2+SMD)-^k27VMfm{1Gr=!gRjfM<*6rE5 zR@Yq~@3vtBn|xs-HCTsy@$*aFH$Tn(jZJ9%U+;0v%GGjc*2@jG?~+Z>$xe4t6Q_^d zHGdoWYBioL|2?z097}wh*kqMnHFtTo>I0LnT?TYC#{D`@%4lCTHEi3 z(Qs3OH9pSyZO=Np3ti9ND*?T*grIO#AGPZ&t(|G%ty@8A9t+vFGcr}|Nc9(Zhs?h- z>J0>Dp87T(K76yqG(vqIb>BPKaPp`4VkQW))`K?H^+ciXE##xm$y_ssCU)zLUj#S)|np%IlZ1SjGQV7G9gjgjX58Z|mUYjy` z;o9mygM2-~1O<&n->{l(`_F5P1_wZC(6Ry(I;+Pd0#Q7$I1-(-@9k-iX*S}2 zenx&C-@U$%ZRJZotzj1%&N4CG)JYUK-^_kKp3IyR%Q7s8CH_1t**2@Jyxdw?85!%Y zcFD2a1AUw&{l|J?hS4&8Ar^O!&E&u zfTzXtD?LxxA@Wy0;+>-H6^X~z*JPcbf#G%CX{<&Z1LtY&fy`HaTKQZW1_F z#>Yl8eQG7)L~q&8AQ&D}eqKrCwB%3&u_>VSF#jxh`v#FYS;)$rw$NNK%YEC0JwAKk-k2(! z#4^p!U$);kSY6Rje@#bfZR}2DpX~Nlwn70?Cr2P1+kPW0a-HMGwK(JMW-3-0p(KnrHmuYWnq(beM<$TTYLc zlt`J>HI$|uY}R;tTB%PwZYCn)9qy17H&$-|7(YM&;}epp+Q~oBx_zl-*UY+!dF7~# z^Bn=>JiWmV)6EZwL_ezKh=RK))Q>gC?UovS0w(Lc_^yi~M52LK(pE*cKd|A~*!hzX z4b`%zULKfWnOtfKhmFJ3Z<_*b^oBy-$Jj$-sDl;I(I8v&N-x_c*kMNkaqWTr2?K9`dQ6Pi(^0%NewKNw*)jXyv!`k|lsin=LZ6$|Mg7!QL1hJ_iv!^Yp9~&LVNQCcsL(~1 za~+l5kRcH?!qcqat6#(Ci-i(@zV%XRE`)WU|;NblzWBSJ@nY}U0dik&pX3e3?7w!@eMfh43(QV zjwS-b41QR-LAcRBV#XdIVB(SB$Q!STav#sy@LIUq3W7d zbfEI?K2ZE69n4>ZN(2inGPjT-2D6x1Zgf+QfZOEdE-A;v1;D$Y_A+9aSBDd$Ov1`& zN(LtPf>AC!>lc4rH_PN$2X$ZJOFZ^{-0b!Q1tcUSTz=*C1o*vXq;THs_WOQ)UgbQM z2XG5`2i!dZna;d&(Dl_>NSVK;Zb$uAsGrhO16UofI#6XAJxxKl|9710Q{#)S#Eu3%_Nf@f6gK$q3+&D-N!QIB$?(ttab z9&|Izj*F(i3Ld#3C=XO^#(dSxohOF{Lc?(7mN|4{+8_byFK8U0KHgVkVYqUCeUTW&zvVMVnHrYkdg}hO+aSo3`~%-`j^hL zz(&J1Jg^ai-T(P|8PjB~xkumPD0S{RV<$3tFS{2y?$q{+nJtgNfvsHyEdox0ZW+-rC+{4K|sE~20+WeLB`=g{tvTz_A3AY literal 0 HcmV?d00001 diff --git a/assets/rancher-turtles/rancher-turtles-0.3.2+up0.11.0.tgz b/assets/rancher-turtles/rancher-turtles-0.3.2+up0.11.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5b3ab3499708f19d176359005620e196708e1cfc GIT binary patch literal 210732 zcmX6^19WCRx2|nYZENbcwr$(()V6Kgwr$&*+P0^@{r;P^a!#^yPLh?K9X(G7BB9WL z{&U|{Kr{y8iocD-W!R+MIam#uReu{Rv07*4lXe|E{p7c1tyh?X5@+CL?|l37!tpM)E$l* zR$j0lJRV5R3_uA5Fc|bz&h}aE#44y!Qlq1zy?1a+_p)yJkF`gHadV~_QxnN#_jjzT z@qQeS=NsA=J|5okH$I>5^QG&kTrQ9A^T+FnTrS`1*8JTfMK0er9_RWt+PW4!>2WXD zx?9!TK5u-;Vv+2>@p|K#YM;G67~{VPw1Jfd+*ZN)0h9Z>#qM3r`N8FC7WM2$WxU=p~htD^lq3Xq*flDA4 zgD*l#Vj;W`hhl$E$xkFjLcIsQfjVQ}$23rH>?Nq^g`RkdEa>qjgUBNomKX(1jir~9 zM-@FjzPESyTe(OCx23DW&h+`0DY>95GfyffuY$i_MA$G9sm5JcmQi>OK*kJ2<^kYR ze~m22l59KzyqDcd9(ycJXGU*AE{lL@rabddDKUo9*&mw1&s&h65$~OFkQwg7i5V11 zn@pM<%|M=363Up#X#Z-Q3^Pk9?+kPtWGkh@X5O_g=|gd_4GP-#Sg4z_+|B&p?!l z(@MnX<;Bbf2%wv|Igr^iVR01VQ+Efmx!FOZvpJz+v$-MvBKZ=|96w$UNKo*7{rN^0 zPscIE)O<;i$qye6DD-d%3_id@#STxY2XYC1`#H)6Ms zfA{~+#t$ecM)jn5zxQM1a(Uf9Mj5^wPv*UazQ43SKN#$?Q0sLd>P|j)H{s5F8A)Ta1L}-fPsf5!eUxyl-E<@j!D>_2i(?I@YWPU{j@kiF}IMWtdTj-)E)W zpmD&Oc-i>ruUPc(XyD4_;L7CmHIlXyD+m|x>&&%GhQa8^$GEVyi>Rf^tp}p*}+>auporen~MVz zxnVsfOtQ~Io+W1Sa*J+s`1g$YD5%@0oqa+M1xcyEr>oDwClJasj!@f+lst~?1LY`f z_FGJWpgAaFodLI7=D_5rN-eaks@UqBj)yZ-U8vMhd~5i90{_h3<r_YGPOQ&@?Wzqa?mZ39r@b3_{h&Bu|$o$F;o!AHiFmD^7&g*#^Ofd~0u zh*H69(R;XhXwSv!@N1+Xk!GYQt}Djk8NZ!8HgG?lTG$4W9NfAB!PkMsotJ}JZ3n7A zg^<+`dQQy$lX!&6La*JOdThz)rO|^KJgxs3C=Mz7fMW1>aEVe(@S%H|TYzX@FhDA2 zlOt=&aOsX?8^L7`j^d?}KLZ>P0YENjlbi0i&g{g~(yN^GO(4~XB0~<9p!ZTRR(m4L*C0FNj4>`Bx;*I>@gQZvS$U zdzD48OeGglI#=6!%_~@DdctpRCcAG;d>k5)yU8KIg@wwLR~`q5K}7PJXv7*tUeoX< zY9n%DOFi!%<%$&+6Jy#CI0kOlDx z9+YYB_kPZujkS9DzI&jM%ZYmV86Z+a26PX!XRu27fH`u}l$UfV--ddO7%kcq1+)A= zN);eyO|z!zNEP~)A4C~7RHjmrI^4M9r0rq&&<6+Dmt!D1wI$$K7`(R!n zGn2`)jx|{M3h9?y%4i;h#-LNczNQ<;zHs8x(tOSOyum0-1iwL@u)aDKzPDavYgX51 zza!4AteNIUzxh5t%0|8kczo~OxW8TJGhV+%gPoE`38rk>$`w})*sW_#eErfWPBE>5 zfS?EB(s$IlVgyGd?u13ktus5FCb#|GioFW@C5lYJTvd2icEoV$`PDqij*)_B$JHej z%VnyA8wkL{42zgY!jr>X@YA2N)RZ-kJTg-YpQOKN=4T;UAG~F(RkRlG3{<9%+dIw$ zRaaisq?X@P%EUXqL8@h{RXopV5tLIyi>cRab%ux3Qk;${?QT3(R9Nd7cvBwqG;qb0 zXDWPl+Gwlk=lBrR)d}seb?Rf2!PzW`sV}^kICz@|w5+{*ZM6xj^0n7`{hH?OziBv4 z{5#{J=1#uvKF%87K7AiQ*4(~#L~xwGJ6(;EapbqWRJRu?e03|uf*rWbOHWHrGh`Je zNY^8=I%k-h8Ufn^T(%RVE-qQ~FPX}5;E{@5Dh3KRa)ID0crswVU+$gqj74XvP1QAs zmceox$Hdp-bQ?{?2XxZ_dmWTj?JW15nsTihoQ%pzZcuCtq&N|s?@k?gwQNK-z>AHT zDK7KSNZ9t~-7Fso3akT;5#So*$;gCo2(Z4PkBJ+3jj%rM-qqMU{8i=RYNiKjHtf?i z&(=!YcMba6HgnJ1^JGSJbA%J7Zw**7@QqEaiAfs1x1y}2ziuVV79v6%qtQfA@xWAh z{Zi_M+B+&Lrn;X&pBbP`zGScQT8_{meq8F#-VdTst5K;$773G>Qkf!By+X?#Bn%zw zZ;Ajimq@IbKbUguY?REREs1aN9acicRgU|e`>Y-RL zr!!bSV30%R23XPM5T5Xuth;5>mkhq$Sicc;#`Z<@&0v*RAC46D&q2TW~ zj7ZI2J8irLXzDG&z8HM8Sq$}AR?sN@ac zlDMFP0``iyb72(31ss~UOK*fo`IBsj=?`qal!mLR zRay6w1&c`gEe`jm4YHTX&i0ML%^0?O{_RblU8LSH$j<6=&QK#^zMz{)EC-rMO5k>r zES|R>d*Z3IWYq$=vRK%W$jy^?e^J<-Ol)xsS5YYoViLYa( zi>G>AKm+1jC^K{O208lcv%Zx-p|h&L{ym<>Kd{P_7Xf?(47)wb0<&I3jMc+oL@w; z51m3C``7zv+x7SN>*Dl#iS#T7Uk#*HDQ^(Q0wh%6VaGG6S5r5&~eWQFN>R9W8U8a1;5b*I;jQSGr za9}@tZ%N?be{V_Z6K1OzeYg_gbk~|UU<>&*~*pSp8 zowbTg?@{IpR*xNi+o?5Rv$ys!M%NXcO-U;~bhppr4=_v6bLH9y)u+*fqcS zM-#G0?fDR9(oT2a``biqOLx>numM|>W3Jb1eb>|{u718ISC(u~Z$2r4BV2Yav9J(b z4P@1Br)a}=eS=Ncj;>AR?>>2s8~odiDScIa{K~J$o<=zidZ{wg-CE(T6g}sK6bVE+ znoeLj!3{O{oULuuT(!gzh5bV`t=3S>xn)0HOOEM~p7!T90e&;815)vHxDr~qLO!lD zGJwKVV$;YZyRpDO48*UAY-W7#*}@(0cDdWzm)``SvA$~?Z(#bLycJ^h@_ekszdyF% zM|#u*coh6Cf6))MeJNSg1#BGLf7T{5vA`qQR8G{Gi>+pR1|(1vHSOstay4I5t^H};)Sj{W^LGXAH_w~z!D(GOaNg+m#dsry-1*yg z>8#l2cQ#AmHw9mf8ys9T6{VE0@@6|)hfP2EE@6S$G7_Kc&Z8$E8<3eo$`O0tBRhy2 zecm+8t|)g(j8-MJo0)FRSNB-(YRN1EvI%VVPD#o)LaSk0PH)7=hRWj$?MDmCXL7wQ z>TWA_=_-4Pmda}5aWtS@Gd|xYJ1ca-+Ve&5zz~w6coQE=j@WdeoXeKYG&2W!6@I z$kMSB(WVN9#Z@%$gZ{&xEsCJh=~t;HE3r(CIP)6&5hBl)IISZiBPJjm&Qyhy$M$Q!^59R5h;_saJB`k%7&W?|2!KK& zelXR9l&2f;{XG6Yu?i(39F%2>Vz;aIO?Nih0#bjq)L{`CXdrSO0c*86%QVc2%Zg|7V1b1ZF~Y? z5deWrupFTd_t6`BOg2!H7h}%@2W=5Uh6*P7>r|YoejV^8>3_X7`H~v!B5;$mope8s z-uCxXVXo*b$?kJIsS)gr)FO#7L-HTeNKz3>_y={qBH9^6yz!IGte;^ajbTNO=o93O zl2ZsOO0I#xwOj2{O&Gs*z^ctMvr{Lc)h#DqTY&iBN{88(x9GrxePmdkHXc+snL_A< zcLxl~Ju-!cw5+8cEJyf~pnW%Si)F|iXQT#xHacQXo;DJGlI_a&;t;}4*!oL!`$$D> zQtR!(c;dLi(W>crv8Gr_=J6=KW~V0b_r&i~9 z1=X)pvdu{%hf78&G|b+>1T|rP^byG&%-}lCa=B$gA}xY-t2#+ODbmmzSo3BOZmsv<|?v^cZo7-Px@aOfm7kM-T)zE$vz`?g+OT}93@bO z(8(>iC_%s0`O6*9=311+|E2A_U-mtK6+2}SAss(l z5HN!*C*6|(rtjmj_FkAQlE7GulMLKE9dn%GafU!j?gW|n)7S6`%_(A`8<$&SQB;){ zd?qdx}5x+2~SwYjz>TbXN7Sme2tTAC%_*Bt*Kg7#!WSFG;ZdDvdn zws<@E1dx;kjgNW%7m$IIObTR%bjg^gFhUN5(@b~|0Np_+k<4kmivQH=f+*EywJ3GR z$}%~+4Qy*1J=_4#(%$N^Y%LY!3ovP@f2DTlSzD8FWYKHd>TJ|j<)2s4O~XQtz2g!* zf-VAl%%YT9EvO8bx*&?O+1XDM9kvA5&N(>)_82UBd$=b-kBIf?4|5wN^~%btEf)P& z0}az#V_V1UUU^?nUPLpPxl4;6T^4UusGmaI-H z2L6o_eQ++LWYoFQazxdH_}#25)SCb~Gieol1qT>~)i<-?jD#I|0@|9g0IVh~q0e(} zM4?I$2L%()oM&q2xF2oMqf1qt#sI5p-C|n5=lbkB7-##uV7hLYst4p z&m?%`tpIMVX}aLDUGl=#c3oGxjJ1-AdKeIbVeKsSsIboanJftRqNOujanhSg*qAIj zqNOz*f5Pz+KaYZ+h+3x-xpj3vFN6uzC}F>bzGw<uU2mbG7lp(F{!{2aV zG23eo;N6WrE$s$>*}?iZq9k0c_E<1w4Eie4#x>#M`lgGd3xdQC$KyIyU^3zcIBRUN z4qlDuDv%A!>t(2nUxenHRZ&oA!}i~5!Zf3E@l=TWQCK}QBt31*i;+4t%wwfZQPGa( zSY@N77JGD^>6}f}q|oGs_F_Te52cogG~$$x0WqmzwC0qs>H&xt$pbi+LdBV!XLmii zG-avd4$lDl~T*8CyK~L#AMm6rjc0Y8 zLO5!2J6*S-&`dFiskBCnnRHw5kT8%TGRy=~!agQou3y!oittGpUDP3f8-qS zgwIONu^PXi+6BFG4?kyZ9d1h_8HF(RCl5$R@1&K7jB;HbIbuaEq~PtkEcsUo>~6Pd zZrNNZ+qvlKwKGpP^}6;+UAhgr^%+vzgWbLJR!sx?E4B6>l(JLJOS9U=h1NWV>x4NW z73I^lB4{Lj2u6z|wkgc^`9!l>U490tb;-H#2LFkSa*jD@GlizoQ#hM~Z-I<*o;is+ zFvAPX=5t8k1pAt{-UgHw8-)%69E(=+u5^5LF8T`?#j9G9!9+01Sd_`&=X4oFw#`b0 za0!H(d1qh!{%w;|vw}g{>(c8rs1vi9V56aCy#V-nJNaaGpnp6{OS`fC3HR1~*8z+G z%`cgh5veB7-Yb^2JDWZ?TXSUfgJEm)e+uB4Jw%f-S^N+O_ZJgms)9gE+hh}Pt*;%IAHx{K`VPh`}cTRIO7m&wM~W~gTUW_Q1~OBcZWX_g`(BKe>WGT9P#sn z?GsOtir~%Y#NhzCre#h+Ow=}LpY5p6eDe7+2>W1>6o^x{G=%hwjg5*w4Tx8v-WwXMG3Xo^4C7$s%v_)eV(7uoRl%$qPyj}teBqkt`!b5wIsPqIC3Pm7i-3^ z?b+UIwfn7&}U_K1L#e{$lxdc*}f-z-S8$u)r|GRqX$$bsn73L6$_XzW1?XPC)>A_ zN&Z7ivRN?hd^0U0ZNaM1TmRV&Tt7x65vd}tH)>vcHwRKBE)yt81m1@a#N(meTNPyp zhwMdGuIr+1s{|n>Qx=7>?ImL=X+a?G|7`b5B9M*C!?CadINlWIWStx?n$bX3;8@L@ zY!qE!QaXk!hZ;uZj4EZePJEygido`*babk0kH33@gid8MVE(G%j$WFc{@~8YSTiyZ z*FoJong{pmlt<@zg|3U)xy^in7GdHhvU9dHXO`%=IkwU1YLjfHy4{~sl`*M)nE}g) zHgP3SD@t|5kFgxUApPNNS10vF8tKG>r+AUghGv$Aft5oN(@>#~wR@Hnm?J?=s30}~ zJa*U-ylll~OD`uvCT~J#EWNaZff~Lre$NQ@@YE5<0>Nn->F5(eO@dCsl<(Yma0#g| zGr7wft@^^5VfUCi=-LxcaQLHnOYPJXO8Bm|T-=sDhR@CP6aF{(jk-T(4^lN#H@I-B z4^>!I?Gg*S8;A>CPe9Y2vlkoY``{j&aqc&aHwBaZhQn+u(l1GV*TCtHzFb(R=f@kY z$uDJFPVcp8Vb?PHIXBWr@sUs7`Hwtl5O*+1EUV%!j&9_@iqZyOa&dW*Ji`UFk#fRk?<$nW!v zHo}<>t#ml88ql|(^fn0G?m+~-)C3~&pD*SX@vB3><4s1HHo}UEP zrg;Yz&6uxZTCoeTx$4-`7fgWbi-2P*>TlQCeg{OA^d?oi%{RA?xPX0pS^mvHsE`d& z!p-M^U5LW(x!mQGBL> z)h$1otW9RGE3d{$QTxYWfy~4l9r7f7(_~J0YwI* zWR&k5@-E;186L0yED~)&cmk)9<0M%rc#Yj3L*2QoYeBdZA>?MxcKA<8J zKQTQg$Sdk96hS&83Bc)bj7|038~Kd!Qr-5uCI=29tEO%H9UjEXJm) z!llB|kN3#O%l6Bzl7Tc>)ysu-OwViFFEYol(&Y36 z{^lIov%-6D9Q&bnbdRjD8^6X#hn8hm^Z_UPF-8Sc2by@$XF<>UfH{=QXdW8HJ%y1TTrzA3ImN9& zc1_@k%6dgWU^eGWB% z5FFWJuu!+emQa~ct~6nKh86(6Hm9LACr7i?8dMVyEU20{S_F;vZ%WlD?o!MX^Zb|V zn7#)5d|Lk3@;Ir?vExcll1vu}3|AP5SK;^HXyq>Q(x{dnH%r$@M4^ndo*jV_X-AMH zjS_+=BdNn;3DXhB&>zN91H&IBbK4PR=?bcHdM;aqKo&+f1ClmeQl z9PM1jmRncvd#&_M%NghEwN2Yu&gerM8$=)eF&cp^;faXSdd9+g1zfqUwONtecZkCU4E{DeZ97RGQ9ZK6MWV6_O`xkvDfzYbh*9qY<(Yf zvdGmumFhkBkTCSVTpIg+PtHQfHVM{QP=k(ub{GFJo4kI(8uoXuwfmScv?stwvAJzL zlKF~3x^{c6(cdVwr+`Cq#BZp@LWusNKuZG~a{Z17Up_D_{ml2S z*Zvc%tq3&v<_tge_B`UCsy#Rs6VRG|D1HdEat+A(i(jzo=Z>NM&#pF&HgyQOg>D8- zVFeTy5VG~pAnNR@q>?ufSsLYL0J$e+bk+U}B)jZWqW7|Lh9+ybui`IIr&taiykymG zZJ$@Yw7uY)eyaU4@G%#|SPEiAK&c=? zBLxzJXSZ_7HJRt%0U{%Mda8Efc)0wzV0v1JZ-Sh3+ToD!Vnjml148C$%xinvYx2*7 z?+YRqw|GJ%vZ_j{lx#=qT#!qC%S|Q{5?y~PH7zdK%Vh!xAkRKl7N4q%4?J%xYOBk- zR!IKTHr4a@dYQ1~K!1rRati~ z5mCUxe#K6?8E33>1>!vk2`z3588LA0C^_=}O!6T0L6Q>0yGYquZ$JtfjFFi_GNl=G zc_7HBJ@Jr8|d(q&fdvt944dK10WBeLy5|sN7Db$jb;+l3P=j4Kzv)cm3??KYh>@m06 z#^&r-F@B9)g5f<0*2XsKIs-jH9KJ5?b>S-2M{5mq%x+UXXK{=hCK~nkVzHa+EUDwNK`2>LlY+-%nv)tjX)EJH0C7B z|A<5#P(?GRRfPQ<|9VNa*4gw}+Gy+06P*3wmcd8TCSa?2$b(C$?++Dq%}E%-i9{Vt z4C=yhC&4%)O_;+>fJuXO8E)qd(ue$TG(p%2X$8I4$AIql>f21ZS&(pey&uILO_Yqv`8!u&!SPJJTF~~iFOV#n)XmfDZv`;iu{W~X!HabL8v)kpP zfj6x4$u3ra8WKszT=0C8r<44js)f;H#qv8;5`u zE}3mt5y=A7@9K_~OFJQ#>HtZ&6O$3Is68)#GdJ&>MLT8Gk1GAFU?7AL4ICceAEcn3 zN77VUDY-~Wggl%uH0fZQx$(#rjAOsC=q*E))@E)#vDYMzG05Mk_y%S5OTe{2vJEI zPu%M=Eb?i6&%mIrpXs;~Fd5Ws(`0X;Hjsd2!r zoTN!*DX|27)0oqy910n-O~4YY;^1j!eac(}DV(}^KtJ$I95*Hi20SB0(XxXHJF5AG z;Qx#iDCl13Qm~m|$^Bx0>QoPr)=(`6+p(8uNB zrNt9DrSRmk37h#x#ytt2J>Ne)g~%JBJxb9#Z^CDWlT8Mas5UB1XBp@F-%m#x5(p;L zD9*dLFC9T?bBMH%eEgNL5em9*vM}+M(X$Jry~*H6Hes>GZoqV&GB>?-PP)zMB_qhinulrGG&)H*l{+(K~5y=aiPq zpwf^|&Y>%y^iGbG;7;IDZUnG}s#$x8vao*_}_&+F|!AVbvcv^g1`C6np_f7WpI z>|aBFrI9IIq}&&NWU>-ktLuJfR8CuN3VnU3AQ zlfT;~Px?!Ei(_3NsxTYxsXqsMqcx*=qj%@%AU`A=9hp$DOPZvv^X-tfjN`h>#ZG>@ zyny0MNzbqSC5xjUdCPp^Cc~p_S~I#~bET-89!!Q<7aOL&`eIk5Sj`i`a_79z#!Uh$ z-(Rpe1>}+XVIp&Y+^+_;i*61Pl6Qj~TXt2n9+DN&iiInxoUwH3x6Jgcq3pZ&@pQB# z|EL~zfC@#F3F_m5cAw-n(AY)-^hmFuhp=7957iT<1V$v~*om#x9!HY)f_3!YsMo-j ziS3Nm--w0>^pfF!V@3XJnMkF`(SGw_$9E8mKA2M6$&%YW4NK@;THyeRarhX897${v zS~3ZyZWFjYByD=0dFT$%19fTQAILPRbdD>W)-pV8eBni8Bj7Y(NUC;@=|WX6Sk}Mw z*(VD-=MvBu15}J* z214gA?%T$N_F=hObBZ8_KET-`LO7W5kaTwh@Cxa>T>Q9Pbmh-niw zI})!mS$n(f*fA};K&#PapZtBTc8n0RtZ!ohRMl7C3PXc4+Xm7o2c_L@%F^VWWW?Z_E<7EpEC>cc`B%+qkrVT)a&Y>*p6(S8W9#H4}xSfTZApQIDGCXUIW9iT%I z%e{^3Gx2)Qp=ocJp`dv&noT70fAYAMaV3?i^DyPM8?&oSxhTF;*ANaV>eL#m$TL+*>g-lnOg!d4ycD`s}Lg=qRUjpWJD! z=7_+4MMy*_a%>D_5b>UnkXas)BZ!DSV7uiU#>R zj(SemEPq`6H6}(p%oUOr)>r70hTG+Zf1u=gNH$&FO_F9z zjAQcvS%oPZsMeXBKFi=J$70TZ%fXoZ059;8tH&sG;@8T(}I8PkF+Y3mC%LSU0r zUd*p!WI6Uj%Nh03I$hu;zQ+ga7HR{o&9`U*6nee6?Y@A1UfqrjL9cw=0LawhR`GgC z=VTNF1OiDI1=IqiI20bsb{V`I8&IOfT$iP=Wp?)!<~X^LglLc}|reY9lwZxaX zce-U|0-t#cH!P?9P0!p5ua11&a}O z;;I%cpi4z=?FH3~cOEk95aXtt?^YTeTb$C#F5M{Wg!2+3(b|Mz%=@^oMq{7yUTdd; zt{kp7Tj#4yURQI%+J8oKGEM_q>fJR-z`_1k=7w=8$6 zWGmw&*}|M~-ufzK&1#X0&o<-U`EUx*(H3YH0U_w5Xo=E@So zI@k@Cv`m+3B4T|Rvs{DT1~W~V?!CS2W< zO{*C3X#9)_(d;NO1qo{W0ZBXZgf^z?eCn(LE7Nh$*uVbNZ~MG*&RZ|jQz$YuBJ)qx zK|pil*#tugjQ3)SeO8F$z^q}4*wKV6p*At4S>3&903Rp94!mVpP{|geQ=$80*IWFx z&OxM0=~OM0k4sBKu$9fU@rt8lhM8Vgs7qkms3LXu(#mo})SG3t5}a|qK3iyQvy$Df z6s(GSr*T`>JTX5MVz8WeR08o@#mDn|9L(y2>5MRxStEx4m+x8JNFIUxvmqmx_tR9p zxSK&#RD!0~&i9=}zAWjl+qLU!pYBsxs`JOVO2vUS+L6D%y6}*#f}P;G_uV*)Eh=*s z8J^;1+CconXwegde8NV)-kR;GBF8LFvatQE9?U9IBhlL*6i-34wNpQ8Fqdi&Zk32k z?P55>b^SJm-wjbtIO7AqG)uitp9*nvZpTV64qA3QGT_bm{^({!`O8B4ncT|iOAI$L zbiw1U)7p)XMxheE^?eDi?q;C;-f)AIsmIj#+q0!A%(5M)>{kS4&bG zU^4KuVMmXwx_v_bqY@PfMu5*m>^Km8NeDc zTc|6=*MV7qTJ&~K$3UFNIP)t9T6m^~XvaT;6oJ%Oo5#D9B<+2ewAc8)*k!2bT!(); zM4tRC7`URW=aj&iJJ{DN6bogx;x2yt{!#WfgvemFytbq%#S&~Q`>ap+y~axoV$f8|&?(K!g0 zi4l-60)o-NRKR&+WfeflE#=>fOt3WL3t|qek`DpP|_A5|yled{g{5R(jSCtAqmwj+cq!KZ#uK zI2NGK6uq)p*0L_+l0ef+eK9gw1lCJxTNT~dW-m=jz6)!EAT%xHe;gjj!R)R?Iebr{ zO@`S*22qF@jD{D5ZdmVUG`+4{p;k7dzN?LFxP1C31oT4DNP8%ow1Dyi zAheZHCek8Rl~GfzOS;O&<4d92P?j0_ZnF1!;Q%t>)wX&xJ(=9USHFRc6l^LFEX2ya zyA`t`x@YT(|A8a;qVbdJ35Kl)6p@E!$~M{%L1Iaiqv8L?mglH)*$pkZ@HKZ%BP*SKv2Alqv`27WwzrFPA-4yQBtf2F|0=8?TjNWd&jNaU`utQ%N zGwK{Es8A$;|(+XZBj0RGpd@6cz2eT3I!d)9JG2|&l3JP9UURbz(_8Pvk?0J-k zr(y5ls8`f7mXY&_dNx;nQS2YOpjY_cfLp~Z+6F;Zqxg<`{FX_8iWk~O0 zcU*!~T}wBuEd6Zd;PRbrNOiIB`X3Zv8Cd5=oW{?P+N)iC>+jN~VBz_nWpb{v2Y)t= zt(7=KHndhQ!a9FVczk?7vUS^4`s%Bu$fbpr>%*4ykcu7Dq{T1boUl($>f!>6c#sg!57eM*pwlWJSSGv{9kspa1iB$wVDq)`+8 z@~h(~@H>#1$M0(U?%#Qo_mi!BQAaS#Ez4Y&mRrhS2dBI7wkd_tc!BL6 z2J8O|wE=#jTLX8ISoRn8q6NCLfvfeqkvY>7I zjjc&0P9~Yywr$(CZBK05wr$&-*c02>*(cBQe($L|-}z(JLf7i&$nLXigWg!qXea}#@^xcMPRJPVB9m)uS(~PNzx1Lv}x=wFig~qF} zrgxRiz=N$;_m+TggIr)QYoOMRHF;hlY!ZcA_HL%Luq}MXXjyWU5)#l^%|%)vU}a?GbM_LY0mH$>EPsbDGKI1Ehg6YL~RK#+)nan9l9FWT9lk zH5+f^yNSLH&j$RlWd_9{z5#q*_>q3-bKY8HVAC=enVJdU(lW=`HcvMM#@BqAyUZ~K@gRLt(#8Sz0!ykx07 z>T?cbQqLDIN82{$$Ta5A>uAMvUcXFHx5C~@a6|dC431DTYUP!nJk23~D7b_y_q=@oXFijUioE-An)g~_ot#I%s#ez;rwTSBeUGD!I7R_E#qZ}hg0 ztsCEbMD#rT)oa>+p`&2Go8=%0IP#}(S3cD8`mo=#`a04X^FKSW_6nO9Z=|@;va_F< zdo+9m2^rqoD}PcV-!W5IriBvOmW~~AQ`R=*!yW(elDYnK;ep)_X~A>L5T^jzQ0+tI z0fseWVU>~6ZY1~_wgjzHIB8useTpx`Md-!gm-l=`h}{$o+rKNvjk3Hpb6V#$v(j4D zXBXW?hq!+=-YmA;ZJO4Ei#wL*<@p}PNYz3S`GNt!V{ySw)C<#UB3i$EAfYGBs?bd2L>3tWOybp8~`A z&lAuM3r#Fq_!Tx90W)p;D9u5B)4^% zc~e|LI&hSA{?`Hidef>Oh`FR5N|Nl5czshNZQENnZMUoEDjm+I|nso&Szf!T%0W1W(WA>Gryq)Qna( zEwk?ejSTU&2Bx|Hc8po=Uq$o(-aPDmclf}LZ|0t7D2-wD6x;f-y17B@yJG9dXjZRL z99~mg=ChcL$M0TBB7Yxqmd0c~&unIkxc3L?lJ?WZCo&Gx#q4H_+81}<@2&H_!TmIT zi&%YDn3Vsnz-x18e1c>3)Y2l4Cj`&>(WNC!h-3_h7pPV2RK39b-v(9w=cC!$Hq(61 zJMePf$2VX_gW&1dOcR|7X&&_7FJ1lgs!?R#67%0qU0oRl_wfYJr!|Pp^(n>V=0Z;c z#694Dl;gFihuWplb9z{#yg^PFwW_3<8T;ovj=t#Rt>5jMldwPwNuQM@g6u<p-oUjmyVyCY5MzvHx8m{aIi3JyxYha>w40;95qVW(5WXpfkHC?6uL)SDrOZ|tg zNkFp2x+uEo_gR(f4tpriH8+NVgxceX1i4pqg06@9Bg7JOH$9Jy`ysR#FPgcUF-iJd z$=Abi!*@>4Z^npNp=RlbF&10|QRX4m9z~j(iE{~XFf3*DtjSZwTD6@7GoHnxmnpzn z;f9qISwxxqEFP`=hwxYs)Q1L{hrAv2CS`afo^8U&DL{~2A-hArbQ|O_S%@5>2|N9V z1wCNMBJFglaD#rS+!we&Nkb;u`%^asJ- zs}BsAaW<^kt?e3!-Vw8jWYCgaqpsjSGoZUyR78>vZvGPPWZaF8;M8>uj7NiRPWjYX zFy3V!5mI_rvNJ!sMBox5U0GB##&vUp4}fAN%%DQ{!ldgHRfRLs>{!aXR_Cdk^unB% zfwaI&eO;3mQbThY!$sX1pgH74cItYa(tH_Njt+46IylandZ?S#@4YY&g{l|oXF$@) z#I*ma(IgKFQjWCyo)mW4%5MBToZsJ%`A~k{GY(lEsn$_qvN_Nknh0vr9heIGW-)G} z_=h2t@)1*xs{a?Q8MV}<{zhv`9pxaRFiGweJ%mi^A!X0J;*S@t+~5cELY=c`C0GRM zHEP8^FPT9I$Q6Hi3CdF+wV<9hfluvQSHg5B!8n?MUS20^l%o3c+);*mg7q1}{YU9SqI{TDRIn|pu6P#z<=p|DS?=d+izau$=gOi75r37sfi5Met zD8A(PL@|fT)=p4j))4M!oh29icdQR|=Frcu{5Z}}-cM|Xu&Flso!tB-3Z@bhXTefW zo8ffWL2N*(gP^8YK&>SXetx!?{?5OD4KmU})^>Z|C`+m6?;3c~zyDbv89u^U)-=rO z%z|V3k7&r$=Z)<$6s7hFTGyLeEwQKv@Ll|1yFt@X60r4Wgl7D|shZi5Z>q+E{(q>N z=hy#>szKfO-S64&Tq!h>^euScrbGI$;H_I?HS(nVgN`tzBXcG@dK0~4G*$#8m3<62 zpz7zou+HUqZqlM>8@#?yw@71ZJcpg6#lX1?RV43;SSJeCp9Q)Kt>{b~cnE-oLYXN`gQ7Em20nWbG~y{VEI3eS z(ZH-rfh}^mQ~3u{SAlU@5vgpdEjK;3Il)2zs&?fC$_s?G-hMecSnTA8cjMunZb%6$FF)^p16U*QgMIGX+Wfetcs+da|NBt~`}tu14cGvU z_&*K({q1kM?DhP8J@4+lJAqT~mbp3?@_m=S;(C5J>l0sJX?dRV4MI5ogVUgY<1|}q zq$6O~+YhGJnR&@7b?w)7cNz#iWtT_4{;`ruj7MyhItjd-7NOH?&nO-aSfNLX$kh*n zZ9*wTQJPOc1cGT-m0|AHT6=YqflK|0d5=`oU)c6~Lcd|%Ks*o^GabnsUiIeadxCPv zf1@-j+#$J#^Wr^PG2ta|D=P!S-vPQm2CdZ~ z=h%l^bB_}_1~q=;{Pp0W|I=`Th&7sS$8UR#{b-fwhGAFSLK6_11btd~DgS=#SEIK7 z35Jmbb;@&oWu(wvjXZU4lyMLodNZvgXM8JKOj857>?K!odsZr$C~dpTmqsyMfw3;T zRgd~E#op9AwY(J7(s**S)#G>-OhdY{HY6Y6GC<^DUGaEQAdWXW|JKBG(ZDFczZVN0 zHU~C@9@GV**nLq9+6D-bSb2bqingz+-U}A;76|)BX!4eXHYoAld7um9F+mLZ&ktlA zVCoM1HNABVEdJ77-5B=Z2-Vg;SjTl^>owU$Dad=#2y6MSvWGl@+48tD3%fFbyD}nc z^fVM`8B=6_N!^NP9>EU6PJORBb<8ok@w=d<6gN}}*F1%hTC6P;5O9;z z<_gvrA5B~$uzq~$gYWNVY}Xd?$a*X8=urVU{P}3d3jV{-RH$BG_qYd?S6f)j7#1u0 zjwl6&JEp~^m5^5F=|idxAg)M$IYwF}o{jTys05mZ#Rw}fDj!0N^MwYBm@(yjzCC+X z$7!B++wcmO{WByq$37HU?X){i9Z5a$#`fQ9 zu8C6{%gHAeAAtzXjjxmPlDwNQ~Y*Y;g0)Z*IoH5Z9>3{!|`5;k`%K z@F91_t1hK@!Ci4p0(Tqa|K(I}-iB16sgWJB zrj5i0pePx+;t<9v z01J!rTq2eMWKU-d3+*)k;ai?CBVm6kB@Vp!v*h4=dN~UbMT0Vlq+9ZjU46EWtw)K? z&K*4=`~N~SpNcp*UWAa;8k55iP!|p!!oCOX_YTNWu%cOb%M4ED8FWGU?9<6e#L%Z; z*PHja98vb^bVRGzVEd%m~nouJeylnd8%2<#uELX@>w4138*SR_qu3Oy#3`B4J|%t0~Bdq*Kso z#jvn$^pdk#z_En(xK@&K+cn}wWeXBZxCrI34sPyNM}n?A`rE*Y-iXV>Tu``!Ul3^7 z9yeQ{#I#iMcY2>T@x=*jf~HnP8fX{m)O5T_1 zJA8EPx5Q&jj4M@O#ZaErU!|k9(+Q`gOyR5iVp2IfG-+peo%b>!@o0{W0m@}_>mla$ z1gXM9Q)3Mqj`p_pamsXTbuQ)~PqN&#KE3rU5B%%F_z;^Dx&$$d7RBxBUI5zyT;_dV+@JMEWW{c_JFE;rq22JfF=bz* z*XAazNqqED>5KnJ2quqDHJ!DqOom^DH^#P4Au+CiJ&lW$C{)rkV0L0b@Z=Mvj6ueE zXMfUpVz@>z9B;3wx1yU4jg@o~EesbCg^ndFNY9|7^^#S-(z_F^BGX5UAeW-Dn>JFM zI4S_|D8qyQ-tzIG?Em)#x*Lv6m;LjFWu#zP@(Z`KAu`wQ+bM8X{ZS-eR(QLpENdta9q6mc~U~3m?Lc9^ejt~HU<;-!IDuB4z95VmjC6_t(ygkn)ovb0+Sx;?< zAOf&Yz;>0|=mvU?SBA9$9;poKBP$G6Br2nzX&6o$(J4zfIe$}D@~u9yKV8>*3yP@L z`zLa$HCRRM5VG6zp0DjEG#?g;k~FR7?@%Tjy`t_J+!ZYg%oRL%Gd3JBedV{d&r0b7 zJI*G23B!BEXP8YgcO&gw`f^_IIt;zdQi6dM13-LC39YS}G ziZ?K`*n#;#B#=FM)&A$dUh2nFgKiMzggY6_m#s7fOIdsO48JYbe3gseEupLynuzyZ zDFB6iEfi^kKU27s(EqHYI1`KnzgdwZgHgbsW{=sl_tJN&6Y%KZ=Z)v(9M*4bE zC;i;LOWtxH;pYbXvRWlFOQ~-Pbq)F8vMQJb!VOXvSQ^wNsxJyrXZ-HnkB&)8yb61g zm##M8p`^;079Qtoq~ppTt}$tjlhqQ-tLJ?_laxI^l_R2!WiRqUj4o3FWip2lVI zZq^6Ob}Y+UlqM-}YwbR1TAt|^M3<96(9_{^Pu5x(5N|#YbPUiERQ)TS6`(zH$IM#j z6labVW|}#CdC=)KV5gl}`6T>kSyKOoy}XZcdQ40_5pACn5a87Rf`JP)BIqVi9u6NX z{6I2|HI@)1bw)Cx;Ms(#lXid#(YxA+XF%hkkU*9lKMKj1+gb4Q*6*-5g|>*&%2=kR zc^@g63e~;(AJpr|pTpJPC$fi>g`WRGy$t_@dZ7$}J-$-HHOw1C!K!)4RFmq%8>r-` zx15oCV=ZtFIBJJ>!0CM={-SxC-bi7k_oG{%WyKcVUV$`MKdSroLM#eL+qZ@~Gm-gP z{o6FMH`N3$+PGIG)OJm?kf=V>{-_hZ*Pb;?qr=2%mS%U_jiQ9uc!hUGIJz(!>lgr) z-PTi?(ZTzY@FwT0S&c;VUraL&~|wMh$R`n;;eMBOWszoo4EKK(a2N1?Uco$gXs z3uon5T9!;h7{Z0|$71$|Z1`=JlstyB_3pXwX=Q8vbUSYrK9V%4X)7e(If?lU^Ob-B zF7*1@EQM?TU(KReLz$RF*HB9&~RKBU4=9o`=&lEB*ndqP?v{xuGzMC}Y06$b`-hcAVT^?QIamzZ49 zHP}+6OuL&};<&NFI3_0I;uZ0vu!w0$C7LX@m+YZDF7}*);s<)${x9A|A3;+Yo<70! zPvj$W5i%l;chVI%T{lEDFfcVy8Y-=GfbvSqDn><@qg{k!CBXnvW=b>24vwbdcRo>0 zEumkPHF!`Yc|OGU=_Ck4FCj;y<+*e?H)G9W!3aw@P;;+6{F>2&uo{{M36va_#wA~2 z7ep0LIqT*!W`p*>fLFimH|0iksgys>h^06Y#~EA0lkdqK_50VyT8lZ-!0zmqrRym* zhMv9o$K;pQ9fc{97CwvBBYx~KBzv+6h1tIA7}jWcm(Wp~;Z{jME=UZhP6#Fo;b$`( z;zfHiSPC?JJW|t$T0tQ#L>`C*iT-({(I%+Wg6^t{H_xS ze*uFH`=xQZdE6!Rr#qtguCqfrsv;HMN@X`Kt_^#Guz9pzipO4(OdsO#mwSKlwo3xa zgykuC@Y=hi`hcUd;!#SUef56(My=LitqV4`Ic$P+B0PMIoU}-i*wBJ02o!dH<_|VP z9NsYELmMgMLGFTU=({K@b@V>)0CP}xGp0c6r}|7GMq~yxdBQ6(9&@2w9&RtU=G|65 zF>DY!=gg&;z6O-lxH`pEL-uwj4!PX5yj-qt?`SV(-FjEhbC~@-|8wjbO{HD z0r3HUghv+Rv`vQxdog6^DI?br_t`9dV8z5c)~doMHrYg=k`jHUFWqwK{R$wdpdM{$ zlE;<~S%?XY;#tmFf(?No-;+)GX1lm9{=;^;aeQx3EuR;bDogA-ozw8*@xtx<7S0; z8`MCNIYCDROT^u4<^O|qg~GbnhyCM1 zRIw+EEb`5!V@-3t9*sclGGc7FsR9bqAqT8#maK~fp>G9k*55HG{v}b(BXq>1QLyD- z_T9!ra-_38SJggPb7AsC&iS6xth^s|yhdNuQvC)z8eCS)FB}#=dWolhK+h_-9Xt(kzxZ!oD#+MKvg`D{xUw<=E6^)zAI~s+@5Qr zEwd!vT^aH$!oH^6RvpqdZM1Mr5`61fn({kZaz+tv(GuWoe^P%!xJ2?LbB^$-Y%%>v ziG@E>g`_c6!@K&q&LeovRk-(a;ipTdboTHmm6BF(7C+NyY)$l8bPdIv!k+t@H3VtYR==z4X6PcHts*9`xfI6OT=HzQmD_< z89$eKtENoV{wXQ|k<(Q(*_Znftr*)7k%Oy`t=m88jkfX?Vdv3}l_YlJA2}45l)>#$ z2y@F4$%1{7Nzi34g##=?)r+*@17502z@J4k&Q(#~xY%3|j9PpQHElK{ge+-U;)*aD zw(kwdvWuhRRxD|?_m}5a)~ovZ`h4E5za>9Rd;K23JHOm~>=CDBV`ASYkj}3@uFw1J z>uPs5r{{AYFg2B{u9ue!xcZ!#BB0yp^<804ou{ieOm`hM)`dk{q1Akv=rs+qL|erY(Aq(B+)p}2oIY|acCmN&z6oe z;OXS<-q6J@NPi{yZ8ZJG;i*KQGUEKSc@4}kZXlQ7$@v+Z(Dxa%MNc-`U=H}-9ZHNkF zeLH*vDk zg>juK7c=o?u5Y#1y(ueOFI)T5A2~k|3TGf3HC0-Uw?Y)!8Yj^al``Y6~w^=)BDc9z?Rm)kfDtA{3( zXI+=U6@OPuba7`H5o&!u+W1!0ZHq=uXV{#B&;c_Imy1Z6so*gRiZCrlHZz%oVtkCF zK!;T z-Q9~?2xI*yYIt~+!H!w@%tDCVSnuN0;WeZ=Z~+of$}|=-f)~~(6SZ7&)ESKGWyXuM zQwRL|TGZ+n$cO4Ix~b#$4>@!rIok~k&1#1H`qxV{m1p_LTOTNp#zPJbQ|cV>l?#@l z?X5RMWIa^fiIkIIEFF27OWm@90yRt~<`Woh8Rz_hQzp$q>6H`EeMwU9dJyd}o`I4A zx4s6Evwj}ca^4ld0|0wh+E0* zM0w2^8XXU|Kw_+O@SOe3o3(Om@qpfuP?2X%}wqW3A$ zYR)=N8(o1`tZx~Nm7GUO!^9hhMR&@b^s)2F~uf0$vqbNm#YN=PPPWoXN3jT7vWkrj33QkVd5EHyms=kRjwewV* zFCo}tK@=XUD@bw+$IsKu(gj#AeM;Bc@qZ$Uy2Eli1lguZR=*>OkPaa3sPS5POVEBp zt52Z~JL1g3BAd*XJW*=2=0s?-WY;3q`kh zrB4OOX8o)6uJE-dxAI$yZL|3H6kj;f&gq@%cBsh9OFpmB_utlCCx!eAJA0h%_@4AE z*k%cL_0?m{=&8_Es>=<2A&=vL(Ple*D|>NjbF0=O9^enmf1H{jmW*FD7gnu**cMn#iU3q!`1;GsLH zo-LCQcjgJ1|$eD zd7DJx+U$YyP?IZhhRsN*N8_QhAl}Luqr6{#xLOEo{?t)ofPvs$p2@k#k+`w(F_@}p zAqpHQ6RW0am=zR_snlz7aw6P*zJ20pLL^+251$Mh3OcsQ-7$04O55pz@5?gWW zO0;u#?cVm^?0K4*x2S%dkqj@1mRt)xHDS`KOt{P}F8o*SP>Ejo6BIL&;6Y@pMRZ;((vj zD@;$q=E8Lrlppp{xL4QC)H0Tw!&=>xQ4`!?rb)E5t~Qs%!FU};C>JzNS4yQCL1OFo z1LHDCeUB)LYsZbPF^$g~8+`xRX1rv#oZr?9q91t;_isj@^R;z96G$cmEPXY`!0#F1 z!x4z(@-xL0{(Yp=IHI~oJG!{IJYJqDzk0j4sC;<)JRY6C-Nfecd4FBLJNJB3VOG2MbeXuo-1>T|Dq(seyDOfJer+X&2S7E~0XYF;^av=Ug zs)%Pu5ulR7mqn&9TJxNOA57?6?{up67U*8hTtU2@hb5dF33E6QH2l{hKL|U>IYbLL=uWv+z9=kW;UQ5~(CyM=pE=n)UfX0dNN>WiDXwl6(2G zhquhs8Y@^~s|fZ10Nz&U#G^_kb~*ewBg|;{jjo5Pi@^+ZH!1TuipesTtGHk?Su+FT zQn^Cw!iN%0PYRSddm}23A88%GxLl!vVR-NaM0A*`^_$xzwjcB+bobFZVD-9=6W7kC ztf2&jzlqP*e?IypBosMZNm}2r7OOr-7n5AZHrw@^n1!Kd-@(^{C6`-W*MGY} z73>^jAuR3lxAtrTetUeF{Usk|N&irF=6)GsNyqmugQ_sZp|W3QLR_g>Wk5_(|CMQ3 zUOmWw=#yhv{wLgucxkUS!4fMYR6fD7JlmeXwBUZhKF+dSXe7)M3np1U%kuTrkqDXe zI}L;43`cXzDbQ}>AtJ{5dhxEM#SO5#FqJmfSA7bMjqUq%S_blpEWPt*2V2w?Lbz0k z;XYj0otcYYwDDg$N0^l8`KgY*KMY2GyOODLua}ue^>dLJZRb0H78@}5c6Lk0ynBcY3w3YGv!dw*ro(WX{AuY0cl=7iK1Odaw0&#&ZY(Zb zBztQND>Khq8^QE<>F?pjnDD}=VL6X?x{aA83*n&6tu|Oc^=7ON$G7u#n|gpAJhOL- z`2yR7z=Hs(O5e92wU;?Cjr`KK*z%j&LrZL(RyJ_dL+;DU5HFF%s4AVLaDG@YfpTgE z7gBlOCO`AcBI}k?w)PiJ+)N6u&czN(~tfH{%PLj0^a<) z!VwK95a@KL6qqweJpZ)PPJ+-%d-fO8#K#sl_@K@Psm6+cEfJ;E;Ol=k#?D4Ly znu7CF*lY8gvY-1(!lY>OaQ-f^_3KmRESLoLar65={qw;I)5a_M1LXI*>plQ_e;!m7 z9VP(%!=JIe${0W_&GlVc`!oKo2Tp4Rezr{%7TPqftj!dF{Rk?dat@VH4?x1Jra2cyj93m?upo&2 z0|!qQUcTI4f&DM*=BE&+{d4XrG=8&7+}RM*}u3@E9K zU>bBzvKQ?rfopT8zz=_59?+X7Q@*mMgkNGwQp^D>>FN&TyV2u?_cx#s4-k2A^#%w_ z;_Xs*?R*#k|5D@UZ(jDkFDsVBDNdrfM-qUF5;VVgBPkKa?B3#88_z>hfr{?072sDbjiN5>@DX~1%9WNxrLz1$=_UxR>=Yr(M@bM)BC z*$@BI*?e@-?rmm0V*v~9=sNvY8^Olj`{hc1RjnR-0`K<1JZC?h?O)1#Ay@8u?_Onc z@%d+*q0>psjcb1AW~A}r5q2rSWN=tgzJ=Df?C1d&<*#7N$n})K8`s>3d?IvNLY21Ck*8+E_M zV4xS_1muY&Hr?t<6GAYx1Yr-AQc7-$h{XJ0RWiARd(_vgoek-6vdR6g-}`ppgFw ztD)HxD_J5aIM*VM3^VS}S46k1Oue)bCZiP&g>?cuxE=jLJ_4rZ8I>2UiHDh&gNE55 zQ0>oW1UO1cEz+}m_=y>{y@+$q09%hpDDx}Op0IDzRjv1Xe+u-`bK^ohp*FTT%qH1e z_cM`sJ_MjK5U5=FLM&NyK}=CDbNnSF#R5%Zo)>VwIJYxt21!KNsiU~$cpG&XCb*&V z{iR)>R0pIu3qS|P!;&Ey2~rkHz%_rHeutlT840z#TGp=Evjj-7S0M{Ted;QvO^4jrXaQq z2B(Hh9y+--|Fd1ELv_P>2 z2wl=LL+oVk#dzA>|6^!5s)WGFfF5`nrmRaM`&4mo9)O2VGL3}bB7I{Ht)-i3uVPL$ za0bZcDL-Oo++@uV4G#CKU-)>8`9#f`ypHtw+r$H#{1zOEUMQ)`yaXCX9drmYdBp97 zsnA@$aP*dfat@z4mZ~u3mRC~=1eN9IuP%xXGr-2%gWM!Y z#$SD)%PIg57G9q|Ud_t2%WA}ct7N9r6a_Q!G#<$%2~4gHO|?#c8<5YaHog=6GPF}! z5UyF^L!F)qpf8WWpYz%Y|`d=m~^TJs=3p)VV!L2!bUgk(o5jaDu}uH&ak zGjj_3T&;T;1pM5pV&=KuX9z-;zeLk$3J1<1bfE6_qO%5{LkoBEVvk$~I*a~e+~5ba=8umw zdj0XMLy~dk`$~@yhbEA~DW1rmrz@i=2M^Nu5f(BbPuuW|pAh&2_!&;Cj1iy~WBPbK z1vtr6Az~+(;`i_u_#UKX(j({5q(MFkFoEXrKVYa{Noh#RW_Lw#{-}G3CB3QE6B_QZH<~hw zSDOn(DHWKpQa89%O$93DF=gXf@p0BJy=3Y_e7-)(FLKcLd&tkEQS~<)G5-8*$pvgl zq1U#|V{8&E@xQT*Q$-dbUkQidvlOr;3}6p=*Pk)vJNv%B$KtK`TOUcy89{y9h={CK z6h2i_mVBxgbXhP@4JKof7&^6;p!DjGqsVgWABC2h*mml%l<&i45!Spa_R+M- zx<~0#KPqmct@Ap3j1f_KYkic=+9m}w{a@Ozb;Ee8y7lJdYh~X&*OFPQTG{TliL#6l zr&e3iH$vFyOLKR1v}I_+e_1ff`kc;eBwP$c?fheh2$Q|Ecso-*lz?BYGoxnPXQTab zvBxpBsW#@iDsOX99UWbJ+UqDYR(#Z)YcI|@v(vCQEy`2MlSnZPwn`n*28x4tloyaMKyG??ec1ZWok z4^7Ju4*IR@LoM& z{WN=xV9j&XVJJPGnKhuu>tBN%{v7XWK}T)p%4KR3=qiK0UzJUe^aa&L$7H7}8|WRQ z+WN3X=b1J^^qP;?v>D*pX3##Dlh>_2+j>)D%$05SmJfTbQ`>{PVc?5MT$&g#jZIn}-yCaE999?B8Q9tx8(XsmIUSBS2k<}j=)hrq zR25l64%nBpyAHQR#oCE65oDQtrEWO9-w;4Ak^<}2fL?dU3lu96G;7lQ0yTYG6xiY(lv; z{t#wvH-T{VpNx(i7Jyl;Ql*>af>lUnK>Gg0ij5Qfk#e3@qR{qSmKr1llR|Vv6IPs( z*=FJzz^7gkC*OO$Kpk|vlZgKQq~7APB1u4YsV~Uqf2sYpzrpZT7hdzY54QQ%cX*gK zw|2=dJ|_;$gSNaT{j-!zupxb$vVHjOJ!~NC%rND073xW5%FpgGgg0eQwqHc%#v!W> zO^FCnr(Ou)DqCL%-!hN*p&|W)JZ4vebu40~N1QBBR&v{(8bp*NtNn@QaR6SV*>9x^ z<4rzlQzBesgZSE8Kk(v6j5{BVYJaQJQr3L zwZ_HW7L08%K+%=+XF4s!cCTB!8LkHd0^0jQ5Iq~hKv;|KA<^~7azD< zD03LzSs{>xuuPCp-c|R}1=}lrNuk$E_5C(;J8@VNL?i6!xEo~Tk_s7$zRGOcDm3_D zrDY3tNW7*hD!8e``JIXjFX?G;BpfzVCRLw%xb?cErC_a-Zc$!^TV0-v1A*B+{T;az zy7H*GJhqfT-p&HGHfH_a_ND)#f~nG&+rEE3*xCK@8L5+8At}Cy3;ZFH8{HiaUzcUN zAb9=wl41q6ybP^9$Iu{$tHe%Iz+XROnT{4;c5gh_lU&DW(H z+$6;j*dn~2aKQkUOG$*415ZxZ^b?p5>~LjhR#?wmwuJZTe6^0Y9Q*3%+0znz#)zVU!K1^vl{0pdfM)1xpS7&!Uahk%ucrZXqd2z08!Wr=5!ZLFq2@zA6?YK_Y(lm!g}LO03ypbwvZzgOrxbJ05Ob;oc05@ji^~x8rjEc=a&zw}B1rpDNYpQV#Q-r=r3x-p17`hMGZE#n|JjK1+y0-n+C zXsg@>X~KMb2064aEgWuYZ??;|xNCms@-DbaUrs{309)_shwAT$xaY=P+C;GdV zvX4b;nRxc{4$swREeCO$z@CeYb%>UhZ<{8*)quwRs>9JbytRo=bKh&rjs~F;rcP;L>PgD`)FxO}80d zJN0c2y;*&|yvMIoJVV%aSA3h>`aiiF&z-7tcP{~MJ0(5*(l{)hNeJS^JFai%lZJ-l ziB&cKOyKxRLqBdX(N(v@ceCwlxgCgSiB&$v!`^IexqtPNxI_1gOoU zzPeljf5*p9PgNlIKcIKM+B2}^=no-mGDF5j)yAoBKFSBT?WM11KZTg);%t6$Wbz;G zon1*nGSJ*>vSF*`g_BzZ;$2J&^z z6IJX8B4?)WYokH+&&}3ECcl97cH-nF->0)!6JqYIh3Sz#X_1+P zo9(i0F|}g-^t)ZX{K^O+&Pj>NNVj#XJ`TZ4vBh4?k_+lvm`2v4rvgE2*uOjlz-C`( zRr6rN_8`b)&lyy_iUVnbq^d`}L-fgTJhbD8rM%ihb_c$|M?<3cZ=d6H+6y)%w5DR;PTn!@DuGO_5QRbTQdc_aB?g|$5$kT7375p8nLO`%WoK_Z#Xlv%zp8c9c-yF0AnpuL0u zt9JE_P%GsktdJY35num4C>k{DAXCUJX-VK#cT{^Du?11LT`30MPEUQyg{)(Ln^{AP z|6Y|0QSyL+D#z?e1c9LtQ2ywJE%h{}-zo-MaMm(4TD$tMFEq0r#uR^6uw_&izRBZ6b$4mFYe+(ocPK(qwKsp9U?j zrwn`{*A*0A^LMzf_TPA&_0+EBna4jYvx=-RFxPQLa62iU=rR(j-BrbJp4hW5th)42 zz)=$mxN$_i%5>xI)CfsM8PmI z#s5!XEoQ2VH5Hs1l7?TvrPGafl|8}}0vg`ji}805F`lRyB^_54Q$eKC4R+~(HHq&P z0ZS@Q&2}%ihzP?r|1A!Yfn%m{4mWIE7J4C=k9gq1ga)6w0&#*~fT0ZN?>)bGlX{mJ z_BP#`D>l4xJSF|#AkyK(%ST)WnqnSQq>(1QYFJPFN8EbGld&(aet{tHT>9yNv5dxn z2~r6RZ3oaDQ2*f-Cd+IwmV6;%cCLFoXZc)E zkr8GjbGN}o040~Gq}_!4CJU;Wc>#B#@?rJqlr@fTdCQxSTnvfniikHga}*pvMuUOo z0>p4uQ-DKL47CP3874F1g(dVaV zYd|_bi$WjxT0O~4k$N+g5l7XUQK2Zd0i`UgG$}R#VRXM9gb9r|J;EpJ z*4(F32ke0S#-1iB=n(t4_Ca(>Pz;uoG}_S0ZW}ffLzNFuahB#P)e>v^MDWK{*tfn1 zm%cy;57@uN|W_VEXP){$;MvUZKjsZ^L(}mApx}TI0%q&HnCCg ztQpFeiKp6s<#$0MVn`)+{+2q+FcXPKF{F!V`ZU#B0lcH|8RBB;cyj9GP4A~T1c0GF2%=^DWJw&>pJ9>-ueKE6r@c8_y-`4za&%(KqIe0-3)C(>`~G30#aH9*xSWR?y5!R*Kl zK}JLf``hFH5Lcd z*Mm`zQ@67(0%oD9{@C;BNmaPc8GW%#+W#%DvyYpcfc*xY{`ktxzeaRAO9E%^*76u@ zx|-c?cT&l;U6GQ4lrjCZfj8Oi`E-}UFB9+P-OeT%oc#~}#7hwE;adbw9uaC!^S}6$ zC;)$|`7i#o3c#N%tpWH`%fIm_JHVD-{SW@s0>GcFtv~Q5-=y;<$0XOBmNvXG9HcD& zey{T65S-Ab654e@p!^!l);Xsqd zF5ccPtO8~+l;t+2M2BcnZ>5A_*eP^58u~KM`Z*%IL@~cc#}Jf>uOLFH@gM<8Ij4^{rY#P=Q_LZ1bUII(R_2=Hx+Kt`Xfx8c-3uefqqRH;Pgm`0&*2lm=I4N`=rm zQG7n&v?_8T6o5aG%J5xsPC1Osn;jafY=m05=SSlZE`Gr)TP@NeJ3^weoz60dxA(US zBI~W8WYQvR3IK6wpRxCnQfMw9MuP{~Pp22-DHZ_xiML+f#NRIWNW*!7O13P#eF=s#tmz8ea*t0@*g#I zgxrBpE4k*3N>p3W9CpQTh472H7Wt>BwuNsZS>*!rV)Y<;7p^5Jz4q6#Y%5D_gQ?S! zX`rAZY9kyeCTB(ax!a`gkxDWw^x(|4zZ~)`m+}{;^CgR&93on!aU~JtIaRIEL$l>m zF8Ku9VMozvO3`qVi#D_yS9y=Is0=fuG29svbw{{sky*c6G?Ho+=z6qj?~Qf=@AVXj z8uW*)&HX7tVe=7J%i;*Q89iVxNr(vsDo<*xXM75}QvF+|Wm?j#&U*U&c@v5B4;}C` zUQo3k>*A6DI#<613cQn?5U0)XPupB<7v@I^F9hi%{}FP0!AD%_=oNFr!mIMiEklQP z#1@48S8H{wzxal+n?Ydl`MeJf?>_o_Dd43_i;cMDkO?}$xukW29q>-PVeB2yy7@fH zY*D<~P@VR-;>utiz{FDHiRMDn^K%Rfg8F_KU63I@>R5PaFzG*zt<*^)K-tQVC|5@B z3QJnBzS~)RNdyxTonp32*HDQAe&BES+H^l&2yY6qstcG7rjh@-5l9M%Ivt?&XWyhk z`SUKqxg^uq7d0&pr&RG2I@Nt|>Xg8(Nvil0aH!#t2_=Iw`~u%Q9LCH*7Ko=v520)` zNswTn4oPt0#?YC=$dq`o1$Uyy4YyXfX^j^L*1gK73t}hj!-I^I^y8iS-InF6UU?`H zf>ZnV>IhJ9+#o$6|sbfE+vDokw&K!sTburZyz zxSvW)-9Jjq2Ou-<{=euG(I#*42m0i?9asq-4h|prV6R<+_I8^t1*X2g6$&$;DphUi z0AY!QeG9HuRL?epp$eTB_(S&CMt$oxWteT~)*4l`J=RB7VXp(jRd8D$94Lf9P?9RPy6VS4nB6(=(aFk@_+ZB#E&EQ;*XNa+?(0 z1C<)jjLR0G>eb>EqimfArRx>GYPsfqO|?)Cc@e!`a3;PJ0kNsj)!Z8LKnR=5VLhm? z8vgzt9iQodUD404o2Gz)n%os#kL{c^~0*2m@svLbZv?T?{x&yTx zMl?5dN#*=Qxq!)&$SHI053&$lKcv_@QhSt|<|C1a%(QguS;1sJH%Yj6{xa!Aw3k`@ ztu1yV@sy}*Ttig7*?XAN??tNZ^s|aq9!>llHbVqm9W1i}iv?_kzh(|GbuzX%k82LG zzI>uj&j9r49%x#8_DtIvfIh7zeY<45EIix%M4#dS=o9om=u_q4TEL{&qD|+kx{S#E zHu*{zOPlXt#4-MK_Y;^*Rh+dNo^#K)wk^BbHu$NMHO3T#(co!`*`h3Qf(_Ou)~UiE zh1dBXs0c9uSg}=zIQ0)uf(-H$3V)GFbn#gx58g<0@TnO80tcZGaORe z^Jy7iK3M}upx6JJPfPzbpM*h8DF|(rH$cPss7*b9fda+@Xir_eSWN?- za^I#PxXprI!5RkuToiwVmYOk96}~ZljgT6^WNHXjZHWOi6RmPDBflh1TmlwCI(Yjb zN-ZP*wgJ2%mQ5=b09T1ye_&q!kWZQakWb}DM*#BaZ3sXjV*3~QwE7SE^x;&| z_I;91btgEPCN;&SF5dcQT}2Oz1Aab)dI_vXG~YVfZcYVvp5|j%Sc(A0oKNLcyb=Wf z@+rbH*q#_bK1nB5M_SO*<86xOEj1O((JK9alyZFE_8E*GW?H9XH z7<}Lg4Ip&3OX$rg#t4C-B~b(-21T?ja&|V;9Q>#aZ#T^iwXG#@rI$p(JQpwdGjyk17_&TZSoZpxE;r+_7?+{>Cz{-L~=Vi-5yT`ul0aN<9B zq?3KeF&%iufF0Z#V)EwCuxQ#eLFjWsTnGw=q>Xjlb<9XcdYADjvE$Z@CxLA=Unc^^ zHwbtx@-p0j`BbSSWpfH5k07fVw6^Vd<{rRL^A^T_krc$$2T_i zszkOCDc(fGOxIr5PmETQL(QBfrAk$*qVqlNgWWdTUd1`noXHEK+^GTPlO#kdNQ^5W z#!qgiq#Xz5o#eFD0E)Veh*;hkTN=`F1pz=+_(v_D^j{GzbIt&JKEe7DCA*C;mi z6Iu%@;VNlpNJx{fgEh_Ga$TkuzPfFSE{1=K3^U3SE$Vuky?=OO0?)O=KzUPykXE=Jg zgNNPjIqN~4$x~?93GH;)mx^yw3xo#Wh;KjxL}$uiM@L3VURg{HZ|n4C*o5mc0uyaq zGF=JS0wn7RnedZ;-{5qtrD@QTjya?$67>`5m7NHThK_N+)T) zYgJ$c@+5idH8W!h@z+HakS>5+otH*muv7sl%QW%g_8_(<@1)XB8V@4U`jv{jnoyN+ zzWpvJ*ON#~z6X#`6Q|F5WnfgwW|zO?&-4+m`l<}gD%b$zQ*p=K3H@_Zqt^8UktyyX z9vew&$GE3E6+`ddMs8k-22>&$#j)ST>&m5X#_xAa`^&MSiN5!nuAcYILH;+}clqbO zbbjBq5A$iy-M+V{m*+j=;{D1vajfmMPXErA^oakPTVvmQ*{qjbvq-%qF*$8kIUTPc z@%QHjLWuROoHO^sM4Iw?gPt~7-77>Fhp>(BX5aEATc#xAksExL;!iQ>eOriH1ok>r zeS|W}vZ|3%`M&fKExVs$OQ#~y=RciqoY0-;}bUUR;i+jR(Qtlh;r4$pyv!3`&1u@2uS|KyHyoiQu{N zx*8Q%1Krx7ZSR+2-7w4>%#?Z+*chuv8KygSKpCs4BpI-9o#pB=2KHD7&=#r-k%B*J z$>2OEMRB@*d;Jp=Xpi@m^v}OD8~iKSvnYi;-Q5vvvU6mx0~0liRc(h}P_XN1mTSQP z+76ukD@W}b3vpaHcp8}S{B@K7HB3M)ah~(Nf>l8&Vus z2y!66K9p(YS6@zh{nP6*kJMXaKRn@iiZW5U?s?>Y+K^dFOVyBOt4d}2O5P&*$Cx2! zi&1xr5N|6<-N#n+;A?b!kJ>26?cbPXkI@IvnCmY)=?4)A73Iu)yh8?_QstB96zabk z5mJPohY|RwYR87~#kgBY65#fw`Fe@3 zbzfLOqP*+|rx;_C;hBjWUq-Nwvdhg4q8Tdf8yXe3+PebxF;EG038qT}hSN%C>KOEx z*E9&O4FkSWjbM73m?TRp5dt#lwFYqFne zXd6Hu;uB6~v9C zz02kAyr$a%UyBN%)a}Kmt1|UcIO=+RM`dRgCcmUG2cO!VNf8Y3y;}q=VLXYx-3HX(9d{o059UiW3q%@JIRcY+d)_HahLscJOqn! zi8XxZwad(0P{;9Z^X1jgVxe&Sy($MXCksV8ODIxPMWKWtt0u9zA(SJTqgrST5TB9+ zk-zi*{1BhmNCF;;PzTLmSyvZ@{21S#_FC!fzMlH%Y#hz86iP~fW{D~dNWoJRK}%&mG@ zGV^)rV#a$#p#_6rI!?qgK=quxo?)<8EXG)1^A{m9;Fk23gm-1feiroKjr)VAR22igAvazr9dvE?FK6(2UKMxG|VF0NU zHJ}5Av1_`W7QdRA@KRc&Bw0?)c}98prAb69iXA$XE@5r#Mr>yOsAwX|=_$25lfo&z zu4FY;QR?V$1VNJiBfGe(F%k&|mcq&<21i@G-+3b?TYqN=0y?qK`*oEN@beC;J1f-# zsCoBDN#ZmMYWN!nTn z1EnNyccs-p(~`)P;yC+b#a*p8*6csA%vjC=r^d|{_Y*!=K~lB=kEX*_cV2s;05MOw z1Gdv5Zo;d?u>l^t*9qO`2Vl>*)>1}elS==#2X=<~m1d(Hprg}5{@fg>fkZ%8z2F7x z9xD|GV|hCKyioK6=rH?`U`uEU_5E<}4@lUA#?ZU7AFB$B@LHw#Y=>>SUW0n{1$ZQDO<;L=bTrK z@8SMK7vhlgJ?pcAAUjEcS;<+Wy49FEMN~-w%+iDno-i>P1BFgAW(n3AR-Iwr+Wqv7 zLNqPm5rw=CS%ne1*HS~-H5{Z#slUD7(}$7*N>*?aNMpo$C|v5OaWHl+gk!hmcBt4EwdiQ>D6Q8owCx?OZUkAMx6V z&Oc%=6#AGXMr>vQQ4qlge1J~~3w8kT2~}ycm+2FHVor?b#x3AMW)%V`W@T32zYGGm z>v$HTxO-oVaT#ix^Vapny2gA z6dts6jwZYbteXzTeS^T;3eg>5)=7A!(HSV3*}BQklRKQUhn~{W5qeTb8&dV)p{xG; z1e~$azl$G~f)w$&H+s5emYQC3)TC}!Xxlg5#4vr-UvwkaH7AkP&#G~uTPd{(*4@_N zRC5Mf&dkt7HYV3M>rbcYZvD|Y?otg+cd=Fs?w|vz7NSF25m`)2o=AZy8dECE8hqk^ z)mn3a7Gkj$%_tuxz=+;KYX(~9Djyhu2W&->&AE3FjoS{-CyBO;?;fM#Gdp5!)!xI@ zR^Lwlc>Vd;Owgc5&wCAjf?1Ql3C~{JW>v){>Mx}AIr3$7i;*_-de+m$G!~<`K@Cxb zN6$t#9KArM>C_cqLe?_yQ#-1iE_rKucr?VDzh}{=yQ;c78JYcG@2bwKtY>8n-s)89 zX$_g-!2R|9$std*vMQ%$75^aYKc3li$V_!ZX=XNJB#GaC%jflU(7J11L4%C1;Tdt^ z6fyISpZw$ufE`B*>@Eb~+ui?O#1MD4R!|gkJxW1C&OtSqcWg(+K6ly9paqXz+7+Sq z0Y2GDTiRMGQa3^A! z%Nw+Sq?$@`k}{{(D$s`1`|Y!~$EZOPu2o^v>e8A{qSSsZMX^`m#YESTW(LXaXOdGp zqe(AhxvkZ3kyz|hD>ackh7*FbM|BIkAjM1Y6MSTXU@kg?aPkhupq=ff&ZNlUBed!T z!lCVxmBbi7JG@kZDsL-nrxN=Uo==c!{C^4N^-jSzfuAiR3kGnJo@N z0agiS8$BO^u0(I{tS3|2=!z5XUnrdi>vtVq#_iN( zP_3%L0DNkH`bw^i&W>mII*KSkt~Wo^AGpb}G;#NrI^yh!C46SWlN8sBOKJhI6?iab6Q02Wj zobN=>)#@QT*h7j4mzQO@+7cv3@E^q{J6#shYVT;XEi+kP-8X&Dr)ZecGo2;v+c|pl zA(COH(50Sp`Pvg$Tk3aG&tAmmFR9t;+ON|%1tNC01%>uNApVoYr5lynNrAuIg&W?J zu?DZMneQU>sNxoc`UlaUL2yOA!H~0W$K6ImwmcSATq})X%=faoX{_pNWju+t6$Z*} zz9++6i#NJ5n2EhLJ@X)GMxyo(Lgu%>+@Abr+=`~i$g6@(R<}zN;%OIbAj=zG+lygi0Y&x<+10PJ)(Z*()iWhv ztFq*a)e1J_Obbq0OFSxx=|lkW>2Wh2zvkcKlPc7)JzDJ2P!CY@JRPQ~sO<09`C3h# zkiB@YeIU`BR7!$XLJ}fLuo1-?6Q2}FbP5{1(8wQz~tDi6o}J#jO1w zTQipMo@J^+0r3OYEwe9?O)O4F`l4(D)`hvz+iXv!BKF#HP+8(saB{Mi3`h|OF%38MM(r}01au< zNfv$W!LTLY>~2+_R6YRuyTk*`RJytw3MMt9)@$`(IrnSg69p1eg(tIezs3wiF?5nS zu_<8@a6Rj$BQ0f~Ye`0D6H6N0E-8w0c9Ny4<*l(|k6I4L3w z9QCTt_<6GDOwzo(`+n|%=P*nm7^8|P3`XC@+)43ls+TxqQW{4F z39VxATRBwIk9Zv|?Veyhvrz@?z~B+10drGGWPud+J6{}W&!kt8kr6eBke8W1NpH*vCgzRAeW z1+`HFRy!&7teSW$Z4O26(MSMWZwofj6gl6fNO+=r-T*f+i|;eXvJOtI4l8SH zR1+5x|_?1u2U;4eVsAgcWlg zD5qCAUr@)4W=r@mrf};%x9_Khw6H8jeniF0iD-rTHz(7*;;AxqLD?^wDdsb}M z@D5N*0w>M(Kz=D4{$jN%tSX?+tpt-F?xatz_LXg+OQDKOyKUm`w7X1Jtp!+VDsStI-sHg>h1u&|0vIgB60ef(1E?FDkp*%5^G`W(5^g~GoaBp;Yf`|?QP z-ct^N$waXWB6s6(HUwK!hUVJHK$K&{8|UK&SC<;pxgal^R)}a`4fN2^%Aq;4V@?^m zP>70A1^e4C*rmk6LyIOBgslEe-{9@UeEgZJFaA84cwIh|7msLKQ{iokPbl_RJfoMS zo9V!yX(^xcEl`t}W#tZ)DI9GRaO&<#r2QC-KrT9vsq{Vs?$lAK>fYimQ@xFGJG~L`;9!#~Bu*7Km4RPID z8GG7c08o&*x+NM<9WWpylcf|vc@7mr?AOFC2(pDzU(Kk>&PgiTLZbVkX=kUX9kOv) zA&8>vu;nF?2}aB2J29E3xLZ4V8X*-?;j8}GcR*J>1h(1dCc1wQ<$QzBu?coQ5cYie zDvOBWBGohI#PKY$x#;QH4YR~%@eR?28L-#kQR)IHm5%JPbxKzXbw`l?H=b-ZI5Ve! zyA;%~t1raE&`=r1qGgH8-aR2zg$Zl(RUgNvD^Xt5E3!KGAL}g{b&!*(4 zL;cih$+J-zlz!oDN+_aQEIA6;CFKf|yk-el{B%`P7nNKL+%RvJmh zE9-dmwAEAiGI)us%4VS%mt3T4xHNX53F}{Ve-OFbna`=Z7<2 zs%L$se@$|p30s_57zaRLvC$IZ zTm7M4&K$vX)G0S)x?KThsOf~{Pg)gITYg-uLTMvA=jAGiAFoqvJxZesH{7ib3!|k3 z+0=`K-$j$V=wHYUiaZ(;9~XNRm5+=H*(tj{4lPOWg}5n%S^QK80AV8KB-6C4U0lo# z)u^YH&xd1`b_w>s=RwO^HVrV36@WMkI$kvL!liJAJHnyhDngKMzS4RteEORk$g2t@ zX{EmBmp`*Z*nzrqd*A>#Qt?yTLjCpZV2tYSiGO+D$p=xIcg@4$zM*-#N`mkL7Aemq zsauB>%%r@LUQxT~XiA}F=Law zd5OvLaluDS7dw_rU*cQh5pp$aCL$lHNuT2@a1lbZVD^G?{zZ`_cZ@t`EYH<2=aVrq z+RZEXd~{peGE5)>EPFz6?p> zhO+k}Ztuu9kM9BzU*LvtKsfGjelw`$8;GuU0H5}cn3|YYZy-+jxGuE#xqd7UR@{g3}G0FIHfJJjw9^ z6<9ZqQ~h_d0Qxm3r;~v3w*kbr06Og$i$AmjNl=}dSorr~)l0jUnju#|$E3xClMjVf zApe$+E&M2}U1V9_J5h`)YxXl%%ze5OiM(PxU((1J`-c@OTOXa|F*e071K>v3ANbLa z(HHxrO~4gCz&Tpxy!!Nx4*&iIkVvmKfR;tTQ^s!}K#_gE+pq@5U=?r4ATj_uYA_kr z$T&*MuLXSCRze<103OYCw8`?n7SkG&@(p|SlPt3Xbk(I#>Ie?|LqsZ_9RqaKR~ta* zZTal2fHkTFy!>;;ashBs#eW`9=x3CnxnEnR9-Z_B12`c7GE@UVhOk!wcRqz8Du8+f zaE?|MM`b+c02es`i1f9MDM>F6aZJY3n4H%<5I`a^C2i)f0AM50=Y1N5=mQGuHDxM( zrsd-k8+j6nJ&mHWQlBd{0C}{qoC}ixfRJ9S6DI#zTJ^lL)#q0SSk*=#0DQy&xUjYX zq^qN$`9?-9jBM!G)DXbE<6FQRJpX~2GS?QM{Jy~yFc`<=`juew;xQaQ$C<#3c<{FKtmYa3+C7F*HocIHl40uplhQu2+fPzCik+z7a z!BhkLxz#!ecCc}X3|=x+sEdBsIpP*qci2PDpCixA+3o^+ZQ%V;|Gg_inK)ux4e4Yq zxPk8pA$wXo!rc#l>DuO|pdScV99e)bdLgAsUs3A|r|{G}G$0k6%UESD&KIlrPJ69|95xgKNQ;U)<0V z5{W>QFQls<0#a{qpE7jb{dv@*n9(^TZW%JCz-3N_Y@M285%c6vKE3_%zD}?yuzo&>lN&f5`6#-(Y;`p%Q6( z3Ji|9B~w|Ap^>`CX3C2TS37NO@_eCMh`vZAam%OjZ#RlDRpeNX-B$6d@4rr&m-@KO zCVHKj8A`)?(ac6t8K^boQh6qMkPYmXRkq?Js%cs&o{Gsz@x|Zxkvc7*JJ6QQ9^1x|$ zmLKwuDd`j_!!cDzw-N{-Xu{zwiXPy;3kaI{Z|LrR22J=%{+IxQCXXH~XyhhNnNs*l zG*S7zIv+t3pC|sbYtn)!WoookK+pu+C`R!=L6hijfS}2fqGe<^Wu(pUX%p(9sjf%K zIg89XWe>-pD#2W1zt23;o7rok3)4{rYZR9~|` ze=-&>zo3Q7@l(8vM=G{S0ieGsSycktDQUr{i}E7p_T|4#i*>5d%1Pbm)St6RAT07< z>DyK#?wCzG*bDjkduZM4zYGh`{x@c#%k_U_Cg*hjU(CetN_cJz_akP)6!!0!i9%Z9 zG-t*^0)}xZRM`z=qT^&DsEc&cAD{!)mjxd?eCZTY4hPUW0U7O-<09TKK2!5p!Sm9^ zUq`uoIPY~{K2j#W_YQfTA6NaOJZ63onYK?RBVzy47u*J?*qey0X5FZAc{ z=@yU%Kljq{)lXzSYx#~Smo7scY>%HTkf8{Vp#gm%^2^y4Kp@ShTk#X>eiBH^d2&Il z{Bs*J#wblTrthRDfx}9284d%?fLfYvNVgfU(mooQqfaYR`|wvXSG@C+NV@uK&VIWl z19xs5LHARYN@!UY$U2j#yfeFrqTgg50uI!Ze`e5@zzybYQ~?MirOh!#1d6IlUM4&$ z62&+;owKdm8=y+Vt#Y=c`j3nW^su+n7@BO_FLT^r>#X-;7XX3e>7H&xB$1k(|K4%0 z-}h|V_+Hl2Ll8&){yyP_{ zzh|wZk_(Iux21+uiR07yTd0crHMd%AfZQpNOv~m>kj@M%stgM4rxb4wn7i)A9^HxJ zmBpfZ^i$;Baz$Oc5+E5!fR%y{8c}oa;Cq(SZ+Tar=@xrz{I!HBH>uC8W?Y?#5a&Yu zTgc1p#@P&&3vL+w>5_#A?NnVY0zR`zYb26hQzMT)!J20#>@JkC8Y|;p4?PIuEgZ&h z#tq-qNtR<(it}c>;*@_GNK+)Yj%{k+x%&J^iXphTb98TD(ryhk^=eRX7q)ZsCN05w z!;{HU{IzB)H1q5L$r6RTbJzfoY{~@PF?i{MItP}sP8r@F4Qa2pnGKv3xp9<2Z{C+= zi8NZUwp1lQe9vKDxEy{OmgpGZCt!D64sR{EG^h&@k*nGT?DacLV$<0)+Qr_Q!eCUC zb6`9pZ)5&uOXm2Z6#NcckZb=TVe5J-^r%iRM!D!t6idhyO`A?$6jjom%b~AQ^w}kS5I=-r#C~Wepi&0n( z+P?`TXo7zTq?3)>LLONz#Z4XR4Guphn$ZH>hIE($m465%N=u7d!(tZK5vAC0x3pNb z5VGp54+05K6+j>bT4Yy#5J;#)2-abQ+{)(w0tqZQ*z+F(sU}L(qUVD^%KRjdt|^tI z;`sms5|xzdE()L~AAmq=0utW>1=`f~lfdbhL`j{+^e5D;216TA5CPL_z^wqPR0|l3 z1S$w^+#w8cv}nU#lQm-VjJU;fDec?+>!=d5rbh3nBZ)uO(C1tA8cs(0TcUCC$m~+5 zh@i0Bm0We=p)lJk#z+2NBCd@Jpa!CLq`Y1;NyVGtpxfCEc^4xw8SDgFtViD%jJg@PhS zoaeCZN4QA%*MU+84#FlZ=wX7KIVf#|u~Ny0pvM&g_Kx+%4+3eXfL$ah9)is;IWQDk zVh|>kc`0Ck8dpy_kCM7)eZWX)o*eRP^SWkn6d|ChP|46ZaA)vy>jU`Au6Ai;cuS~& z$AmK8=o+8GORa=aNxxyDMnxVBsS65ybKrGqHJ3pJ>f7;+=Jtu7LVjk4qY6U)JEPRa zLnyfwv6V(s8)M@yaP*=TPH=`V&nBa%pvRY9COwT2605+PX&aN0macDcxZM#A$h~7i1q2Nb^C2cx&8$S8#bCfM)LN{dCEiOa>CCkBxdPP0?CF^@smIr$UXTe z_$BdhZp4jF4ituJ2+}28pOuVEZP&Lfg9R{)j5 z_*EK2P1nsQ9F#JJtqKZCXRnio9%|`4b%}^aGc$)Nm(MJRnmdrBh(~Awp`v$c8s)_2yiBCEr8_5&x{J}FeN9oof|3ft57JOl;7WMIee%}{39uI zOw*%i5&O$wNBiy{V*A{8NGBfPAcahE>Q0u&O`WMR9;aCi8b}IdIdZOt2q!xTe}R>` z7#VO4xW6!xAP;oYgPU-lO=z3i^$A;tXpp4^zUl^IrowX$-pahszCUesW2v471ggxS zpwo;XVYvv4FJoCZBiOV{}%BTE@%kJFvpv+unh)-g&fO%ZgLIPeEZta>DdeE=2kYpbM*6$4DGYup&d(LE!6E2nhCO?# zF#9&98E*HSHrHwPID38WrJlpnp1j}Pn~c}r``0jy5ED)B1Flc`bjUaGJDhnpIz7LX zKc__5<8*$%T&9_=NwaM5n$i1Z{p^YEA-ME@%wvJE3OUXF{3pYVUG`~Z>n4T0L+F{P zUw^B|&ZJs*zA~u;0-DV%FyCIVKR!9!ky`6Ul1#8njOTIu0wwX)^P%DRRGlW0_2w~; zRvk=9FYI#q_W-;K4)c~ZX`(cp2T`aJ_IhFW1l>$}Wa@!|JueP;fPKY-w6AjC>N3k( zAQ~5wURZriQu|jj9TgiQx$R|%KQWD`OIS9|ah_x}`fb@8GdJKI8Un;XjPv$^wdN(c zNUkzslq4wK0gMPXjQ8d`F$h{JbDGwu-{1fG^x}tc-YsuSm(o5$1v?i?LEh>-0 zoK}(*fpEO-kua4C-*IHniigM}l%!9206zv75qIM*2%!hB6lj$|W=0Gzf=I1zuA_29jv9ly@K}C^LVxn}8XMME;n{&2ehblrE>S`<# zbYIn$>e{rgfb;ch61Ou)gAeEqIo{8ntACU^u{TJ{3nC(1bc>NVgjHPa9#xUXe}F^O z%m8o*cZ7AKL`TA0Onc*{CJ+CoI4m65ac_~N$0!PV06{ZU{E$Z_J#X`St+zH{t9AXr zEcLd#qiWED4tNx@D|rbLYpx2;Wr~>5A@d*nbN7H)Ut^SZ9E3C<`V!mlL|&#y>4(f( zh%#)uD>Fl;CB&yTz>2JL2nPLfx?!BEM+*EBYU;Ic;z9t5pM|GGu zz$E39s&RmYW>34Ej-OtU?qkjFtg-`-);rg8;zRc$pw+gw+Az&^Dk>3?>(D_(&0or+ zMorT$+I)ik;SII&5-vQV^(gl;t5b7emrM{=Q?7~N5Gsih2K&9y~6AAaCwbbfLo2p8RgLKdtJ3Hm+#G(>|T}T zU}y0Rm)Ml#h0T=zX*KH&y<%t@3+meU(det_mHGtP=k4|F(6|)mMDzSapZ1t(i}j*! zp`gs)i>gHF^%}ZDY2|(6Uzbm4Oxz zdHIjutXY~4PdM(yM|J)so$oHOth{85H5ZWxH$d=w0RvB`sTT#4=7I333vNN_rxZuF z{vq$iSO^& z(mR-1&+QubuIi;tgiLkt%?;ju`IT!|u^ZL*W=VDyn|a8e<$UQe#Ync1SblI_vzGb35M0uta`zo|{ zGx?4~a(JQy?XkBZNO%d-{I1VoQaz|0s57iB^pt3rHD-@nv^+WX1+bhDHpm|MRC035 z+Hh+|Jo8pef#uI%gvklP>pM^f5&6i2Lh&5vt90Oy`Dqs-h{sSbFT^N?SvvVV0ltzJ z3L)Y$Xfv0SCo%Mr&8G^rSy1!Lw6qY|QuJSRPO;09FZ07`NNq-16~aN5Na6Lv3Ggg)9{n*i_y|B0 zMpLT8LMuR~xJe)2&^jH$tR?fxHrt^X6?!X`0>+o<^3Q+~Pre6B&<8lw`VTln<$7$5 zv2JJn9Qj5a`&X1%2EC{B_8)M_fYNBd_WPIB@-DzxC&9(i{xjeh{7-NQp%xB)ue})} zg#tDn;}aaB{Q!qVT9ry-T0zm)bf;gXSYeG-x$}E#6^7jILE33KRTI$SZN+t~pY&LV z>tlFa^_sQG<nfA3^ zQLOo{#UWBoari>Qtgy^~9!evXYAJABqf@8>4f!o$VVg}04*(8Hsef&fr;=`8{s4#2 z`js+dCB*u(s7EKPe3q46N;hpC6;?!@4n$?m9BW1AeA}dLuVsVX0t)Dr;&CUW=BE{b*MqH>9YE!KL=q6&+|}$H*zwB-oXT4a+Hgj zpJN^Z=4yWiiv%fYfp-9uJ&}6=PdOUma%@4__*oQrF z<&1B-pow2|*jmx=t;ZNsxrusP^`^ZeFgpS@&rnXYp;T{UtcS*gIa((r`veZ#YUWS+ zjz4$O;O+{g3M@@&`IR-{p+rK)KGXeP^zxQUUhsFnhEyD#BMY@)$88P?R@VI3Ct>~AXMzq@ zai?8iGr3=>_((x6;TE;HmIOu)Nmih&YtS*+j@YfJX-%{22nm*!8FxL=Mk*p*R+Eh% zPSc?s$(9Eh`{ey{Q zawqIiS|-(jy6y8s!on$P(%@Wy8nvfFo}t4tc7q6~of9ro^E=T!7tnS8W$<(tE;r_L zgryiSZT@0i4!N7omIWG>36+^a1-_~lsBot+^%ft4T-To)BjqCLQD<-zQaf(4S+^6L zzYZ8NMfo7R2qb&5`JAcniK@rF2yBID`wCNu&>6O#`x1i>BJ(1 zFFuI}{QyTEYfdVo?)KB0lNRcCc%fmZy8|*jNMhy78ax3`*(wq&a{|d%XeQlzI~k6# z>lpT9G`g!V6x&5Wp70xW1;{9rM9Ar4xH~uwG=Vk}X3t!163XAYsS7tl=`}dfY)RCU zPbWgfGYhrUuGF0AnNQXC^6UW5Ez}4(``7jWi#|s26|ewo`>sJhCV7iWD3zhk7$0y> z{#nh4dCop8d0?5P$F~1cF(exZ9l3M@D|G7DZuk5r=3Uv@SmuMJU@)h;cV~(H^`aUm z4U2_CxGS4!!gt&=tKuG-99`nb+}@4TFQQ?Z&k~~1lHP3GFcj+!n!}9@#l8#S*UY%G#N6c5CS;3m8I#c0l&Ae6kM@e)K!T&+4P(IR+hr z(OY|-s8Py;X0xhO?)#;kDs!8|Tr4`~I> z&bWA%qIDGp&T5ZA=~%WRVlH`t9;G#VZFHcvh~g3*3BSsNY^{WrmepKw>aP z6R5+BJEsxB+s3(JK5E*mnM1~!>UC*lx!fFka1%{qRY|Ba+7MU+w!*36Qn-}>-`B@Og(B;oEi5k13oF8c-M>9F1lE+++?w*+4>u@u%f0&Tyljw2~5u5NZ|!JGDLvMec~fFf8==Y139@Rl2`6(^Ai< zFC8SN0zGNCK zCEA}svjZM%&N8|Zy7+Pb;GrZ?i`$>ER|0_~{QiAwQ*;qW<_MJdL!RW`J21!RBfR8V zMdZ8*vf%?TUEmME%^rX(*I3FfvC|OprzaYFX6_*3VILF)|DQ08a;0%P2~_#lzq3C~ z5*ot6D^Z-KB|3tf4Yhb3Nc%vEv}V|eXU?FgWbMUE9mUwApy-&gu%nKZ@29oIxf7lf z2Ek}3p$5482F5MD_EsWdG+rrGP>lYc8P2|{LiA-raPr--gbCyk;-(_QTnT}&=C{4@jc3a`RTT+(DU`S z#vM2aAkDcY#T#nT;4>Makdhfl_6sg2iEqQx*KZ3 zTdEjp?pixKq+Mm(vQI>wNDqPp&f6!>STSW?b~mt~ppbkz zJ37dtrASx~cYld3j;U*&m?8Tls?gIG1GE6Nk7vI^21`f|NDd*gR*j({hf=7A5!1cD`T*#PZE82E&TX{z)Ql%_ zp+qv~-O@4?QhDdPko_UD_8(=}zoI+NT~ntA{4r?Hg1xq>+o`>Y*!!(ob!>~??mBwZ zcY5KpJH@1Hl#r9Av&N(hSgWjZUn;y|=Ix?Lf@o+;&$lS9-IRX{lfq}sc|Aao@n+#naPciepLybUseUoFVOsx%;>_=dIrop|2Fpr3ixlxM3Z zB}s+rBs2<9JkUvb*ygS|3RLlFgBOo5R6+ic3#zF^92^@SAFvhR256M3qV9f zX)Q-50$dVI7$SGo9yIJp(6d4PXxRXOv>GTOzaEYuD*0UQ&nJ#6*(9;%5qIo zXu3o|U25(-x4Tt0250nYr1zLgVO&Miv!&C;m6+gK;yP79a5;XqA zwrUkL?1%PMc6!C8m@U2f9X)Or;>8h6pKbRPu)eh<$q#&7T->bG9Yw+H@^N;nz=zLs zffmAfrNgw`Md_}h$YRZ3)(S}2S#!O!dK5|dm<6TnjzOFkr*#p8hvNxgZIVGo{o-@U zu1b_0u0sSJml}@D1%I)^eArEf$6&Jyx*7}%?SMHO_s?Svia09YvC{-3%J&DTY6fR) z!z?LWD;y#u+cO9!Ii)F3apM;6Pf(lf3y7NKf%fV;rhif_PPIIqg8Owy0;~VCqoG$~ zTXek*W83!C)dah`W!Qow0>|oCK&p5QK)Pw3u=XyEAxx2$_<74y%Y=`IIjhT4N3qUZ z)`F@g=SPu&Th{xUaDt>OgCIuinHVxpMZe>tx6A8J-4&kdjCg&b{?dofnAR?PeM?Ki)eT{z z;?$<4;%pHmC8y%d20ZhE#ZS&EJ6L^sNY3g58lax-lwB(doHF)PR2!u2)W~*Xvo=(% zwjgwh+|du*lMQQ6i8KCoe7hTlA%J%iqWC^--9{w{R8gNwB`%FYbG%V(h8F%p)$f6% zR&f6IC8sT`UdZ2DJh6xGm&|1jP!q`uu(U7x6;eWN*d5Di+3#}sCWSNs2g)T4!OK=? znk(?(A0e+1pMPo;z@d$#y0s(W&FN#9B21i6gf^%8TLm-*zFl3^E(}*&NuR<-F1m(M zYMEq(aHgWHCLb3RMzNpQ{Ghhd&dxn{&>V(N?e?bXUhkjvWD=%&zhSUnZ_N$m;i5SB zz%AUiSb?T)PBeS&)XJi!ZO+pmAko+wN~rQa6Kj`^aT$Y7sUIHE6+^p~P!Dl<`!!T) zRsA9z`qtKbHAgl`b>lq}CaX z{>oq*?H4j${v3Lg_aC62(T9MVBz_HOl9#1fS1`!;&l~y9qZr{kxfs^SO)j;U>SU81 zMJOky%w~7&LlRN4=Smz+lM1{5Yh$IkOyN>T6V!GclXRQ=?(Fs#*)CF66UR2e{|pD$Tuk#CG~=v9Os2ER*<1f17%UW;QH1JiMr zzOj87iH^e=S}85BNJgqN){742vsG_;eM#NE>X7;zs;0=Q&}(~JxiQ3XncZD)gG4bJ zM!8((+X&gY6~PLm2Rz)`Sl6iMFFCiIC&Hca%#v5GhigyftX$$lU;I)#2lhR;3S+3w zpF3h@85s&~IjyBWhgn%i-y~jdo{4U0%lENuH=?yOw`*}8b^YOZHI5qQJ>}4s1Q)sK zQ!|2Th0FCv%Ul}`jCl5Q^>|iz;5lbN$i0~h) zYSoK2sx^?u+hj=*O>y&-*Ul{{K%L({5>%QJqp{)XV0;lQ?b zMPCn@s4!#V%meBasM1r>>FW|@OM4f&-LZB$omG& zY&0YDFex%4BM_OBzKqVxj7RHf`l0<_ky~UA)<%IDnWw4ma8CN0r{jv7)-!NR1fqNAW!J>|#?>?=MEemRUt!GbD*4XK4%LX` zW${>8S!Caa@o!W-9O;walwDgdMsz1lz6CYSLrS(kJ3me>ZTXsA6iUrkRRS^?i#SM4 zjB1k3GuYx_)YLra&?r;RVS%naC^)NS>O9ZOV6eOij7yg%_CeE)@-5daMDS9q_M1PV z&qlqVUDbg|%RjNd;atFR#idTsAZVsZH@R@5&ESCon`fzPiwyJ1!2jyr75NV zOS>s!hkNvvAoMY#|L0-~%W35F-SXQcqBsO5Nnm2(h#>j4iP9n-nFufB$gkGQsg4<7 z*1v-6nW&y$(^H6%%wpn@VFhn8&x8b1SWeGGfr+5Kgu|1y+`YJDY*ipY-wz2MTvbZ?=6%(YLHt z-;E?FJmWN;!+tyUPGCNJ$rE;@9^^wrnj=NHQLAZ7n%Wy&Imow0RCYCh2|}Fpy`a>&xpSnpVLvDPJ+`Qq(eP$#bWvn zQWEvoh7A^lhIA{&| zotqbL3 za(j`gNfc?Zp>ZC0p$>r0>>=hS1Hz%c7h$y00_>r_Zvy;@(n8UHeY6eGF9-N-0n=1uoC6)i}2UJoqJkA5~o&UX(<$o#wl*aZj$rE260gxxucd$kw`SQt{ zMZK83cqFT*VRQ~aXWAl3(i5G!G=~>K&=Q?;0v4Cn@FI*mLy`GN3D0Rz;siaBd7MXg z0M=|J*AE~{$vv@-E&dPz2+>u12r?r8?3~Z(3XWp+d|Nj{N&rC3ozybG*8kK#S77$j z6TJh_l7JQiD+RP2;C&?|4x{j2aTb)=zqX9> zfaS@X;a75n3>Z=Ksy%f5Oc-p`)ck4U!tEw})3#=y?^52n9Rj01I>wNr5+D2`@FvGYCU#CUXTd zhLS?1SxTLnR`~Ytx67|G*N2iRL&0R8N;4%Mx!OJkqsX~^NJ4q4TOGqws}bQ$bL`h= z4UPQ~&8-$jM0|H*a1n`o-lTj@x8<~eI^0*bShaU>zB9uVnHiApqT(yf0Dn`z!owOv`LBVGJ#iyN2FXo#7Q8|`%)H+ct^6Qgmgl1wc0_l7Y0=L?>lHp1gv z1|mlPvjh3M*2fgv&?{wqqYirGr7qU7HVxR6c86J*fQo*$!HTH&q<4BJ%cqOS&&&78 zLIVq0Aw=L8><0_|)(7`zHYBv1Wc%2h`shx!?^|tbDZ#Xyz)c)I*t9Z$ccQWXHWHOw zPEzIB&^Xi>8r_uII~>!1I4=NVs74^7aUBNmrq?$hbF%yeQAoqV~9MgtkCMmVdutb!zZn+)^7 zPpo@a$-IZc22>A8RKPr9X2+8goi}13Uj7=qcP~Y=*>5ez0N#n+`N&MtxOS7qmg0M4 z^d59;cG7(4S{yfdK8rqk`7xk9u;~jmaqN5xgs~GhMb7lhY|Zlf$BOc0O(0Ay4~a^t zull0BxJg{1W2sVJNBy~1b1%1HFxdLFy;Zh(9Q6b*(jz$h-Kvj490adf?W|IGV6W#_ z7hCEyg;!2PFu%M;PMpxqvC@XNvg7+lN-{f(zKmVDhFo&!SZ)yS(JTJ|Kaf+~$J116 z?W{${nNkB9`90ObN*dMx*k?>qR)cq-t$B`|g6Kl+wd1WuzHJ~e#tpO10vp_`IlEXm zcSkUb=UCH-W+}pPUu>@_4e=`dU;4@N!|Pe-Cz(qaC$I}FO}$W@>Q`Pg;tE1Q4si!wl|!LkX#BjlG%t@PB~(&BBgCAc_21ksoHb#Fdry zrVb^b4gRta>C~jQ*fThTfF^mLr`qGzZ=8p?y_*hC`=@_Dgbq*WKe_ z>sLSsp~)BY=kcxI$I(O~C9 zWFx`J*v!uH(wW%j!~N~^!3D&OoSa%+?<3HqsgHP?JzaT_&7VsFrwAP7ZdB0 z{*uxRzMESct6HOtUG z|LVyFE69~4-t9Pl!1U01NSA1zHnV!Sn)SMIe8|yg#3BED=MHzs*2Nwx9`4+zm6W>s z95q)<*QnT|>d&79?`CJz<32+xHROuiRz*$A+CPNlUDhkJ_T${|w(CeKF-rrJgTiEu zDsnHZ!cqELKkP^~73idL`vg@~G)sCUiv$2?N&MBx13ezUDomU?tf@3Y3v0Q6UOdco5*+ugJub6zMvl^;W7YE?PUa%ZiBip z8u}489Jmd1z;}K)-5`A6y!O_^T#!O$=^kNWXZU9v*IqQlOTDRGh<@2G`q{kaa2sQ<^%0@rNiUOO^;%skqa$d){7TD^n+VnR82KGF^sYt_;M%`b z+eJ#d%rmOqw~O%H)d;!AdKh{> z$L;oWyii0$2PbRUiL)z-QyfK{Cw*GVx5@|Ks8%y=%PUX=oJ7<^q!2=6Sy|8OVyGIK zm->?qq=h6Z$nOuHTStwA$Azwcou|_+7Q^>FJ{F8KnMlHnVFju$ndoZz5m30D@Jic1 z(IW09!c{bD_K}z^8A8D-)hvREG9)1duvH0B!PGtv7}fqLFKL(~3>k~4GyV2K_6w|e z1aTzW^!#LaIuq6|f44>d@LAq-(IMWN#;IcgAA_L{U}rBL=Kr^0V$d5 za+(poAkDo5?-;C$eU++XZxIF>iU>Th^<%8;jQ;K^(Jqc>CwLu?tGKh#Pr!g8-*D-g z7XDB07p%=vZ50QA1V`%4!8e zoT;ktJ10o_rl207OA9i;7tUX<(VXow*g8nU$$oCyx5|Dw>Ge$gb3@9dF6hchx{;;7 zxPy;sEP!J{4hm6w%%5QMPj!Z78+0?JJ*BylNt=ixIlaaj4&UEqZ`Na9GN=hIv75L^ylG>7G|d$>p$?c0TV3`Qg&Lz!!{#(@wY(8Prjf4`*#0 zBEc-M{H4x7|7I>W3<3RNWLmkK*C*vRR7n845Nd9H+6?kaC-KzFL5ZhP4V}Mogry(Y zcymcY792ziPCNwI#F;&JL;BI>?V79?8j+8g&@z;E3I3_cwHBLEhC?)?sPYn0+vj05gbgmS}m z_<7i7r8`fOp3j^`b1vTeOYIjOWtTUlB$wF9zP^r8bCoQcQjSYbKS4TSEjHh-*mNGT zSz81h7?Lp;9ZntZ9pX7Acq!!oc0W}idjz@@8Jb<)_y(TY$-Rl^J-z+hiqYrB+u=p7 z+4ti5=Z(uS!6p~#^m>DFtT!Hb9lj7PZj>iv;F||U+o{8kg`PPS{P;ycs4pDh$uF}k z_8$eUZc`YrT#NE9rT#N+Ah#E?%>0 zdbVUO(;0+w9R?M=-VNLvs&k94beOYf&-oa#byE7e`zY_o+&|;FHSZ=pDQft-V=3JRzB2hkZj}@#krFyx;?R^ha z;0L(fBGpAwdu-ePh`nCX_NlN(iOhm=wTC=rMGw%HQAOq7IryD)&rrEd9W?RLD@vWA zey1mKJfgMrS(A&mItmTz0^6JK@s@E2J@WIkT_9$mJoIArtMabKq@~%l7(wRMtx>K$ zT1sLP$C2_7fu&H`1v6UO`3f5dHSGD=&)*KMQ;2{L$!GGKqq3GdqxgLo7VgFaIF$az_Cv?A17Y`s!|97D-aXOo*|82?1h8iEhLqrhwpgYQ zxS*H!d@HzdOIp4>mD*9`c-^RIzf1h=KAC0VvWwhobv>otQtkAC7jN2to?t4JcH$lI zG0SaIaBh}*)(Hrgc*qBu+eL22^Dmoj`e^rE>Ld8GyZpc7ZzcQWemXSf)yOSBgU)do zA%1SQ0WImBp6E8f+6`!L4E}?nt!44L=et?EV*jA1mjTQ`hy2uuPNC>;6sFpSnF*<` zU#)lwzkHK?jvta6Ha2nF*Xh!+b%on~K!ccI!Rc~g)bgyD%t#$rRe}Lp2-ZJYM0J1_ zHRrNmg;bDbF{z&J{lK57 zgM{OJK-%hNICr;SYi5(HA?0bNd7V>9QAJlb=_2DJ{^-;qBPIB~L(mf~k-z!Ln&ai} zF$7ifhT2Nojc+boy|@h)HwsZOjUHAPn$tAb=44Y(iM0{0n?tBdL|mK;8O443fy(UY ziHGFK>(V5Bvo83)ktbw##&@!&TH|9&y)`d$k>z_CZufw3Fkv?-ChKo$i(Bgv#rw_$ z^Dq!&Rm)}icJn*r-g9&g?6K{qnvKv(6PRe@)b_>itTNI@O7(hLN3ko5FyOG&KXPvC zWgyejw5MstDma=LX-97}-jeV0{Et|ogcs#8(#f^VYLm0+eDg&;uqv#iiOz^EC!&rH zQQ=AwG^d6Z$l-^i1>|p&5RYJTAWqPD;gc?5+z{RHQ8T3(S5VW+8G(Pn#*@0No^>~l zgtlL6qGblBf%6j%4$#fY#=)i#(F3cX^9Pmefn84ppZsG8r|F3)J8D2H98XeEi0J&39d0u!}0we68rC3uwU=H-9tXwQv;J+cQvesBYrXV(h|L%dh8-}!x zYhYsMjTt%KW;e%I4)0yF=$kv@xD|GxJz*)NU;=(38-+GI;>&Yp9{h=azS3$M)5kyg zM(K3om9mLz`g-=&0=#b}qMF=Ya)~z`4I@X?Z!lE}?41A44GeNA*A? zb{xb?Q7Dwodj5DJsYL9?-#isX{6KO6Y(-lYpQ=H`Vb>MM9^~o)jRp9$+Sa09e(pfH zDOnXV&;lEZ5S4rw(F_+T@<9-n0mI6ES%ZtJUmdw+k0~)`*yM7@%*`4&?nNm1HXWUr zT)B;13`Ys|1Nv3ny50@w2R^nq1nZqFS(Z(CYWF^$?x}@vh9AupDr$JMCv4O=CJ3?} zx){_%QW-CZfHC+D3w`w!-#x7%`)_ro(eDi=sHECR^(1KQizkmFO`0sY+TiwaWEJ?o z5b_!8I3p6KEX2n3D&7@83f5GKuYR0ZoKCaUG&3PgP_BCTH+q78rwkTsLkV8TjsVAnMtuXkTeO@L?+KB zaRyE(LD-kScRHHwCUUMXZFYica*>im28gYQ4o)s+q76?#!)Z!T4#^{t3c)vQ{CQgS91cDGI&)J92bdr=vDfex12uD|Kmri9#y&GkIT>j z80$N|dkbATxU4ge3ZfM_Hl)AKswTk4pcU8Af2UX}Yq3fT1|4eP0(Bvx366cuMiiLj zw}ICJSA@Mt2N0|mI~u=0oOG~1Y1{RfmK`Xq5%=iN#%e$kGi%@-4atg7?abwqJOn1g z&&De@nu2#V>g|e zJv9En=wREUdDq^<&)eqXO4ZI|F81i9z+1@e>wT`e*sV^U>=m7&XG(DMnRO zF5UaZhxJPs@n+^c!^@UqTmJPG4Aq(Hn&(&9Y|eT#>)_Cv^$uH+W8xS~UgzB*4xW{S z|B{QoY+YG9=-MBU45xtmU>OxLEDAqKNu>msh(`_s)*gNkxmHf!UrO#_ta{yQJbX-*H>gp8kO zdCnTaT>ixn7#)nKZ*X`NVEuyD@K|ctyKpo(Z;eqRR>{?!;aYc%??HZEEpAh#cx+9G zrp-W2+)qsWEn5{oH~o(-U@|Q6MjDbQ!US0~-IA-UXk}NLkk{w9t;${CH-E~i95h>f6c~sRQbOw=cPw}nH@Writ$F8A5&9!V9k=BeP9-myZbOK=7GoM| zo4cZr<~TZTr3e2rqa7t2dLbFlHFsDVn7SZ=-}xFbK9i(KfvJ1n1Z9wB_*Nxm(Zvi` z$w@8vJ_i}I2gW%fWeNHi5gFK&WUDqFErEg(Da{lY5QOj-_=d948-%)uqG=$LYs~%v zqVlC$Siq?~$MSIC21;O6(zjWkT)uzBU9@2(?Ris??))wZiXrr4*LVzoO1q+|czVE| zfCJhnLB)-l%ItqT395uh+YOwJBfKM}CbCj;U*CNld{(_P{zWRv5N(uZnr!bNvw(V* zq!k@d3K9}=wq~cEgC>`bi-Pi>);dX>p8It#JGK23f)^=r=7m z9-V{1Q+Hjmfhy9;Jip}whE{s$YRsJ74}s-{|9%BB&2Db$l^sC8Dd_0*chfT+Jh~{Z!g`2nYBzWpCIdZG4JZd&+}-ndY#^2Z0c{^qVz#H)(MGqP1O!4jrPa3 z_6+O8@by!-AGQ*7OuS&SE9P6*5^^2D+t?^yuE!zRio%F=vjty4r(GrkTz7wD8P|P_ z_%ACr=;p^$xqDTZo$B^nqIcBI>A=d~R9(825hW+A9v0}o37VK!h3-c_4DTG#dnxX|mW_qBGtzaMYEA%t#szAo3u0~e+m6A4VC;cCQ! zdR^f1@#nmDTO;rlHZ~Ok(Mb5aIlixQ`PhAVogbMm3bq^8SDQVi>$vPJg)iOGYR)b{ z3q+>1uIZn_E1t8u0xR14j|$-h419zqSm|vVs~b+&sHFz(SSeMJw~0#q8htjLF}kh% z-400Qh?%bnt|hZ;Netf09ZP#%>r&7e4#Civ;p&p=mMX@}S9!wVBxT zof(Hs8j1pcXskNv%u;$wz;Ci@7k`_#icU;##51$A$P1@HC}E>f#0PaK)dsfL`Eb2^ zpDu1DQx``Yv98Llyh&Kjd&46qb6Jduh_`Yp3M;`12!fr9Zm>Eds2Or!w<~PkYK^Jx zDYrxFRhl4T>3L}SLMMQ(`9LSIJY`9O?ChKeKFu$&b`oZ z2G3iW8T82y`i`oERr>=sFrmnf5b?1wd%0a`LbX?IwWGTo8*k@YQvl(D2OCNU=W=PX zuh5Ke00x{-fw1_X@;s#+6*WhL_ni3F)bn9AW1=8oeH-wafPG8Iw)f&g9&T~ z0zFs>?Bs+xj2Z0ktw#TRDza=N!atpsNkMD zc8F;9slXwn!O$FaEa_iA3iFm#1&T2rst$aL!hMWc6gi9dg#1&`J2iA`Raw+3kVP|2 zw7$9Gj+EKgZW;N@u?!?Jq#M6hNm$umM#A8D@(*TDfHO+lnVPsRE*O&k`9GK!xx%eJ zv-xDUASzEcP}Iv7qjm^Hv>A?zHA-qZ(-YLgWHf%Cg+J-pAy*P|(TyGSwHCokjG}6$ ziCy#?zdBjb4^`^*;UuKSmp}o@t3nWWz^$1kjbz^yAveT7uth;pK?OFJTOIQMRvCMVrdJVqKZVtUQ2%vx`&jaP0NS+mCN3f6zx~l>`mcvV^WQ=?A z1|Kw11t16Zwikfdf>8Dh2S_akZ5$Wqik1~UXiE5=tq7l}ITqFTkQQUyxu5D0^G)rm`pmhoJ}R*+{Ck zFQUAsAOEYpL6dUf#{sHMrjql5Vz!r-3DeCo@a^_Eu;Ulp2JH3$T?E;9|Pg%rSprnI6h zs6OO5dS3Kc-Ea#I)LCl#0n|eR6vdcrCH}z&1~ar4Q6_YKw3(1AG-+sIAJIhAArKt_ zH^0|c@l~Enta>I=9R0Q;Nbhs>#|EZ169$bVUa1qsjaQczzAJ@Es0u;Wvhz2o<|``xx{c$e zv|3#hE!$Nf^#f-IRTMEcv7YWZOrr5%tTryPkImc)`V_}plya;2$f?a-)c!^R7I}ul zn>Ne-L-UE1GVR-XK>~VmlPTaD+eJ!c02aWte*5oA?}XLTS~vWJVc%-j^m=#bf~rS= z>I$RM=rF6$@1N&o`b?51{GtT6ER zZNf{tS11oOuw_^u!#Azpo!BjJasJSVcMMw1NP0BcH0+YGHgTfJqjqyVIo$QGLDsyd znjovFwaH;q0zxMOkidY!D0bY-V?MEsiMlO3%zZH(%cyAOYQ@TUr%75H@(cqNYk$i^ zJAh?2d{8h&06B5b+}VrDGnW^pz_x=G-KZq)9Ww0FO|&-7{j;vDZBtn2g=eNL`o4kt z)L2~rVgu}k4}Y_?g$)QT?MG`77(9AYuwvcbj(~4dS_hWwFLTR9*LdKls_Xt2TFRy# zlhdDLD%X@-j)E7M{mkf5z&n{^UUZ6bY4j!Xo+dD-*95G4#T$GXk~ofGZCiFZO#2>5 z7X~g>t@W!6@+)yM$AJ7h5L!l>j^22^aqmku6Fl2iOt!$kqwIfVU>yGONbt|&#%eeD ze=@K*Li6IW5T}7N1JqP1?I>cn@czTx5T=#|G((jIh~@+G%XJZXq%-Vqcd59+P-Ix$ zO(8hDk1*RiXaMN_UD(KG|YEHFzxwg1_`?-mMifa331KWTO zPB8U&+M!+aG!3bQX)6Uh5z9qSB=2mvo)zir-GgLLkPp-EG;#NJW>Kv8Gk)&Ev=tQ5 z_>nE*Mt?Bj1&=hYvX*^zj-Tdf2&l^}QnV@!JtjM!Sf-9V7uZ=jsp&1SkhWLkR`Bm< z{62hQ^M8SGn-UJ=o8ri{e$LPk(V_5YA@OiR6lo{1mw%nSqAykpn2sQIwO-b0J3Cu* ztj=uYn!&3?$v~m0NXQ!&_&Kn}CiRNr6CSIohYieKs1ud4n#7+syN%B?eo5G#&5R`a zTr1{$Z5=8sd7T|o_+!UbUfq8KIyiP{wCJLj%6CI%in0#DBW_>VR2HA&2J;~Sd&W7L zTU0eGKRIp#J_-_dMF&h1-X*l{LVkk4jN*jzA(7CksU_|B)D_=ii=QJ}4fGfnFMSsf zSL*whLPG%aLYw>RR=zij<;M1WuW*#k^TJc>VfC@)q#nnU+4G`cbh=hFR`+3*6;K-O zLI1A=aLiW^uj}LE72hTJ)uRqMU0H^|#%$5_H=BI|l!s&ALCMMIhM)~uCMsYdb1sz$rK4Cm_zfs0)cI%rS?# z2vvG#+TUJCs2V*iPD->Ou9SKkO-Fe#5@hd8~hZheuAc0=<+i~4>8 zqTe(pek|kNAAH9r;V7HjoR6c%t}+tiz#{LCZ+BZXwSOf-SR)M|(*Fvn-N}y^(s|=* zBYwnd@v`I73$&oqE%p4fT|1WnaVw}@ogl#K@z+)b()m>9r)T~4lYJ`wfGSr8$`cAN z!WF)c{mRL{ePoQ`BSa86ZYBtGj`}tGuUjAh#FH=h3u4;AW1KRvW!A={VEC7pjFiuw zPr8nX?Q9mWPzRU9&m{I>kQemYhaB%q%J}-kc#y)EAmD}9+Hvob3|;K!<{Ugx@UsLV zPub4?6*2??k;P36GB^R1Cg1_A@VKl~bVl(37qHTg%qiSP=M~?h^^7Sv{?iI5k_Hr= zaK3fk;YLg5;mnjGq;j}@OFFqFGCcQ(Aom`QS17?ft%*)A}9_qIeQ&v$CQYSpGz~Wf7&{bww zhUIae>Kl<79SD$bus2x22E>YP(W)UtEr9?cL^XIB4C6hU!bP#`B_Onhh#oDGB3TUM zW70*3h@v%$02@`JH1q%Mw(;uFC<3IACRPcdNh^F>N+}GV1=PQ&RN=3#_=-Am1F}n5 ze_sJAguVgfp!WXT>A7nkiQn0W&g&XP>v_=y=%b>s+2VkrlX_-A0igFb{?~h#02_w? zPUfZ`g=h|iu>loQL7y zICBQMKd`NYAmJk1*|E8H?*sWG0!34 zTL3Agd7?A%Hgir*3kAnz0PhHBWtV7tUhz36)ECbO+~!_PUh%>I+L{6oWNHbhv5L6u zUyT~#b zFmum0$sS82_83qib#eJ*DYVSe%X$w_Yor$yL#dF7Bb{JUDnOgQ4NRi5!#b^T>t71V z*}MqyRJ$vV6-M3km+o2~zBs@n`AIp3LZO&ug;34BsT%ZbmY}B2NARR}_leO(#l$42 zKFwm5%kJSQC^bG$eVzi^$~@Ih$nnTee(xdtbXMDA>9ZfiKi+LF)!X7-+Dr5-sLjae`Kf&F zhYcz9P$m!GHtJnk?w_|>lC+QOvUuL}YKUjB~Ow5*VEl zti3ob-%b)hD(Tt-uyL~WkSC`j`fj{uA#k=p7J-M~K^xw8i}5zAIZo#nbJ6;`e|<~z z&E!rFj8l64ifbtanw1`eSHKrG@(t_AXI7oJ90q~?E!>(n(LG|Law3NT@@$ME1M8oC zDHl9Lbj))hf<3;S^6jcB^7Rg+vvustct}on?NYvhfU}%6ErF;T0zU(PY{vhK6Q<1k zznpMX_y5NUW2SP0J}>@p!hYuV|K)^4;0=|3jrC04#@U72@^<1AlvCtq;ieX#D$L&= zeP|h|7qdNUMZaKEH)VynHsH|ll@x(_ejB^*b1k0@QWWSgry$`XyKs->W1q?3og(nU z`V-Y{^8vHktFPRtzrH*i(P_Lv-&Rm)P;vn7$CPPqWUd+{@5SqMbWZpoX{h+LndqkJFJi#} z8BoyBEm&TYiwVZHTUGCMKgh-ss%|Li7Fr#f>FYG4qWAuRLV>Q(%U}05KN1(0hL`Ds zq{X9B5}ocTz2ec$^G_>U0(s|yBz z9dVTfLs?C3DWONGplUz`QTXcf>5<&&&ytcx-L8pp*axr8ro(Z=Ygefwjnh9^xXn`Z zCdyL9R@5`w_Dfa%PlItk^xlH_J^R7iw2s*r_B@zMZ-4f7-0pnx+&mhs?&ak)jc)EJ zqZ^BpORF$0Vt{a%f)Vum0JmJf6a1G0v~vi?!Avm(wOxoy8csw6@cVt~b57#jx~(sA z(*mzP1b>?^dEd}e8#MUjg5}{xW>j~)K~=q%rPMMK{EJYyH}w<2#Gzk0X|^2 z_rjI0YkyD;v{)~`=2L?p_g2V8?7|@{&utg;Dg5bL&Z`4(|!x^c}|q3odgRyWm?NMj9;PMvf&#h<;>k@Zue)qgTD{J1d7aV zY?Q;1!ehq(3&9QiWSUI3Zc{_A@O3BXFpt_s%5Z3a(Ir|+!m)!b^RGP>lGOBgRZE^* zwo`il|7d&1;L4(g;WF&loup%%9otFAwr$(CZQHhO+vtwjv6H#!=bQI?s%C2D$JG3| zxs`oTshm2ea(C8ViVpDBW91QLu9rDP&hp5gTi+@iM$Fy*bwK|FXCou{Fd$nwli-gBTgf4$uRX0ihU%)2IP4FknzuS}EN>wO@u^#Ue{fn+*BStxJJT^;{G znRMF3@X|yNC9o`ETT0!Ibcjw@#=0!}9&3Ek@l(hHuV`CeuQF@F#N&wi-d_lIMVIRY zvELjoYs^}&vMdn7fG}mGBg&rc2be6towBg>s&?xjQFF>sv+X?$cX+b=L&FGiX^n$x zTiXQVFq8JitZ%*yyX@-i=67qnC^yh6%uCGDX?mjlZAoB29*Vikk~6E)QEZ|h?tmiy zfpQ|<95Yf&;Jz{yzYh_KLNBW1BE;zAq1N3kp&;FBG9Q(3&1?k!DV*7I2XO9oAXg4& zddeS47B>midv>-VKW;MB;-A6qE3Fph(mGyu+)vk@W)GSBbrPIVx~v4Xn*p&+)gOdc z`On|R8UQ3@nH3wz51 z&?I#eM~NUTGcEd-lo%+JX*LQ2j$A;ZpUjN=AitZZSUMoPE-wp8k8~GzGT&_IPs>+O z>H})OOQaxd%{{*iV%?&hhrGx1Q5@W)IOs2g1EZ?QSPQDLC~=Nef1TeLe7#Vc9vi`2 zwzim=0=;&n6BS|PB;~-2!`!Oo^JAwnZv5>bQ?wWQ$-pR>ZlDF2Efo!MGGx-qH3fe3 zU@Zo9+BgcE|DG!6qO5(*PqL#(EqzyB>psa)Ak(Y`19D_=V$R0Ua7t5Cm<_e{J5w2h zCLsknTIF461C;7<`WbIR;DK3b$&$qoT?>R=3hwkzUwhvQ7yu%8;kr5dRU~yFVyf~? zZ#|4FPLLru$YDE5OhWuZ1nX9xQuRvdp;7>dAdqEqjrN}U8vqd$YXl&IV(I@UA~K{K z7`I$VKbuHf#lyCK(?(bw1j((0jdGM3B?T}U8+ILZ^@x)W1OD<@T`-Tqwf%)RdCasL zCsK2w-ahParkO-5L=rR=<&diyUDJ@=OQ{TsXxVq1YN6{TVI81yn%@+IoGP02P*C^H z?d$^d{H1-4DnB|oMx1bk3u$-&47c@WcG~#X_AW zxOO_Q$CLlK(yXut>}As75RduOc7<*nkIl_~d^Kdnw=0!AlfJX6k0h%_!g9ZH;BFVl zGe0R|C07Ih^3^Hd56jJD=|c66R%NO!=Hx#eB~HI6IQsLE(8e^o+qg}9TO4qf zKbb`Y5I)D0-4@T`m|PeSfFkLYv6h1cvIKznI{9M0yzjFnvs^EgV`V!4gdc46>MD07 z(625VL3XsLvvA{^zvW<4rJBBasExnl>wur6=xIWeipf%pU-y{?OYOY2|A+d*MJFnN z^PBY??h}ZCo@5uR(jKxuOYl84xPL@LVI*kC=5arM;OGr2c&KVPZL*s;NTbb~cuo=E zkEax5Pz3!WAZRjnQ3fPW!#K?oP|M4Mp^e3$F*!?SwE8aj9Zf~fR;&2DH7vWJAwXuf zN{*!FRK?_`i~p_-D8{6Jxv;aBUCQ6^itI>u#8LRDG`8orIudRn>@Fw2$^fm)4x)Qa zO%CS|AD2B>jBMl3?~X`NO_W=~+GU_RINv24s1!LHTwuo%JE2-l5yTmn8MpJjA8RrS z@=`l|GjlfWG;+fSPM3PqX~i>R-IBbtm4Cx^T!5=W=6!IM>?Cd-iloi5PA(p+!n7+J zU5``Fz)4c0SMse0Z9i#A;qD13vIR8S$|dm{S-I2e@bDWxST{3Y-W~MzPBhCEiT30P=gDYC9|?(K z>cIy!*eB{%L#827x8ZpP#lK+0`Q%|6RrVxCrIdFA_^**TQ`^~`-D`D-9S&=NZM;d` z8|Yrm$wRK*;^tR+Nr{;{GEZq`P`QqeInI#n=fN2a1@WHBa{i@fdtE5`{p49HM2JQ= zy&~2A=m0SI(Q<4q#{KaSl0FFsM?7z;mcdJMgX8NXrzh7WecE@BFa8U>rvkyaPkDFR z8X|$TI6VDnCm4CM>qrwhbH0o8y{syvN^L@pB_zFZ#V=QAFfAD|gadw?)t&iO_pHUd z!a@sK-ZWRXEDk7Oxbvlu9%yz0==P_aV+?LQ1yh{54~ zn0W874(C^r6qV7j7(v%<2WUJa9*Uz|z}3)})KaMyTN72Dng+mu-LUL8S-_S*~^|B_gzZ`M2Y=QT7E#C%OF46ORgKgopf!Os%bKCiM7n& zc{!8L-_JkaO}5QjGOAH;dJ8|ZB9v9)%zaol28_-T1Xl8hGb0#2Culv3Yz{VnSdri*x3 zn9k;CK%|!Bt4aEWfn65f$q&fkQgL^-PtQ3#B`J&CJyN%^zX_~(*$j0ouBuTYs%%td zVp(c6^R!_+V3czNagI!pjs-`x^)*5-Cxe)R`*lgFr+E(Jq;nJ4!?n-N?wJ*LD$2y$ z=5Lm|V}_8WU9<}`;;ZvB9&#PvuEme?P)OKLI+P1k;$Lf&fxS?(g0#u7xtBw_kYjtz z3l>-Z=DgFaO1kG+W5a{Ut^}`K3BY@0R4eZAaNaeWkb2eLQhtiKe+ZRX*03w(+zffR zoWiAd*R3Eb^X}Z~f+gTnH=?f4Zk53Tdbf|Y7Nl)PMIw=UgSzMEzDlpQ#uC|nxq@iY z(%Q-DJN2$o6dqF+q81y1tK#Z3v1+Cq5eMfgg{m20k43y)_Y@vGWFjgWc?qnX5^mTK zkwlc;u0~uijU0c*FEKa*Bfw`Ay%|rAj8N(Exb8qFdtaQJc0);MB4n$X_!lKz#ABm# z#{oo1%RUmjE@n5A=Q$QB7l+zp#la|4oZ%$B&#~((ZVdwpwZZgZ{i85{vbgRpTXRpI z0CXymTk-Q?9{%M?we^a_1akHI0m?VX4+g>s8J3KG9bM&p42AM&)JN<3l+Pkd4su~l zg~W(Zo&C?ok1)o^P43Fn5Y}H+Qbn<2YsiCn$;`ERIxFMC?CB?M*A_>H;^r#nEVWIutST z@&dgfok62ebL^YQ+~#dlS;y8=fGjEW;^@9jxxOww-r#%=?O3_1;Dk>0&Kpe5Xq z%#k`y>NrnZdB`^RdTpOVM$7&?n=s)Y#)XJCANg>oQB?yW?$snT=}W;^3XB#Ww>92X zvC8_ECS&=XzY%Xd=-(#AQlOc%rg#KZ8hGKJGUOojpp|hm=>c3=VBEV4GWf?Hq(@;i zg1j*N>93@{Tz-Tir`@=1UWA3)MG@d7TgXm${=^Vl9QSOF7*+8M$n@mt`z^t?S7U3@ zbc+iGq_Jkj+A@tEXL}s=m+BIjTpLcAyV)W@H-fF?*10hYaemD@v12foL$nA^8dGen zc+xqvy`GM>(uq>1W@;UORUoftxoAVGSMg${q706eqfgw6Zg&vF4luR8uf3+zJiMz# zyR}lNUV2oL_=}YHQ5hmQUf!FCGAv3Xj~$(DLiDAR5{*O}nA>_Aw${c_M}`BfOYhv$ zv&~{Z(1y;b1{y>?B)lSp#kI&$2o=Q4@8`Mxg?z3K%JFdbY7mxFO|Tn^Posq`6SeWJ z_r&cq(|4qnqj~%b9+XoSa%bJiyK`k`1aM?V86$e2eS~};pDf^aoZ%zu zC)z0EtI22e`J^r*sw>nr{m!E(4Ez{f1eC!n6k_7`{C3Ok4Ii2$8vM$gW-BT`e~|R; zavGAzb4q2{ITs3!06t0i+W^r32XT`fW?XIT9MezBC63{-&Ck8sO!JWQ|2bjXG?T+t? zf~)Vri6=*1=T$Tae050`lKo0BkhR5)#w#lTUDBj_wH}rqBMtHB>K&pFiqm3M3$(kE zyCB!lhEM;2OLE-jWh()EnTa@+02ok6yAwE^0i{{tCG$wOlW8N8oxaf;OGOjy0vJ-< z5O-WYAnvsl-lM7wG_>M&_oZXd=w%mp|XuDLwhR1)Kmo=k`m z;5nE~-7Ce>g2oeG%~YJ2Z&3rK*kmv^6&h}W{jimYO2+6Iels2()eW^j8C}B}pYXf# z(n1%6AonP!YxPBUm}S(ve05B}d@LsQpIVCCJKh~PD<4f-vGBo<9a7kJ=kQt%@v&t5 zp!ZON*w!f8qz6%VjW6srhzU;Mcn6}`+aoWlX48MkB3gO?#e7cm9$n0kxZ~5H#!dH>HFQ`DD4j zG))!+W1yw=-IVEDsF%^ew~^k$PQ5@MLlE!GJQsnwzpuUK>O>SZ-RC?f-sx1SsA4M2 zT7ugw)M*Z(*vj8wut(SZ+Hhyxom6>(4BDN9qAZ8Thx@TD|6cm-K(QZt>;WAGCjWE@ z_D^()WSc@yQ+j{}NvIp+V{?;3wo2)1yXFY2=TH?{JeHpAfdU({&#S|SNzX;4KnFtw z+C*m(-DNLaKMuFZ10+dH^9}V##)|hs)a@XY_(?syIi@<`>%80U`j{9 zA0cMmv7?v@gY^p*+E>jw3RgbX!Pjk<%j?Zfe49{=%=7}e7UpQxtp#I23vED^VbwpA+Y@+c6L>N0&q56!;;z*Y2s`j=L>&5?(uN*_EM<4M;lBvw$D<@+*Pwmbs{Wa(yZ}D17`d@Fm7LJ4#ZHMO z8x3~u%10MviWivHVB1-*d(Uxq3U zlD7X3hN^m&I;Eam+lc=gLscyZh3@~=P=#^OtzK#V|DdP}2mvjzhg`tKw9*zdkhC<- z_<(`RR^$yVcA+Y*eJ%hJUe3srg+TU zwayUw0!01D3eHZ>wOyy3UyW=#>%O3GV&>m#&%F7;i%C+@p{>fCKZ~U#rCI$3&;dQt zk??A}VhOXoO-(?LwE2D#s$Gkr8nCp@UW%QgogkxtmaXmb5W4b)b#at z0rTNBheF3LvW{;4{MJ>UqlC`Pc7RonaYT)O>U*w z)YC`kPmTZI6jjXDE^rd%iLh56bWvSeI|7H5oyBJ5UpZ18#=1>oyT9Ze7H7Q2X2WZS z9X()2q^dcP;Ml9jfE?-ASB~_Z!yI+CQdNJXy$n3BT8(I>kv->jv(9r>d#{jKTxyiEnE2P!B?&wUVJ4pj9j;C-2l0kGqSrUa_fX4e657Qn5O&$ z)EzyMSxz`2{e%tiEH;H{c+~W!#@B>Nx8(s(xh){{0=9f`zS#m$BXy9{XW!GkC1Y9d z#Q=M``-B}`E3c|@YtI@|dW7X~q4IZ#j+Sg4VASTd`(9fIhn$P^{8XYNjd|>I-#f>M z!p#WyG7GTWGyyC(zW_$6Pk^Lqj&Wft-(= zsf>}p3K;2WXF$_-OX9?PMdPu&(?A%qbIW<#=)%gyBrrhJ0WU}Hm+5(e&6^FXLEFRp zzThIDMp`cv9vww;CsZvxEp!{xmb>s0){cfH(H3-mQ&Q3PytvGtm9M7&Zay6QJ25e; zOc>Wdw?0q_)Sd8p%nuI%?&HwH)t? zVpR(~vGBp-jdc;jlGr7`y&HR)!TF5t6f})n2rHv~;ntPs_~{1}?@^nbb%@;Q3nTm+ z?ROc>LRxZg0>UNX!gdiDk#Yym23o@{#3Z2EOL&4a#Fq*AB`4N{(+bJid}*^ob0Y>L z=hQRUj^e+u4t-;?PN`Km5C#1HOd$d#w*{lG@}W4Z!u-= zaf$xJ3wy>KAXrLcHbJ~Rp>f72h>fEg3n?9q36bTRA|~gOig=IzBV?&KWuhxld*vwhb))8Fh+F7l( zAwuhzg=`+{8FH5u@9JtK3l3!_u3V2ZU@Z-Vi)CoTb&sHE=oo*z0guNdRmU2=s~Cd3 zV}AWDJksfRT7%6iZogyg_z+y`d~UubD6Y4D_*-tG)n6n~QOGfmDcE=WB>SO-x#YxG zTB5j=P{-ZKzWJq_GK$gSckHo6Z?wpsm#l3^yJ6gqIg1W|1G53*DS(Y?cHy7fDBq+H zpf&2}{}z)C{+%0Ut^tU~9WCD^Z>=BMaQN?*Ao1{~iTq?9iasti#-ZI0c8~;}VcY#b zqV8_6P;>~H=k+@I69n;^AV1c4pZj?04stQzvPoR+`5&nU{#^QIsdI7bsO8!fAdcbYu_7AjnTg$gbj`+5hUsT!F;`ke9t3;@(mpMV_zhv@KMg#K%g7WX3oOj6Vs zNL066P$!sFw@=Y;sbH1>wbW3h*+0kB!a898=zllkAHa>cX8rGGC3iOl7~}R2j??S_ z3{G10zwH2#RVf4_EchZ{SY8 zK>;|ZbUmeQaODKF zBfrdIwxmD4t|k5HH6VuC0{E!_=W_ADKB0>txF=aYe)cGzWBlvO^C`MU0EVe?(UrV$ zF9E+}F5)d19%;3ox3;cR(|NtMQZx0G0~3D?muG#_6bH1&T#V5@jgOpJC8jo?xXM7C z<+WjxfEQ>KVv!z?T=dX^SVO$x;Mm;{1JeK8sA=o4ybAvTSm9oxp+MM1&Ki3%J5 z0Ix~w9^}#*ecHw50SA=T94w74NIEQp=`(x0+S!+P@a}ogBihG_=%a*>)xq58gbZXWa;YW!t!1@@9bfZ<<(9 zBR$Ff;Us!30Gvc#(W52mY9S`?fmqPM-sJg(bF-2Bu!<3f&HMgLytC&a%`Egn&D>^y z((=y$&v=(UbZV3546IjaC*MSM*jxT5hmXU<_08MG^ID0X5jh_!NYKx}3!RR)S9dO7 z<d)D)3SCKxu5+rS^oiCMYCm~!T1g`|#w zF(mpOr@a064ODxc8wWqCR8RNBkU>y8RJ3OAjIGoL(|*C$4}!~MnYLR;enx{=FniEAE7^t_!n*Px&`9}Mm)Lq#BBP!ShXnrg&y$P8CPoW)o0`Gu}&=5 zh=&H|Z^Xp*pCTiLR070*QhaSumMm(=7HQMRTm zg_SEeSMkK^h^gFU((L=hJMmFCL*1tU$|6figGVc;1F3TPQ|`54NG+WmhgREq!&f%# zJ`ZCl3UR4MSlTNTU=O>gdUN5Y!BeW!^|YD;oIu`=1t6IAVlHA?_@fLPZgw0BGC3fS zl}islBtDu`tR-t?<*aL_RkV>rVx7A+1YtMJ~9xlXz8ZCbIEvpa#Sj??iXf8 zb`l!!xH#DX3M;BB3Kk)vsiDLqg{JQ{vE)=cvEKzN>s}`onS7KaxIH$v_L?ENOD6Ym zkA4n`$s^l|{_#DX8==&0sp5|3PYrm(g7@;$ zSY97@UbY~=3wq)%j;zq8*QKUDPyypB)P4(P zGK~=JWY5@{u@R6WF5;|C_b7BvK zhTNYp;%HT&^=P6#xXwfMptE`?8Kt9upMg!V!93OBQ(!NVg-)v*(6%3XgvPV!RLc!C zgagQkH$XWn|3-zeH?`nk%^tBMf@=Z=z86L?_91Ewebzp(^~$bNT;S<-WeCv5++rbY z!q%v{7?sw1;}RVAWMK-j3uDP{PLs`$%%wR*%3yt9vIq=MdmIO<(C%1vE=BziP+5ZB zL#+VJ?RHjCyFxfaZ09SM@)g+%W>?J4mf<+7n1r1mfWuD^ACBQiT9pOFLy_yCESUUP^GgdENL^M_`oqSbINt zcPtOFE8-z%l*Zs6Sm@DPQ7YR@^7m$-(5uq~YPuU7#Iyc7mc=h&zfzsr4**fM=RyWE z5Y7fGiIT|PYrCGK;x8$(U>4E?Uo7i)$V`jOHhJ?+2V&vk4KKQy{>dMS+pohJxX^gl zpf))H8kHX%<9Ukmj=Y&mTSWUE0e#6FEae8azB=R2Pd}6y&e2vIQODDAS3(PeL|RnMx8bObG_&TXeCi7JAU<-t9PaHN?~FKBMEk-mMm(1 z^GqoRYhhxdDC(w`u$zkO$UkJ{AyecF842r?T>S0297^TACM{a!-zh-nZaQ0qclk{f zu+YHs@)$K3P#?wms*iG`oNhw-8)3fBm}s?={=S=+ZVJHGO9_4@LDyU-@FNK9wP)qS z&3lRHeBZ|+o?*>%4w)XlILC`Wk|1Zf^MKi-C%9!78^p_8{Hl-k6TfZ0T_L<;TbmaO z;@FtXV*TSq@QOL$V06v+U15nS1yd8P>im@nIE1Hy=3yoerv7uoHs z@&Wa@2Jj+-?h5#wmkOZM8;F$N3IVDV_CFA*?km!vaC(EZ?YCp6fM}R^V}fV=ML)%+ z%nt|Ue(-&oM{ZVFq*sKM>P@Zpj~b&YMsM$a?=(FRh(r}QwgHu`p+*$rCD@p)!WOM) zz@y4!HtK#+`fQfRIR|RkoTrwuEvt?Zx5uAuQ~()NX4vg#vac{ktIj8e)`U)1#GsAa z9D`AQaR2B^t~uPCA=Yy{y^6zB9hta@-U1Io0hKr4zb>Y#?~01Xa#y+%wX_CHOTtEZ zl;3hpC2w3sIdZJ^a1Z`y{mJ_FVF8Gb0t4cs$eokH3l%C6;p|iddZ%nglx8MUD0U2j zpE4GBU4jROd4TxnltrJ11c)wLY61GO>e5<41*#YY8u3OZ`3U-4(#y-!V43f8hY#+4 z2|>b&ZmZehx)-j0()~2UBWA3shKR z5QKjv%a5u~?%+g$ljJz)exe&C`6{4i`lvi5>$Ew>>w89{lVK~&hyCI;p*Fm>gV52!7pW(-zy%iXWhEY4nume#Oplx*SbtJ zw_XM3;d-a#y`J^gB9$Ps%As z;Pq#34sX|$V&zuFQm#E5>nbV=SXTf{aH3G8!kmGOxu&CfH5qT+MrL9U*Js(~DY^&h z$?@%uS`kv$`0|t?AU!JV=c4#l)^7c| zzRkTc@E!Aq&2D`a|7JT7dXjpm0~@owXH}=W6+9MBL3hwNtLMz6$_sKPH83QQ=G|-U z*_nt;CMLWl2m}@7YGqSICug84-xyibCNq4!#h4YE@kwNjvI{d% zdiiVKrjya)VDKu|U{L4WCpal|%Rn_&QFqyGAgXjb83$LDOiLj2nH_j$ zyJ@m{x%$qJ;?sJWqD2lW%uSHC=*`dAu{1E-E^Jzh$oKc(k2i$BRr)H&10?w|&p0Oc zPQnd}A0o4n;>eF$CX}>m$bVJA7X)P6P>8QvW^iv$m?3vHlyPT_8&DE=D_3HSX?5_M zv+az$Y3Ng+qko<@Y+}yjx*EJk4Gl^TRciEP7-VeY?^$eQXs>X<7rL<1;_Or!XoHE~ zWljjoJ*C=fP$=3?m^RGdo5skzEc;HPG2V#{je9DO&9#!ZR$sYpf^9CePeZjcvkX^PjV}2s_i(w z?Z?3UsZi=?ku}L8I`rklV$EHr!s(Jo-jg!a_gGDp%f3cquD8I+MAbfL?3Q=V$RJYLAW?wZzpw7 zMph9NWGz+r@q04-zTxxqr4O*5F|+c>01wiE(2t zf@o0O(Xo)|r{9rOjlHq;jG%t^igxlCoCF*1gaYKpd5Fe(_|T4*6O7X@sau<^RZd(+ zYAETGQ3`K!4;PE*`p+pI1#H9t^Ns8it&SK(@15f@+skE}B~nKz4cV*J^Qr97Fm;9u zanKDyll^RGa@)|TbH|b>j@|Rk_-HYarZ^`*v+B>ult#LDg&aAs{_N9M#b*wKA=s=F zBB|2}J|%?<5eU5qZAAEyQ1YO`c-mxAKUHl)_xu@8AkJMT`jT0{QB9XthuO2|L%R3UcjS$*~USohB>V{j96?QKoZhL`pGfYrEib%~@DIg3)qB4r*{R-4t9yKz{W1 z8$*2lnRqT`h_{%zYLJQKV&4_zaa6TfGX{Ni2J9Ru4K)O&80`=2)ASO>$P7FA`|I6r zdzwXss_DxOU>o0E?NM}vId=5krf0wMqrH&rD{;Vvo`SaNbDJuNkM`;Xf&*r;p|!(l zQjD{ny;9`3(!ONMsTGkydBEvhr06?pSZ(UqAJVr$q%C%=;~IK7z(!$xVd4N!rST=G zI4dLe?>cWUi$ln_fyx|)kZzN)DZS*HOB*Ws?r#H%YZmLM)y+t_XTv4s(zLJl9OFv$(2U_ap3*S_d_+Vd^#~uElo0 z9eETYn*4t8I2Vb^xVR`BIV7VGYcc>}qNbJznPvaZ8LK~n9x1^JQD}?i-8Fbu_Kp0J zJ<3Vr<)BOJ#^BxOd15VR`ocnDD0qaPvNG-8qBnvGYCc}K(W1`=(wQ$OlI0RDg$Lsm zH)RV}Q09#1Y%MW*`O{0?1Gxi-dk@LQSxPV{JjyPAT}K$JM74tEmK1R=!~$j)|Mf?w zPcimCzg*B2J6%s(5ed~-E3~2sJavR@F8Ydq@*mc?^Z2&5LBok@c?s`$`l!`bPgnl7 z6`gf{AdCV7#B4g(8h#m;FTNj8NN@?B%QjM#4^38{LSmhUeEK_6{&54Vo^o=Qi=b8=Eg9-5H7SXg&~SOa%i#oo@WE+8HRgR_65|x04cxJ zkuQ;5LW71Q)nnTmlsO?o>k!jTwN5Tch4|keN^UVn>QhMMeg_)h6bXQ6m5WvM=J4h4 z&Z|Q1ca^9+OBV~$jCCJ|H7(w8%}&ahNF_#fn*+N{NW!@-)jFtjAdLl!4oV#&9lD%- z9ky0Lvme{!={2mqAJV1L%C-y`oSE*n;)Dwr;{>y3Col z>aOC90&1IeEud=pA25l{>bq67nA;Q^Do(V672Y`+Vhm#izz$85uGr@YdU|Sz|y!wZ` z3pan%%5sotYL?n2|7=UW%FybKDvLMRHIRreK?F7=f|yJ_WvOY^rFv+p3PJ&K z+fq%&%oYR}ZkCB{_akTf#RQRY`K^Y*F{{oZ%Gx9#TYMlhN3T zd}aNDefFDA&wI+wMdV^y;2x6YW^!ZgC1t>p`enIUcm3;@T27gRJdR;?xDPYgLh5MG zPtsO$J3Yz(AAeTN@lgA!*zfM33+vMwQ)$jR15gu6|s4_r#!5XaX5TTj3D8MMKo%m2JmL0)eZvi#ZFEDJT1GNBUabHcs@{A-U6HbE%kaP= zlwRe8JM$jtZKs;Q;f6KzS4i1(XYnpji2tXC$}pJHxHCuq1S$V?de~HM5BbQywA^hQ zra}Vwyrng>Qf#fv@P+P*Y%4}Dro6h-Pwh)X6~DtA@><$Vs8{AULcnpHD#k9fy&+Vj z#+FK&RWPu3)NdH6_8}!4R7C|$mOmVEobW-HHyZYV+q8Z4`F1j&`i*}csJno+j<<72 zjWrJTif>|Tt?uJxz7j@}{3a_E@?@f(5Cv=@EtmJG_dsL@26y#w)(SfR;{4>Y&7ZRQ zhOItLnkGPzA;#em_Xvxrp=-KV?2Ipx9e9!0L#21x{8$$A%?wjO;8ev_4h0>!3xzKY~4OzYjktRX47 z`7m>pWi%=1!$zI$O!n2h!Z1=+Dm5sJ*dO|(7p24RJGrqg-ZdJzc~LBCoIr!bT>H0oc<`+CX&qt{m*d@!h{a?=#?jQ9R^ z;oJ^0q5_EgTkX0^^#kYH9{Xg$6F}qi!s_xpsAF!U^93fQiEXn9;P}FP`l$Hx34=U= z_wo0fsPE)(Z49Ad_@d&U<0~#cpBS@U@QcEgFN3LEQSA9Q??+_j;&6~rV^$@nHz88LP8bP@Sd|*o*x{+*nJD%;1=C9*f^L}p3 z3<@hBqf3R)*oD-m`?Dxn;d_CtVrxL?|t;47?ug2T;6gfp^-(8d$N#0KH4a;0Ze*E|g&{g5jc$^21F28(|GTmjPpfUl(A zbO7M1CLLlbZ|d8oMplfp_-sFHcX&m3rt(n!U>QpvODr>H=&RN-UzF&^a7qVK^WTdi zK;`sTv!q%#ST{DHa!Sn{tOiKtcZ zVgA++X6)$rhQ!SK=`tfbsV5jdyiFpGVS!3(q5bd4km^CpVBO=S55W$=*d8@*iNvz4~VDe^h08@F*#vg83U- z2m1u8v^ICTKC=3jjO2TkGjd73Y-Bd^ za|rwR57X*E+UzOu3*zu@636-!PhfLvK%PC}rzC7@917}4gt?V@RW(SrwfWMt?gpeI7(;)oPo%2aK6ioQ{>)yK%<)_rJ(?(-sJr4#TH!1{=( z*P=A1adSlbx{4OE_6O9G?F^~qy)%jjh0K0$A5QoMh-TIHlQO3?+Vey6=kzS2P;leN zJEnAnF8+C=oLPL!3N7m!v2^buL zZboY&J7D(4BP%##Vs^@p%=CV-_M<_lnjtw`>JN;<(#**}DO6Ab*-fB=^1WK7|~b*%YQ&MZ%%Q*^8iCt&)U*MvaKShLWPUx=an z!t$yTK$+vDYgTNDqq+)d*|L1CdR^Nhuw~ug{$u9>zs>!3MF9Rqn(aXEt*yg+TGqED z1dg@=?LqP$-(VJ~z(x*PYXgE%zHbCW{B&FQ4}tFQDKuAvGL{>~K*iIV3@Lw?2YX1 zSQIus*Ch8AivNZ@Z|8%hD$AJxl&9Ytfbu*+Tt!B{){)fV^0^e;lXg9@`JD3@3ejCr zx-A+lGYG==RJ`bq z5M^nr)zK|KXb+k&JUaxke1pxw=Ge3W4Iak%nbGkYAR1CGv%hQG5_XRIWQICz6G$(HC ztEN=yVrW=yS}EGaI4b=p!4v6hU-s`IE=ACI#q}ce0%S<@+j={M9sCyZ+j6S_wC7io z)X!XIM-$PDP;N9#AX+6tK>E9VKH#^T*^L&IIYPd_Ss^p%V(yLgbF0bTUG<8a$7%DI zyQ5C6qocS~-+Xo?X07_8r(%CG2I#0#ZPvteBSh$*B!(H8*)RQ=y}u!8rV~i?SaJB{ zcWUlKGVY&;KUK&MPX{%#JjR#Q^sC90#GtmyIN^!nJ#WJdFEv3X>0*=o^j8M!=6~Fd zdq~em96rKnONtjLvrqiTKUN+Zm&d;J!)~eu>s+yBwbz0Fgmr2L+BvpOyKC61J}dGM ziMgtHYmFhcY|NAw?>Ih6?s=w})!RsTBG%w?Vdauog!<3AprJhPDlU%?f&UJYI$Frk zQ#(!X?{q=@Fc|!Cwl25<)3p`H0A%#-V5Ft4Z97PLVXaz*rSz6Br_!9LF_nAiA{%ve zpmG@;dSwM(PhGHJ%EB}<49=>ir@EU?(?Y{G#&m^;b^Ukn!<_wy`u6O$;YsvG@BU^I z1^jdRA764Tw6@pHsGrMhj{&6Ln0xvzCIc_Gbn_tJa_msYEoKOamLeqdU_3%a zEW!`ef&5pHH0-~Eq~iZ8NNRfPWxzxP4$3duv<&U6nRM@m`7%zNUrEF?@wRmd2IVQ( z+t3d{QfOSI7TN3_&icE~iz#8_ehBeh0h?vlCWT2TUq{9}Gb_oU2IswWQPz{$5M+_s z-cKvV)gT@oLlbXf;|xTQseDvJbU2Q8j!?3_3T-dCyL);ly(&+5=mr!X&<-*hHSi3# z<&rI1{}inK#E&fbl8&9j?)=1gdVRkLU%_QD@>SNTf;l$B78^@{fu=ZbmN2kcQ6J4r zT49nBtA;i^{YQL~ei5G@0OC{aAMrW(TT)=Df@CaXi)j47{y|aJ@|D9J{C^Rj7=b~j)rN;3~-L^RwV8)T5RFc+pq9nrZXa8RH}GL z!a9e{J|5L^YKgGCGObpEvv~1c`PY+{o60fbl+?5DlSKVwNPnZsO>3Xeqx3z*-{uIQ zY;L?rf54q96{8MWXV+W|!q4K*mHC|U&8%8qPcPX}({!3abnGBxJ31Z>(VP z`_)eBDt?Q7Q{@lH|6xAizL-zI)Utegj{8~pIHz(T-$k=RO4IsRk5uk|BcDy-b&4Kl zHw333*DPv;!Xv}T?)u^OtRJZ`9921`7BqE<8l$wIPR!{tRyd0km@G=Uq_AVsVr!{X z2kpgh`~FEv*%JKW2ONUE9=PE$R4A1^9O484R{`gX?jD)=4%CXmoKd9%_Ew$AJ#z1^ zGJV;Us$%9n!=HRzegXT^iYqbw0M*#Lniqauh^T>ri#zTNgccsr-VqnV^aZ`Rmd~(X zj=*&x|Ea$`BB8vNP`O2;ZXw4A>zTkZTop3V`WAs9j)0FEGTShT9Q+a`N@J-)dfR%M zWE##P$3XQM*S@ALgCdUc*^7C8qk>M9(WXHsqZ1;tQztYx}P-i zQ&(AMPcZ}bQ@e<#qUm?SCLR`U#-aJ3u*iL5a({ABt{5mz;ZgE&!T!{4EE#W^_#t2C zW=Jt``y3gEPW{2v3&ai5xG4J#+0-^S-1;5iw}6L$t-#|kLkEJ(T7n;nJJ925!8f#a zsutD33%m7&kqeB2%k`NhW__8F`d|o08}3|-v%D>JKOv8rS-CyAzXqmP-N+G_%;)bv ziNAA;R=y4lw(S^2zIKrzZb{tC1_%Ql`Ye7aI;%$ACSb3n#CdY(*B|i#*<2ymao@kE z?RPPb36cPBses5DCcV~;%Z2ek)F6InAhQ$b$?m<;W)w~^~6O07af$q|*}AdfaXbk$?y0ZW7X{!MYR0D`l!Vkb9w^XG#NHD)#n?@Ab2$c`RNQeMn zCt07Cff4Rb93DzQRFWHE1~Uy{OOl&9VE+X`(G$=F-UOhX8-N=!-{jlB{%Bw);Lg3Y z0HE1R|F#2I)TMtADxj1KI1=+eCjgB6(n%|cbGc=jxDE6XsGLKwxI1qIR7eZ{gIIn= zMgj5BxVv_Bq4@x`xVucit6f8A9>(n_;fXLYw~7Bh_A}}$8CtfHP{W5bA>-IQ@_%r4 zmr+qRj=Q$$2I=nZknS$&?vQSflx`47>Fyf3yGua2JER*)={=y&vw#2C?}zupjN{C5 zMD8`nx;f`Mlzm9&_Hk^Y!Q)uw_AMHC>zjjEKSi`k>4&xkuMV+?75)49V#hd9vaA^5EM-K@l772%dtZ zhkj&y*0qzHrA+rTiF=_+qp}vwq9925cPZS*(h%*4SYk>F#FqF3c=?qee|ktH3V1@tNCRP zY&C;yy%wO|)n!3z6VFm|ZWFL97TLcUTp8?Du6s2BLDJ{lttw`8VmSXU?BAC9HFs|J zyeR1Dv0ia`OwpaZ55EnF#@0HyK?g(yu>ME&*=)~iYQ1}Q{#t#~{H;De{V&xgy&Qpu zqH2$(E5p`!9K{$Gc}C8BSuB~)9RJF}piK{z`l*;+TpwSY!{}s@`|^UZO?{KFOFf!TfaWT{gCRw7wQj)j31Y~G zgRd|$KkIJc+3*p^!xW$gOMb~y2Wi6Fd7jAJXwY-Pt=IOwpVQ>>+sG3F-l#apwQ6gr z&}KqX(BX`NIHH>>6gQ0NpP8;71fcs&` zSii7#XD-|Ehrzr_LHESTHQ@1;g&ex1hnEBs4Qa~GU zKdhN*8N2Z4$P>w2-gQwR0_)8qMMY!qm+>aupsxUK`NL#sx{Cuc?z9hy9~U#AG$+`1 zNcu3<*Wn{TtWegAUE``gpeIa#7zr$}xJ;Yg;6U#z{mf!xjKY#! zBfxxJ4r7}9cR9?(>+$LGp!4xOZR;hu+xK~VNP|i+4XBekIszZzJnQUe`+Nz`e|PuL zroCF6=}m8y6Q>*>RO=6v#fME33t=rt=FmtmXnynkAh5#w#Utm&v-qyt0*- z4>RXBK4oRAt&mIl11XXvz9Rp3`k@yYTx93xsPQmPkSzs*SLP{M~~0P(;5?{5UxjXzhx_D?o!46j=Ij1BogU#4 z9D?EtZUZ_a?1~;T0Ay6#VtE~v#IwT?fE0s?m>Og9Zo8_7lhR?aWQ2ou#)%ki0~O}s z6P9@Z30P%k-yR8M4ztp@psX)esL*f_C*cO2e(h-hw9CmJs+Z1PDr~@ z;2K%Ow-ZY|cvIH1cnpJf*Yd~|y2q4?5{w=?^&K7oZyn9^F(eq(ezi8~f-ZCUzZ@x3 zmP)1ZK7av*5cc^ja6|BLb&b+J^<8XRvucRtGjMoJ^mTYF=wi9)b`3&llKJweS8DI@ zYXLqAfm4>PmD^!e8{AEyP6@5}2L7a4&Xnk;qFf|bS>EumtP3;6T{?2?;Sk^5<;kyw zn5qfSMUO&wmoV_`4t=0COK(ZSEqY#}JeP2N>+cx4Rt+2+>jCqs6RzigPkyUMg@zN9 z75^C=t2y_;AS?yT_eh9@ppjJ%Vt+V``;C@A_wGE!;pn<|q4b??&P`J+UzBmvx4M@v zJM;uXhj7h{(4CXfiUM45O96<=C_e{y7%PRWk7=>RwnqTPtg5XrM=CPDAHr16__v_= z>`QOUTO&4^*Qj$F8A^3&}4M`vgWVMeAEA3;5D$HVuyhrbz3( zB`{=23v|O&KT@j4yY<89p?#8(vOBZ9;#7X0pf@Hq8f6~2afNjP4-k(@+IJtvb^a0B zs^mfVHLc#~XDS4m?gtV(P4(jMsXUIH>D_ zP3V2eefW&e1!C-NnqrY?k+a*)I~W8C)w28ce$bSdyL9rO(egf#q`QAO(!N)Y)Y788b^xDbAAI_H4=Ap8dF#ADjs1i! zq@BFJhi$t8_`~?cs67@+h^YMd_{NcvzH+2VmmxM#bIN%VmIxeDSSd64W_I|HTCM&6j9EZRl{$1Mxc4(BL(4I3O7z2DI2QX6A@ca32OFWQA1kAtk;Z5 z1TD^&C+?6QmBIJJ?{#8ecv6cclc3P*qER)s9%pSzlFr@R;YJx!Hl;qX`+iQ@R&F3k zgOaZcIye}+%8`V;|8G8;nYq-KtZmKm8?7+|BFG8;V(yu#qVA@cH#!q z3`?(o_2`eC;BlyIcmC;@r?Z#M)%>XrYAMk5;vn9rrWmi4dd35alpIbjt+{Bc-m)HD z<^laP))Dx*Ud{+Z1yw2=XdH z>;Y;L_A}ZeDd=t8wDt<=T3O@MX}(b62GQ4{*WrtTqdv<^PgN~H-`NqsncGU&gmxl< zYrf0DM3Uf#5PsrAU%BG)vs~YYjh3dsb6~N z>wJna{9C^}{EVpLv%&VD!@P!?E4kBe6ktEvafDu`H*2NX1og&|8U(&^qzoFOla@*f zK1Pk)G``$VukmQy5dKa zMt+%*+WwV*-zqMv&-Lx*4WZO*EkFHg%D;iMD)J_1esOC0&v+E_gsaT_7Tz0HKGBa7 zl=0qs@LDa8N{k>0g*Ht0e~(93nd?{ClN*5XsQT?|JlcYroiO{Pc-r#*u>UO{o!Nf@ zLxVi2lF6G%ZIgjRPB9Bt`@B?nT5m->Mej3Bgq6dyF;E9Yhu5Uc-bxb?h04>f`KmDymk@xgTvgB zBTJc$zL9;UuPcNm>! zGZN8Ol-cw6Jbv#Fm?Qm&_r7Ti#R<755>GKBA!?0c2>3;)zTIYodi--Z_G10JF+{s< zO>Qc8s0QM)hrWn0e(iWJl1ti$y0SiN*JV(Q-NqUNUhjfq4o;1V2AM*MIYm37?relW z{~vn+82hOsTGG0(7_WnL;D!`R3E3e%wR%S`uu7H_rFR^C*Fltt*Ao~i?Q@shK0Z^c z8vQ!=plhU^vc*hwPd}I3Y&u*629J*x=e|s1Wr#8^55&n{hF}JF^m1jQk!bwGkuvB= zROK62-455Q!(s1G8|&Q+feJfIJIno9#Ybnx3+JiJW#;pJaN`g*vvrO#|V3W9(|%|MRS)1#&gN@UGDg zgen>*5u(U>8(pxWy_H>Z@x?5Q2C3?!iw)4PYJG?1GrvEi_}Y$=ytbok%jvJ}Xew)( zBgQhl`F4t{`UW!e;(HCt`!kz?cJ8%jBtJEfjyP> zKOX4@WKaA|{liQ{a}3XV{ifx@BC%?0`pQoPwdQP`9+4O|5@$^~`7TC&DZ&YqzB^NL z@%aQHHKeE5nHae7~3!PRW&0I*I~X0aQPo|O#53vx<` zHJY!>q*y5Iic15bnYu&TbPM4iE?x(fm}sv+&>Wb5^GI<%F%Yr2>t8)mT|~5|x?0+3S7DD8 zOlZBgcvOaLII<+#C0V?BwSJ{iES!0+4t)2B!ES*_A0&yQh&B#v!gZ#<G}5jX%;2i*pLR4${BvdIF`Gl#Vdt6cW|Kgf z)>elN&fgWfQL8Ht(j|J_Ckmk}rgp3Iw;a_}Xg!tP0ty*b=>Zwg zT&3nQFRyRaWb(azbQ@P_=`d&|mb>r!y0H?bq(q=>r``~EdxM)MC#k~!q%*hyQ~6bVg8X=>3<2T*HO z3)2BeA2lbpDVJr1;#9B4Tl)VkM@x$TTRB?rR*ohl?uh^2a&#P6j>1{LpD@C8pC6x$ zRipSEQPTF^seBiP?yVd}`xAL;n*$?Hkd^-yc{*DCkI2*8{{MgE$tY{r!ZR3|5~JK! z$gi{u%0gB`M`t&U8nDNy0}DZ0)u9_VHSqF7dV+hOq1{DlPo6YSAAB{=k<$EvQ;mgL zOmJ*VA<0Cot#F5_i1THn$RinWc%o|X-$Bw6J)EqR+ntvL77mt$GWKx0C9O6Jac=v{svat`=Bq993=}GQpkDySs>tVDIZXY^kKw zoS_!xxbWN6-QXiZOHhL9F;I?;-wya$rnYdeYHO~3QHUeP?eZa@8)o=}Dn>YJS<-b= zeQ%EK7n#xOu(2<0R;+a<;;j=+P7G5H@p0-p4UPik4j(8tI6K*Q@ypT33k?Y3khlVxRN`C0RK7G z6bqP}(QLoK>RT0i4~K~>@5dYmAT_#7r+YU-#8>HxE7cE5EIZA=sF>MOp-|e~(w6VD--`RD@Aah8WW> zFiniJDhv+TJfNDq(v>$y+oQkXDy44VE(zOrY8bUrKt2w>lTVEJWF)gzY_zQd!i=1r zCepn?cUgWw5KVTN)Vi{MnDN;SGEP*N_X zX%!RpCF<4;cmm!8Hk}2OSR0;dnwtmThlajT?yUvIf~Lw1IowxiV-)6^SkIe#c*+vg z!!4y>i19ls);W1+|7lK+yq9;vG0U~AvqSu7iTJA*6(!eGP1ztsw=?DbIJZOdcuO=0alarpSwO8fUas8O3r*7IoIeLMMMUil9L?s-rLh{EQD zApSM7`f(5%>BPGFDoQ^cx1^9W;wD6zp@jH%gNTa*_@)aYju_=tL;RvNl&M*iCq_UR zrDptaJ9~o3b(K1mOha__dD?J94lUkU)nwTYphJsqiOEx%(+$PB|?~N z(7v2%%pR>$hBEPR06o&wO|O^PUoVh_ze9mogp@;zyX!@7*{7~qi}S_`k{PmlgvUJX zcg1dY>aQMYE6^it%);%wQG`b9FUHdImle<+ltk=qEvhFWs6S%U!&rOJ3V($2Uem=; z%Mu3Um4x+t%t!iSSYEx8+R!khx%gBz99!ij_aULUaqwUrC?ZoxWRYf50A?(&2K0gi zXuuO8jz!f@ujY~Vr@)%pvW*IblTjP~28rPROOPm34Sd7nt4KP-0Tf9MqosdHuWa(Z zilhzDQ-l}}-vURJ&jOS-1Ul}V4`y}}cnc6M*oo!;7KvQ+F3L$^QGRZu;p94gx$tw- z4b})mWpl1;d4?;$^oR6-A}OqXtEnQMzK2#QTx`%%$Xkp!gxP48$77KRIcPTN4^X>5= z9;RTJg(~Rt@N+eAW6(>GuP7-I-YZHvneHagjK-_w06?m-@ZCzS{`u4*$WI}RIWEe=Ch}z3coCUk zv=mv)B$PDgqGrz2;GYxQ|U)Abe#x3UlKv|*Ap8NAY{bsFsh zzDSw118!YdO$(UIzF$Krf#PC*;is4x_Aej0g2ra4ufU>R%r+lABdcGKlpstHJ*0z} zo65zfE70k;EubyP59__I1cw!Ni6bDoj7tT1{SNpcTJGK{(9UbH3(XlRlCj=Bk?yio zbPP!eR=MKX5p>m37yq|x%hZ5U{Te}zWb27$Cg^JgXzu!N1*ovj=4fV~!yBuzRd)Kr z8uufH!nd78^0Ob|3wDum+$!4|qDiri?83=Ti4*<^Jtt;EWzwBiWRI92k=j6%R1Jud zCiV%lSXrpF|J|2eal!xSH~CqfMx$*H7s8V5Ih%9vG7C(Ttu6j1z^;G% z@?5IRjGLj8z&AHL%laFx-jfeFWE%{J5&6cG+Hi}Hv{@z zC%mDL%d)k>qoMcm5{c{1@u`sSvNqNGvsDmKXt^BE-<84m_Zbc)DnVqro7EaPy7Jul{tykfRYoJM3Lby_M9(2_eME_GFG0) z24y(1vptr>bB@4bmvpFY?lgnh^jultEHfG4ENy|85^<99c5xEmEhVX1;I;ROesG;q zU@#W^y6vz!*Hru+mg%o@+oWMqOWHfAvNx4f_e~`wepN}EXP63^G6io1wdAYj>|afGR1^UzK#}O(ne!M*c@7&HYy;o%*YiLjJ3gUfq;~T|&{d7WKTTq-^gq68=?5 zW6yWjUR6>vOYCr|cl4bh5Dsf;LK0SM}lsKz~$>Rem)Wr>Ie!HOfBREFI{R+D}GI z&*xUk0b$Z`5pDFTRN$w!9eC+@`$QkvD@h$$`x13DR1JmLtT@k`ot%9CrT@h{vCFeK zpun^69)o_BY+B)t4V7aQd!s4;T4@?3R$~?tSV9_c zFIE+1=EOcQc~`4h_5O1q1A(A={t9serD=JDPJU8Yxj#~Y>y9*%8q(Mv?Kk$y8k^kv zr9#VI3_~(U$`?YekBe<+85RLb)u1JjbH9;{ z`u4R__z|+VY<)sm19JHhb1d3e&~4A69#O*|UFB-Nd6QZz*w#lzow}sUVVu}IEsQsO zMRJB&apyYMaI>}%?|{`BM7A#Vv!4w<*+t!+5DRn>DNFRIYJtjp~I z<(bMo=~F204CA==eLL)i*)#WBp+a5s9S|l36Zb5~7<4=%wqf!Dcy;fFEa}hG2p&1k z35BWAA=LN!#!jK7ZyPB3TMiY76!PPpuGd*k9GK0J!xd-W8;j3#O&1(}vXjMj6j*k= zg;-_8(a22}HxYcDgOoNb46=HJF4dP#%|yeiW_Y{T&SLuBLLE0K7_YNr_Ko3B&M%;<8Z1TJyjc zx*+ZrFhpX>@8>^<)QT^M84KUf)W9`Ce^U<1BwyFx>qvmdUo%8&3BQoNqmTN;xF1$e zG>SX{SximyBMX*YvbR$fI_DR?>pQEL3P&Dl)QNfw_PKJCPu{_VElUNz+AVBt$A+y_ z3&}MS)UVBTfs>E|P{=PEr|$a`<~ZhYC;DjN;qd*FiRAW30n|zGD=HSX4>ACZ>{_ER zg0y(0u zy%AAE?7ReDCjQYp9Xu5^GhkBAqOR0lguVL7;%Ul6>EJMDK3~52!(?@}V^%WhWu)M4 zfcz1a4KXkFwxp08DZ{y`oOPxASq+UCJFIk}-0(mIfF=;;uGBPPPZ`;yc?<_GJ+cKY z{+k{Vuc?HeJtRT>+8>m(`oE&2RH$=_OHAg#D6rea0*NtksgDglBwKmkY|j5twO`M<4WL! zA0vPSSkVj6qNE7KwnS9ANPpxc49YX6Ni)GC;GW#rMa&s+LN<-oLnC`(+E3lCe{>pA zkdIiZX6Sd1s){b#^Mni@w$M>d+M{NuSv(`C-i+>@O4$=SR7|V0F~771jGW;^q`6B_ zTAzaBdfiH=x@BhHZ8UY1GwN>?`S(2dd1C27m12ZeG4msXtdcqIJ$oSUH>@_2Mcx)K zyFA>&h`F6H&ObOc3VbAPfp)4C0GmJTZBZkeOLKd;HflfFWaJMjb!MYD{_a7z!hgR} zG5LKHlR*6N9h3qW2ecVq`I>#tPjK>fzD%)x=n-f4LHeZDaR>M8zCKUc4_+HyiH5>9 zGX=a7OW<^z-~MjwtF7r=p$sC@(6-p&%OzLR_y$~ zN`WLGHnl-Ofgqq-1N;R}VqD4X4IcfPnb!dXN!x))WslCQQTojucz+`Bu1TjWw;gWW zI3dnVc_PM7r_XV_r<5O0{o{5BOIa*c9alc{_{d6sil!ntRU+>tAVoQKkapGrSUpONya6Y22xHzanXikmQp=!FN(69{W^LeU& zWJXjlc$Ud#R|P*%BW=|wBgFnoeHsEKQj0f<6bWdP9?p_tTK16=u!g@uq-20B+izr9j0a|{Ns|kz0#qRhR`}hH1bXK&upmK#Xl6$Bh)XY%iV+*G4SR8_c4rI%*@X*c1a^3o_!V2~G=$hE@m7 zx`w+zWFenL0^lk&hL30%4a9?2PYphgPhNjHvw zx1Wu!@DUsLxq*is$dH!4K4a9z>oWp%(>b7;%0VP(NFZGK{R&ZTSYLgbtK;lyRjKoE zqEi6*Pfxhw>2bZ`@X>24A!V{Cfc(CghF8iqR`_$IWk@CK;I^T)av~c=1Hwud%uU)( zsL|p{YGJ+@;7Pxa&OMWh$6yoE-}+}6a6}S(>1{;PT z#bq`cwhvj?d!7NT*Psy70#|l|uNQvwNH!CH2rZGeqV%W;M``Q$=SpaQ+n=BiLhJtq zg;R-}r}yZ(diz78Yo+ECdiPvn-H1)V70D6#DB-siNz~xxn+cv?J$4IU%K5|Lz23DC zEiVxo;u4hm!zsJR)07H~Qqo!;rmL|Vu7%uK5Jk_o;@%bx%|aT}H0#?#brasx&5nG- z?NdbCte=jibl*2;T|9CWzNovOcMJra({Y7pOaokxi3)hM&~I)`@0lslMDJiEf$ zUbCj7l&E|@dc011m$YX;zV3D9EvShALE%$OAgw2OhTL@Hl4O5bZ>!vr6l=sKCCM$bC4+uqa8(j-_`S6Wu zWE?RK(O-03fWdQF4S_+og$h4|97b ze{E*UKRFkvI6r3*EjHM{%yW%`q@5~= zHlruwB0qGE5M`f9;h7@xzy=W~ZuiEv+5lACRbKo$=+&#bqWGz%RHf`tM+#P?xsk$W z8n+v5*qWJ5_aK9j{PjWs>qo*J;WIWGHWEqbQ zQfr>@Mb=dHYB14FH&`HoPqceMN4H_UNd<5Z=@)6;egu_`rO?_`GAy#+u`@8Njz{ga zl@9jv`;55UySoWW37`uvH-Jcr!XBmC+f}*I*4Bh?uQ;S$pyU5cB$YMfRwo#V%}w1OGo!09 z+8KD3`bwcCePTZhN%t#2_E_#8G2cD!DF?1eW zZItX^uZO8sZQa+T`1--3>4$@ox(=ZrRzzTPFR4*VIDM0h`>%E`IIr?9k(l?sVb7Pp z1${0rueM9Kw$8E?UUov)@n60pJYV|CcktXT0#n1dIN&3l?l0Fn{b@w|L*wgvvxgE- zSC_wTw@2S)W~8TkU7K!*;UT2$8VwHvmZp-V;?nTU{TB0p}hn!8* zc&NH9@3mWU3rgEpQwolzxqe2ORh+thfhTp?kC{ydYdnuqIZqGtO$U41lspgy?!*vC zh$<-=`ab_2b5hp-J{le9+Ol`F0X=^Pk-R`yV%Wu3j!sC3p`seVHQbPclV(bQ+=b%0 zMTJx72Cwl1Cow_1#)0eu|9u|z1T3u>xGA|fpKczw(N(%o<7)8P6&<2%!@kR_{dH54 z==ytxDKd?mRtIDkGMil5st9mXQs@|#2aCG9`TeHF2rOWCo}|pDM@UiDCy+;=a z5TkP#x{6&JOEy?XAv}fY&W?_ngifdQN!%m0$t9lo5uWLm=T%{4U~=04OM~06R9L) zcN;k@Sea)4?yUJdrKp9kaKg$l$Qe2w0mT+g{nt5#P867mQD5ZIhB)dQ7c|tNMaLM_ zf@2(__Dd8OR~)#CBuFMe16@0K1`@sGVWh9)eS%kd9zF_w{4PojGhB0oW#0AG;dNZn zFt}(*7`j+7Mt`DTepv6Ukx!OqjW==QSVyxfnj>~u1S}?9Eu138pjr7tmLWA6n5|~8 z>Tp>ot)&`3^(^6AWw11IjedZr>0~5x=jTuD)e?uHY%=SSBufvp*Jkj>C+Py;dCdV> zY^6&eQ? zXhn-p=Qe-cwESS+bN;3PpD4d0<$ark)t?|X47!jt>0A6dF&QdIfsc@(*jn1q3g8LN z$G^ZXgrjZD^$M#9YoZ`;REE9Bqe%g)FwE@`GUGVQ&BDa-m~4d9X7&urd{?m+W73WX za@ZcT=OlUIsM}9z4_hh#UBuXp{)ZY7@55GYwE0yK(lswp=91Q(9 zu}OJpr<5MsI{e|*IAC4C9+4F?8>Cw%EmyePp*raEVx>#}Ix~4t z+&%i-``av9b+>U(49vBQh>q0@uLH5GyUx#0;Kxdc+ku~M$6a;LV%aycVxJu+J~d9> z7|TXB88ls5HG@x-eJQSKpiZ)F_)j5{bAA14K`Q<-!f~{{6tP|(yFWy8rTIlx0G`pL zH8VpzwA)=D9X*lVjy4Iwsi771_P^Q?ecuYvJzybB!z;ABo9<(eX3Ow`qj~9TE}{=j z&hcHw4v&n+34x1q7z$&C?b`i)NKmmjo}LgR=9&IJA-}mWj4LJQrKo^D8q}#qQ9PJk zvaP?})?$xEy6MZTcmWs&)f7uTe>`Gvs|qy|m3 z&Wvewc^mT~4~iBQd!=K{077MB-K~anA9jKXsJV8=BzWe2AWjAp@6;V!2aHB05HSkkpWEUDffmb9?HWA=Qu)G$uK_Ag6% zT{_XaF{}PE%wdHxE3^%=&Kq>ym6J=`7HWSXRua!F`VMxP|HI1{b+*cUF5x{1a_mEr z?bPc|lN_X}Kj{~RJw@RCESI_EU_VhyxIv?rIASKk9tPQ+TWw`Cdlbj^LAf2#1Hfex>=27e3_$WRMg!mp++Y8B!;QuT$=kz{@hf6gi=jAZ&XF^vgb7;BTAE- zX-TBjHRz^KGtDlp?HuwRHq!-p>AsBU%nQ+9js9VQq%nw^}o9!gE z{RrNwA*%{vA3tG0&YKQLr2%VH-rvCfOX;G-$AxkoPb>@m{4=GE+%SClH2IfXA7_1M zSqe2kr45o&USqXLHtn@Qzr1W^Y2DNh0 zmZ?i*@X+_h7{QD2Sz_>~URERig_S%y!MTpBzAlQ{FPL!|jXS<>RaEUDrf zOA58#^2U-%`GEZT%aYo&DU46mk$Wj>!eewk&+vTBd4BD{qZ}jZu_-rp&Xy zLu&N;s9qjJ_6{07T}L#4awcz2@=L=0zSOg!eB^=7*wo4T*~KsBUXxf@6!)7r{bdxy*v#k zqz0eTsFp+ul3*yf1Y9I$i;+@$IB<~m(Q~9O!SrixwrPi!xe)$h_on_@U<>9p{HFyw za2RRpP=a0fZ7o@K98_%-vbGPed5BkaQD_nnRf$Z9lMbtcK@Y7FY$Ef@sI?&i5)oUB zADsj?Pv3Ly5!e9#sZkTT#wHhlwKRx58ad$!h|OP^)0@aLd|1ls9ULndygFeYV&inu zb7-;HL^WY*XlD{xg3w@^ugIzPkvm!ZaEwUM90d3 z;y!Y~DM7wtqx0->iMW=j>V6u@ibxmi{j0dZ&QM6 zs9U*7OLtW$Heop&#K8YLQYJIvb*-p}jf+Cv=9@i`I;V%fJV#M*hOY0ooRxo0!sV5L z{Arbzkk>tDdK8!TF)OD;rO9d4Ce~&l8Lv&fdrG-WTiDRvsa#fIYb=#NX9w3gFQ>OM zU)=Vs@JAF?O*+ha5Z?lFfKb<@6gv)Nx!5#5`XSZ66$JXM$ArnPYFvLvmix z7l+W1Nh*GmL%0sn@mXc9v$)8IPa8w2-5&hEa|Gi|TRhF6GaF{=Di0favdSAJz3SG! ziXJ$eEw^%-cMbZNN9EuD^0|E<1Y-HEy3Au!z!u~xyxRrOvAX;VwdK!F#k1MVii5+3 zkK5%hK8nk;*Q+>Xr}H1w{%#4DC4}CVjjHcx0{oz^dyYOK_4TzO87S3ok4ha>3zB#` zO&&L(ph3{tyM3`_li2Z!nXYyUK#sv7cQ*x&3I15;e_6eZd!GGoFlnivgTWOKo2;A4 z6OHF`PBTM+OR-*YxKmC%4DiRQgvpN!+$I`(z%HyAW&s-lkKM@T-0v?;n)4SXE&dOf zR2lZ6I(JB}A;r(G(y9s}EFSVlb3^in7Nu)lRU-x(STV3lhmOUk0345kOpG6(k=paa z@uaXBqF*=V#_T4`x5+N3s09av%$<9M^!X%Z)Dt!^$}hUHk=YG2@#xnXq*4Ztb}Ln3 ziW_tD89`V}8x=n&R;Buo@Noolng_R!K%V8rRC1&x0$7X zT@ymLXIaY_56&Z@V5U~S+k~D+*!QW>ZP{g z{P`SD@OA$W8Vx?cxJ|WD-8+YZ{GHvQ1ygqIY9nEaP9VVSGq9S*nL)@!(f zXVq*8N?#QWaPT|g#Ajz|^?qyZXGf3Aajz2Sv=RY@dM@S!Z%4Iv?VfcX1B*E9rT>dd zdj9H?CVznEyv=!vkI>0#J0?0NS6^6OVx_VFE$)*A55Ai(1DRT3mX%$)m<9DXN^SD$ zl6rk))U?EsxLI$eK7S{143Irqd>}yH&TPQo34kTmd#(*5|Yw34x;EQ9>0JuTjK_(IN5MRo#DsNjd%> zFsaF3nAGf~La38`BGS7Wp7XHeADDFHFHAZ^YByd`UH2ecyqvw@&ob?#J-x}=&oBB5d<%^v z_rZqd#R-P|5JbSS-6)iWijvX&Y#C8QzC72F@TRS7i;t+JkEji6n&@eL$QLlywr6@W z(gwJSRw?d_TD{CmWL=Tb$LgvtleOIBzQy99pr?v52oF2Qme8?eHJVk4-{SrEoKoGE z5FfMo&;vlpZ>rM6Q7_7M9`NR@oDySe*SPEHE4uUIn3kCw_tex=>28L44+C5JtpyX> zKuF5S53C)GeQM&kG{Pni=V>E7m>FsCh5Cf9;|u+&(-AGupv-d(v-7(D8JPNjs%joAmJeK-q6b%CC2xx#j@Qz_cppgj zvDU|yIm(;@L%UV_Mtw}00SJ@Izrv)S|KBj_M_Rl5t5oB09=4?~T-9whX*1f5malzD zU>G}8J4)}ofj#m}>)fOtg;3wy#MHSQCI|>!Xm8cS{p-ZkUzk*zJ52(q(FR~M1%Q)B z9lDTv(t9~X38HM}+oih3WCBXxuGneh0Z^t__H|h2pNpk8={3gCL-`1lf$!y6GzGPq zYOX(5axP#gm}$956;k6(oQWv@Jg~VUrv+TAH>a+oU*1m>8aw{oLdH!qcGv+$i45kU zuh~Bb&Dv0XZ2mQ!zA*Li3v5q%ZBW1lmBx6U%8W>u6~NmNNd#rB(b5aO?07T=KNxh4t6>FnojyUL!e*)+ffAWcbxk!3 zG+vwM2Cz)I%5d;=68VwLEh;?BE0Mk%J_6?ns#ufha~WGP#M%iaXldwS z89`bS$t?=W|IgW~E*}iT1UcFT*&8fV_LZ9OS>lZj3i33l_l?NC6xeHZZgoM}n^@CW z<5>@iO@UiC%f46oZ#3!GzceZ1D@}UP6TR}6CXM))CSCc5CY9OI{xe!dVAQTw(372n zm{soNrJkQ#44v;tnE#K-s+6q;5M1ii*?P=J3SsYsrQ3b91M5j$ zsD!i)a{cgZMTG;DURh#zTxhm@It9t5fJ_(XNeQ(kZl}kpo zPTQTUsjlG zWo(ZL7nyNaxp&@ySaDOu7=^;AvFI52>9j^B7V<71950WccxUN2&UF><siG2c32#j|`p z1m!}wAE#y;gjrkEvRVt~nLN9(*#*GwsSA-vo1ef&!&}n#h4viOUJmdSYrScn#N@1t zPUM}t2)Ut@akI$^xb;l^8B@uP^rhzGx7P7hY~x5#=tX$j(p*D`7NQ4y4+}iKGl;8= zwUBZY<7kfHoa$ZXIwJQd*6XwpAhRc|!u z2Xu$SKQt*^aD!^A?=&T4QCim~e6iE{pAx0c!EVNaJI~(wJIp2T+<(3@jU7^McE9<>l>ZCS4f*F19+sG>nwvK#W#;nH4P2o~cruV32XQ!tV{Mw?R zsyM8B3Z+unnEs4aT)tunWAYI$MrdWwf&mtihj$cX4N3T z39U>a2n@-_Ihs1@$6uQC{|;3FY0`g&s{W-(`vE9PmQ7U?hOaa!gaMEy)dJF_-&&Cz zfi&shD@|%t#T(Qi7!9OJYZi;T&HkS>so8(hqziv&(mcxQbcd=tG(6i41TgP=U#M-H z*||Ajf%3D&GbDQ%qnle&l5%Aer!tERj%xu5b|T8_ahiz=@v75f)f(8Wc1`JBEW$KeCiE=COP2wn&oo(oIs2trK zDN}t%AT#C^X6hF-hZ#(gURrQRiyDv)(Gk;V712UWit=qn5>ivAW8l@*x#RuKn#YjO zGedt)x6q%jC=G5r5cAfr5mF7}_udUOOU!(1=FtDKUhLCWWT=2qMqY2Q<(s|MCG1F5 za`a=9-nj9(Odw`KG`||a%OAZLSP}j0+$j@!&lS6%LU5}~A?NcHv5PPb3<`jebe3J4 zSvg}X&4uJBL>(67;V|B;!j)3REVOy7%KH5~Zme_!wa`VL zPt3UFQcg`Ws+73N#~An-)sn?x0{6rTA^Jz8&K02bZGAoSyw7*vx>ff_*ExN< zQ#nuPO<7sjWq{BJ6iE(n;&NFss#$V)sM@rDV`ad-1Q?xpRgW3F_5D0NR~eg|NOpU z8u{1)u;-+n$Nfa>pdy)lll13I+sr|}Dhaa`j~@Qxf&h_GtORtF%C>EaI+;>pYBb|}eL zjUp?=mDc;$Q^u?TWtJ)d+ z{spjCd3FH;rN37Ib}Ds1vJ`Mg?eGP4F*YKUxNF^*3J1_69ZCS?NoNvwYU-KduEydb z`$r~t;-@nH6B(@ry#E9+E&=UeJHUv%_}3r}{wJjp(u>W(d}=;UKe77vI^fT({u?6& z1O#IKTPd9>to^kx*6EpX;5oog_^%i0rUj5k&Ham%k^{_B03+28fC`wF=tK~(l>P zHPTF~=I)+`sQ}OZIj1ZEYO#o%PykZ`1Gr-Se^ax7-ZA0+@ZZDW=0X3iWg%W1tCySh zKZBM_>uCJvEryal;QV?^v3Nldj^E;vaAoow7q={XbbI$_tI76PipEyO^fIbH9&WL> zoj)d`zsd(d>LD6Tn;!&ac8<7R_kMlwZzdp(i?#>KgwsVm)VuFE%}sU*l!Szqsu~$CRO9I!~pU5|32v5Q|>q zQa7*-?X77%5k^TVMNhL8sSUz%8oa+8!MsKiFBQgxHTzaJM+Rn-I-7bl z{x|Z+_m9Np=`zwpZZdft;|cp@{6p)%WzxO>T_*kE`>#w&zhUyhUVT6f08O7#8* zl>9K-;#vqiQ}3-=eWT7z4_nPCzGtHuVBCsaEyEVIk_0Ij-;F383#fOt}g~f84!_<2C(R`Fu4{5rARniwW=O?C3 z%74?ODL4O3lUn~xlfEOR)RI^xdsOEzjZqWNrXmyXQrAE>Aj>-#qOER{_KbsnzR#DU z}Fjk9j667E>leOD`9J!PJ+OK>_Ulsg`0K zB*t5GP)U9&DMa+KMA-F@=UJYf=z5h72nLnnc)2KEO4}*F3hlJ^n*4%H*s$>y#O7yw zZ2TEMVY?d^Yrqmbao0f_vh_Wr(>CZ0U$W@7_Wocuyht4Sg~c2a1$b3#s^(o!NDH~1 zmKKC@Qw3)waVLW$kJLO^`MVE6!Zd9kEOX5fsHb=npMv7-*L%+pAb3sd6%-?a`+It6 zWlEbTWtY(GmO@P;D?$2E6?e0ewwAV5b>+Vpc}WjDRglQ|K|iJ~_y_od96G#QoZ0Ia zG_ouen^4Ogs+KIJVGe+Q#3p4m_ypNm?M<#fgmMG+_&OXJVWkwB?A1B9;Awt3F0S3dt%Be&2xzc!P+iriR4nB7K&s!iko+veI7F zp#-$QJvaVvZc?lC4bR1&NH`Si^tp;27a;8FR{v%y#;Rh#+Lk(zYYmL0Af~P|3VcGf z)|2{D@8z0;vLxcptR0U^&HgB^L^CdRN~uhz5s7YM1ff{Fmb>^P#`3(UT4k$18+Dpd8ZBj2#m)}6{TooWJ+H#-**SJ6`D%55c#UEg2ibcT35u+b2(6&M$NX_$d+hx3@;zLD{OHTQzTf`|lUDxkFzJ)NzFyZ$V9xuyuU@s?qC7vozx>ww z&f56+xVpZVe0@KbC0$8XRz|HABO5@5VF5Zt>?+KYpM?K|# z5D5!>8J=&|AJ+}&MUN&maF~6tT#Itr0PSDWEg6Ii2Gn==SOc!EaqJ{{`-)BKBHp6@ z*iGs_N+#$eaU#aU5@u(-S=&!?yDZ*-JFw#SHyQJ&dO!J7yN6m21lZ53+d?HhG`!x2o%>8jdX9+c#x06eviv5{PLi!tac4@5x#Oh6sJyCWF}QRTD# zG9EexbZ7Agah1FB*nz9xUSQ@f>sbx#!%~2`MEXov2?O2S$O0R(RU%Z=FptsQNRC;I z0^6M&rooc+$~t`WK<-I}7Gal>YK`!Z)===PzDogGsZeMYX!d=T&@j1+x`o$U&Ihir zoFKa0_?<64$j`#93)_U!7lQFjY16dBnWG1eB;u9=A&SIK?<-kER5+MwzG#=48jXqX zbG!3vC66I+la&TkZN(wO*B_ioC8c+1t#u zyX}*U6x|iKCA>F*(wsZSO2MT|oub`p_yt%=<6B7{4Ri1-mRKndc4eR-jL}s>%PyEJ zrr{_Lq>7*~YYMukyY@07w1u3!*05rUdU!A?84H*pibwu*r-$jYoCJ+}U@!I>Ym;cha zy*wV?wYxiT3vo(0L*t#I8Ow^GUG18ZIUA#DewX!WykTSzl!y$))=5J6ESpsaOb|bf z4i|vBf?RIAvOA#hGpLGGv4amt=VCc*g;o7wXN^eKf(JD!_ESa92W^|}%wjiTu1mqX z79TVhEcz-UV|Cu6fX(w~6}wzwomvuEtTVGWG--sP61R7N*0cT_CT*DA{+6ewNs#av zY9rk0L{Po;uCZG+ez#Qn8kc-(0Fic(VrCg6UCc){9mugD2W6l=9ssj&U7exP7L`EZ zKxv_5+9q;KLa(uQ_VTpeli|c4A97IMD{f_gPyglrxaBHo_j?Tei%&lA*fpeM#x1$1 zdGL!@OJ7cVJ{pzS5=F@y$GeMN5XGnJw{SnAqsYNZ#DEWH+G~1aXS3Z`^v4fPKr@kZPJc+dE*J(`)SGXe z>^$BlyxW=EKM$_B)!2ZjO+47@(;nknf|Mo!?xf6lYPTTujg249gVv5c1tn8GPQN7rwKY-C|8SWDSUH zZ|Ia}q@{f>{y__`Wejp!_>u3XH;II>F*KnwD(ydaE+IL-TnFQ5kJ|=;z$6LV)n!Dr zX5cjb=@d;ru<~$5Vj7jK-50(Zu|WnEh;K-<$F_||#GXD}E^S$6Pm6|?XFR4(op5*F zRp_s*ffRldE`g-Dt`ui>W#;NU$|mu?V*;s)ksXQ;9c z3ii@!f6mVz{bLvGU>B_OW6v30s5To*6;WjAy4tyvqRBmq+xtnPF+Au~*4rt;gC=M_D%(%b953b=xL@qqUwQ{=J`TP;Ite+Zv#NS|K{SFu z4#tcri8E@C*yM6Cd*pa*`yq-io}cbNb0MpW(<@xWPrD_ z=q!D7@3G?(yoT%M=-kpGF9mSZy+8YHogxp);v7@1_7i5UXo1;Lj#BuwPa@ME8L9=V zf6IOO3bpanJMkve*R*#1>NIrQL8N9#%6m&WI&qFS{^rNz5SUe}9J7``sD6+cySBWZ z%*pU@<(BP)p8Ru_{a)$R|2jG@dA5;mF4-PT03Lt(3uv3_A(T&tC@gK;SxsM+NBTh@ zWu}enX4bVNA%hk;P8Et6Y%V)5a+}ZlymW;iK>x?BOS?`^e27`FAB*=3Nd1FE!Ao zuu)vnBe2za3OVILNO!%jQ0ZR-Y9;c&NO<2$PkeQ>@h5% zYNfImR#Lsyl`q0LZUo<=h^^Uo^(Z-JZV<1mk}6kP=WU2X3Cy-i94SQx>C`7vq}S#n zWt2sk1w83?$zIPBiKC9g=Bf}*EBeuU!y&AB8(mFof6p|pb1Ewi)odmIiTa2=IuXrCkqPS% z{Dzvi?fz)P`F#7rP1~>|KizWaTYy?y))tKujVPE_OREdbd-&7#IJvV3%Z%I8Nk~Le zPELk|?7Hhhb>`QVr_3*e^+~2~!}KKjJCq>)@ZA)x`scUW76o^Q4F8MKEvPiZaf=Ca zxf|b=&T7unPxo*cM-kY)7GF!Z3qql1*Fy5i_Uhh0WcUAKr$eVj~&cnxDIYDMaBt^#wNPTIhnZ!VF<O90Mlr6MLP}2EOtHt7Lpj<&5z0t+{6-q@D z`T8kZYVqj`uGie(x^J*kF2thG*o2!TVMYVh5~zX0J9a6f9UJ8;2=RV@&oGvXDzxO4 zu9FQUX9rf>ujC!Mg0m%1@B)s`gTTcU7(tIN!JH8Wzac1PT@ zSDj9N9oOh*0q;wjaJEOIzp4MPbvks;YJ7EVr{f?*DaaJBgAi?))!{AVmue#XtqW=~ zEl(9p5%hK^W3et!+FQl54h+*l8z-6SnD7}yqHqE?g^dedQO6zkh?QUVb3>~E#ii~LP_%>Pph-4 zuN0K!#9h}WoyrqQD1`mF$bP5I7UTAG8==KP2Y02)QN1O)07bimttue}D>x^D?njvU zBoI842rDrT0gD)$xMCFQj0UH~14C4=wcAnzH;@-s2MnlW^r0ayI6H!a8a?3`{|01v z&d2RIJzy;Q_Bsl#-$&9GwxbsY;W}ATZcuwe#7wmmhNgegSQogse!)k1xpzNDBJs(L zLkn2nnus^q0R@49;9%wWt$T~R0EAVNbP{BCnwE{F0&@}~ngy1E$px$N)jdS-3OD;) z8`*=hNYd&LmGYru#q}|Q5j-e;LMF&+Oc5pP^FFQoXQZC7Gw@(#nMCccd56?}@om$? zwCzi8I$tnWM9}|Ir@234%KoNKUjmM>jv$lrUaNzWBhgO$cclc=sTTQxI-B&Usuh7Q zMh0MXZuRagm7!p=PCcXI&(Ja>BzmfuM4i8dE|}dM!co_T>{pCB+QA0-Ldaqq`Pq*O zq?g(U8quER2P5r@vsrDfT?cZ~$9$&f+J+prqp(F>i~BUp5EIy{i*qs}t5u-;5KQ<8 z{epBmShUp>x_+-o76=G@IDn(peecZy)9>##tqa+okTzjqVc^YY=3MYEkBTP@bHwxS zGTHb8PVevK^HJ+$7^Z1pA2;RLG25L^6Z`2H_DhGYEz|CynL1JWt>^QrNacv&tZME& z?+0pD(CGCIfk-fI`0bht+`&9|azRx2(|zW}+E-m8aha6d1?i9(-O zZp9Ay72iicws&zPuC#fE*G;ds`YSwWDlCzT7Iv4zG_ zQE-q!DcpLOqhrxSgm3Lo7ze154kV+4crFo0!_5Q=#&06;`w>7-LCy4+bQW$z>zMwT z$lGYoJ4&Lekjl_$bQ(|Bq7`lT%Zl2+5wmR^J)nB|^84)dZ)aDsM-mgLb5x%nkk!Ym zns!o`y-U`<+Ip4gPCPYqrukgT`h{2LPTAm&Ih9Te{|T&T^;>+la{%C@x+vUr`|G3n zn#+p78T1};+i`x%gBt^u?O%nWS&Yrzm8f&Q>TpLmDHC)ShDAn%L1kh5i6LbThX&cN z;92zsdUyWkospERP)Rq1Mcnu|=~XK$1o4bwxm6WJE1pQZqDIti3XyqODZ>F+mh?wM zXLDr#OnG=&lg2MMMD{Z==V4#{rM4KYuQ~SwoIg;`^j1hEmE7n29Bi;^Uio7r5QeD(xQw0Lnx6-%-Q-!}yKK7}1}H@I}u z^*f&R$9f8`u~3F4#dL(NMC)jn_^_nw)`zGieAm)*RGoJ^vPA4oWI!_s{^d!9Nvxph zYB^E3tea(c+yPZ2_?#fJUkU5rL$a&wOIq+DQAGTMbw63l1?Mt5Znuite}3?(qA@tN zh|U%5oS}(&)heqxC)2%}76q2bj6Er*#d@@?HvO_xZh^G>PXLWGI4M;v=C}QAp3oqI z-n2Xx;qTz0jnT#3OV*jkQPratr0vN7&FOY9e17}bBa3B+8r)adK@~k$CFAbZqh8rA zK1yO#)fv9c5iT;DA(J1U%v<~}PVuL-54ry3$9MBX;Pgzbf=~U5%I-hBVmgWV{;yW` z8a@ZAlw?gi=ZQv~CgSw8mlF%M_u0>wp789>+IRb*fcZgTKhp)*2S`0za~uZ4Vy)FS zaXP#^9sfR}e3)t;e&RU4_jsCZLI-f@DWxguPUX4Z{PhDNc zM7I6@VIE?3`4oBodXeCZFw>3V-#jfMnkYnjwEo7_(Z;j$M5uR2!oObKVb_ zmNM7WpmzX+BU7i&dhXNfvs9(7SCPnm%v*h+>MAEO!+WzS*T`%ro1U7GzxsjYNKX9G znf}-M$J%d@4_m{M^}IU!qy3o43>ZR84Z2=DQ^BP}OwVY2GtRcp>8JCsM(sh@SbFsR z!}6zIg0_2ng5YD!6Y`>T{6}LA)uhV_IREK3mF>%q`wZzU-FQ{fDJ|>p%KGo5BCMI8 z=p^}2BWdA8rFYD?d0+%$)M+2~HwOLSLUYaZk?gWTe?PC?Tmm|+VP&ie_$sTF! zU=C{EU2T5s)cQp3LQU1go(X@-_ws)5=S94~uEcFIXI$cCe|WBOs5r7bSKCJd^a0-T3eXB{oLZtd#i?QPv#f(8^*rEff<;C$!^j?x>p`ucl3-3QU+Y9ef|PZxYX;&=VAbW3)ZaMB z7sybylhdyTkK`UUE1X}IXB)-3>7d^=SW44HAvarnPS14435u#Fx<5MvgSiB{S9EBz z9X9PMvnn@@e_p>=C>12dDZ33ej3(5gH_5Q+FalM3SBYW(%wIBHze~RMW4mI7UFAc8 z0vQcG37XOR>v`^Ty-=%Y4?iXmQuWsKx|PTdYrg58YU9hw=F|#k{?YT|Vb(;`yU*bJ zlV2BpcX-LIBSsCbJ#pzNrdk8JxFa*opl}I3fpT6YNN5K2kb?muBd*K1}U%+ zu<$or%h8(A-j}EmhYI~|)1a=CHX@KCkh*7UzTm*Jx^$;g^Sw-dFZj3vFOpR&fB?TO ze`uv0O*&Nzc1}hr$qYi`Fs4l~-D!AC{AqL=XL~Z{E8}VwxH5D$*V|fYQWGkb947hC zHUXaca7R&jeHNPl6V}d)uK<5c-r7j&TYm!}MS6mIhQm!*r4P~?tp_brQ&W$BVI(`u zeL_#tppUtDbl9ay)nxC$1Z?>8tYZvY&iDN2C=t0i>fo>Rp=m8!A#KB?I?Ua2|1(M3TMgFKmw>zVq_^pINF}jd^Eff z`2$j%XV`I2Y^CekTA0eMddc1X2|>DXV<99zMjhThwp&|Huup30Ve z5x7}!BCxASV4(pRFa#;P+>)rNmG!Sb4Q3jLO!1m5FRELHE&79^-Nb5m5cFu4NuLUcE)2KLgilC`W1?=to2R=mx+ zK7d5x|8~rjVbeuvi>a)TKbt)9gs}kO%8h&PwLC>(cO;k6tXb`xJ`JTj?u3{SoR&2v z#aLafrrn*V6KDw&dyG_J-j8HrHvg!ksE)V{Jw!3`2MXz7Xbbz^;P>w|mIItWoLdtN zVa&t#4P<27y)h&ZNW`jg2b$eO*gadTs3mA%`TdxKFt}h`oTyCqMB+0kqd9n$6l!+3 zngN-xXlOnt+gQEG^UdVHXYETfGNIJtNX|P$DW+5QgZ7h=v4xSxLb119ipWVtH&@2M zN>teBvi@*=+Wa_29|M4!jMS}1AySk`@DJcD4WGbi}^Xh%9}RI>EPNxVXlp= z626`UNq{gZs5bjX5mAFH40yL)%S)A5p2OLVV_haKBYVMHWZyiWldfTb{}Xuk49OZ@VcqrsLD~7E3{zpU27w=!yEGQe2YOpQd;$)zMN)V zdcu%u5hTYMMa>Hn7OWJ<9cigJ6~|9(6~{RZuFLjCNJpFL^~cjW`tF17{Dd_VYyt&P{?C3lH6~H9sNVQ6)C~LdJHBNCaP{Uh zYEq)sh$AB0ht*#hz92WC7`b((#tWrU67{AUzqX}(czw-M2Z4STp)!j`FkFs^%o)dQ zFpj1yqf4cd0e*ZoV5eZqm{;XnQ$i35>5Kzmg`S;Wz~MV!G|w8who^QwaTR;R#bau% zg@*?&^my|h&Jik4&v2e*J61=`b9g@XRt~n$E52INTQ_x>FqY#+9{Y@bJj^hnN^C|?;yJ7TyenYqsk|GNB+k16j>sHjod3OXL%WHDgLYo`#Y zehe(HH0VOd-Hb;d!ETPnU+$C2DQp}{D@|hV2XYDa@-C%_7uC!+qhH1~a=(@$+qvA6 zDjV~WI8mEJJ{NK25iQ$aLjP7sjp*x=MOE2<)w4R>9P^r=bRIs%;K_Itj$|FMm{L+| zv*WFIFbsMyy2IueKfb~@798tbh0uB1V=u zI>v*HnQl%-%v=tfF=dTl!&LQB7kDSvn||gOVR6%gsv1KZIx)v@6$9e7DPNS=mGmlP zNVD{5KQgrM%Ix?ILS_D`aD$zZo^Zg@x?;hb*plNZXU8str9chi;pa5vM(*pN_%Vg9 zL0)@{yqNz87OUI_bZ`ph$9)2co>go&-SQ>pb-++bXX!A}YQsLG$rs4J%_7#Q#lR5K zv&=OtXB3J@5gteOy(#vZ2FAUUx!{-;bSBDS^`*v*byD8NRSiJe-r+E^?~X zH<{c;Gp`2OB|OTRDNf-AEbc~5T-n+FT|mZjZUL(h?h_9D7Cyc z76Bv0Y|YoOc138i!Vd_K8^z77nc8DgN$NbZnz5{mQ;W4B>rI+CJQJVmVF+IFl8#%K z^p0%_3Vl|Cw`NZv(z4TmMiILDquC%CsMx2P>@fr^sy`nx*pBX~o@nq*hRZ6X#FmM{ z58l}nvojpi{jvj|ku6ENErhPCC zRe`c~i(i3gAv0<%%8gPh!Fx(NM@O@LL3@MqP-gT2Cj!H%s}R9Abh{}0^>xJg1n&h~pZzABd^y{?`XDG&SQel&L)>)8LH?;jjC z$IP4$NE@017_uAyL$>=bc39F206hVfLjYXnKbn*N>UGOW! zMRe`|R-iW|enDn^D6~k4+;C9jk6$abFoyB>0-llQ;xikV0k_NAa7^mhjSjAZ8AgXw zVy6TrBw7+J>JZC}Rylex^BwD8qyo;{G!LmF-jBonw$WyCtWeD~{DZ4l^Us8dg_}k? zY-h>!taJXjhHKh#Z15a`pw@t9(BBHFI0u(?T%QP^A3Xr@Oe1pX3D-?f_MJB8-b=NU zSPBbbSm#}TwM$zHUwIEZXhw6SnwhQw*;)<~d*c(4#zOy6Zq7_uW?J_TSG%LW;`p3u z(_`iWvy;s1Ii|I*o{4t62MZqB-!Jo=jm%}HJY^;m*@PJ}?5&(?pCPjvDzsyxy&uTV zRJOr$ha|oy_-&<66|0bnZ5u0nLqXR>4=HyHuWRPMOZR596LQ(l`agTQ4@nA2UQ}u#F`WQ;z2W;fDS2d{n2HjSM0wIDJ}r-{Py1tX~^FW=>(udD)7HM zq#I3O>6||9_>qhN(AD`oB+Xko%o9T_HgcTand8uUv#^B_6 zA>^q)D8qycB=v9_MxY+ty9(&m;sMnU{QhxzP`EFIP^%j0 z;q_f|Cez>_0^0Z&!#sT){>ONFZ3zEkJfmB}|1q8}O@NCFNRJ9%X3M{9hqb zz)AiKk*)wjq=1i>fh6>Q1=21kvA;RlUw>OL z0t}tKipFz72Qy`>XS4MLp`c?BJEtL`=(01SiUlxfWhK1=8*(Swp7L1bi2FX{|KZ+S zGUTLsNwAO~XDob<+oXd4eRaZRwX>B*6d1^nLm1$zR4lGBCSDVeJ>_fYNu-qI zTH+MRTS33ojkR@3&yR{J&ymq26>nNaqMfn8O6^NmKfma3HR^7rHOc;5by#Ppj>h54 zc0Ym=HP_u3QcUv~^0e!++7iIWe(zkof8ls%)VHqr5NQ=1nI0Fnx0*!gYwPANUe@X?{!r;|quJxQ*ebu3yL@)^1|$!4}9zK=S=T}iuLISzjb zqax!UczkKoz&QG41m};7MIhlrX4F~ylDBGCckS$hC;wgZ2aI@z`20pga4y2F*D)xF zN==_GhLb?uJ6RgET2JG9SSk^Op}VkjO>xb$)t-0CzAP%3mfP?>`o~cvI{mg@&+F^bC4*56Z+NH-NkTbsyTtjYH84+r9yX!)cR0;feE{g z3eyJX$;Q;0*t5420|KTbbx%SvJI{$8M^m%Xll=^<9upbZlMa;rX*QY9oVC~UKUdLLs#gxpgD14I;TjxuzmN^bX;zYr>?DgZ zQUaqrJFFCcK{16y!SP5IFE_g2Rwz2gC9u&0$xdR)@`AO#L>@PLuzkVWA?60fik~xh z{54a>(sX#GMDcOR@#IwsxAn`9b{w6)KGYM|Iko7mI<{zKh7+R(ah~t;*SS#6ZSR-E z?lWVe85v3q$tIOl%qwZ6`QTqU$q7H+vvlrwc*#-a{ogpzf1fb?Y|+*^}3zEXhhaO)eWBeUB2sIJ*B_RbX}xE zZz(-**FI2n7h3V~_S)$rY$Q;F3pRbj5vrQDMWnJKWtS%hl9>4^LCt-WPBK@kDF`Rw33ioPzHsHB*LTfk)7#%C)E*bV?C)^_OGm1J z(cZ%*DFdBYwtdmZPQbE7kP+J+w=*$-7xQ}@_sG5{Q&E`$4GGm5pPEga!$754hx^ZS zaOC8GxoapCYozlNe_h@4f4ivWjFEgI8aeuJv(kG2j` z|Av9^;8kFa-*YtvoVL{OZ85vQIcz8uAf`xpxOu$!F;C|DO%ylevYVvv{du)?CSN`H z{nRKP5GB?78zsGvf4*(ATohFZ+^7!b(vNXtq&(shx$>=_JV_zHnkv;XL7bfs-I|zy z&&rU7-Py1$W{~)kOawJGcWIn3^H5W1j5^w)Ye3;59qnno$DJuU&0s+B3+V+=JjGr* zrtibxy--7}L6}(x74!=z08<={9b^rD1Diw7Glj4Z*CukAxe~DgDN+q4XW0PdwmE5r z({WQbLr2BpK!k9B5*jS}!QM{^ZQnM6o(CRpS)u2V_Q?kyxC~Vb+NU05wh7@}hwDgR z0Ow`{eb>+o0_UR)=Zy^Kg|I5-mS<~Ik>(kr=HqiQfx+B*kG!p>E!0{tA?xF%tqC~| zpXPx&>X8WDZ;of|b29+fS%#21D!9RL-7;ii^6U>A=5MdoId#i}Z|dn?7Jc_#smcqV zDq_>FbliF~)9pN*30Yc#uM~##lu6I?2k!N1S_6Z}>bDY@hjLH{Ute`oOs)Bnec1j=4^8p2E8YY6 zZZxQ=9#D`jcfn>ln6!feE&Bk$30ggcBmzuj6LP8`O^;x7Ja=#jxa8_@lR%!gI8^Vdf;@VQ#gC_Ks35W)J^K&XdHFj6K^ zLd*s_U*sFFlah7C*gEOSj|>>P&7XaUQi|Q!1emD)bFH~P;`c8l4(@45ms_8}f%zd( zs=ZDe1V=W_Mv<>Esrq{rESyy_`fFcrQ-tBzu`X467o_)M9yzx|fjBMEgiG3TYZmuJupptuemKmO=v7AHVTL%_%jgR(mvsxeY4d{DNH6rb1{Nmxk2MTG|Wmt>Cf-Cz^$GA_g{EENi2zhM{s$Xcl~lg9x|cxAWV-_pCmArBf{ zZw`&WpfV^pIz|by05~kzLT9&S1LT}7*akz+gCy=8=JY-l=Bg;~ZsZ3ypt)CtpV|*J zGiH%$<0v>IP(~<$ji@nig0b{hK&?hXaKTPbwCq%^nASqj%;;Ye0h5jZF8{q9v^$0dX0^f}Cix09zIzjAvF ztI@68?8HZHyocwLifcfxr1s3hLYW?>Fc~pt#csnWI~Gqp$;pI4Q$ZFI)Jc;o z{wGLE+?|Z?%Vo*fQxG}e5ff{7(QPxeRMMeEW^|@Ihn7%#ut!o^WONXO=3{8tk=J_b zIL;(yiXMAhcS;Fy_1iFWS=Z=B5Bk$xR`1ycD1)8(Blqjoer<+oQ-l!GCm6~-L8ADe z&0d#@L^C0kWoj!>^Bg@l(F_J+Q?UdzsgO)2Lgr{6x*XaJ1>eg;l^VLU7=ZjkBeoCXa$Ft*o`1UA! zGfrQ9puf6wK$ANK=V$F6(6Vt^XrUrPVxHe6jGY%=pNqx4hyaNzhK&m-q}Ojubl3ol zb6ptl;GEOa*Q$V-T!=rMX=a8D)5?@?_= zV|VDkHd=ifTWULY(UJEER?>(No89M%7_S^et_T0K8}S^l3@;X$Agr4Y-8iIEpycHW+L*d_B^NaB6pP z>;%>8p#z7FOspGFB=wuYQ+q|qumO?<(YX(=JG&E;5AmiWR$`Lf5?KRcOM4@ZEDT0P zwOJk!-NF~D%Cp0ubB8Or(00mP^7Y!Qys7zSVd~1S^I8*~v5M#|Tr|)A%0D2o>$d7% z$inWL9x*V9Nmgpp{%!Pj4e2QrdsUid#B^EZhG4Q-e2>8~BnKfZ5* zIEsyxiF;=+BJe|f{WmG^f z+phQCJS*j4*&WB)4IsiD^sK+P72^~>AJEA+Wrb_P>0$aDexWxUcotuU`j}QPeO!gD z1qxU7DU4og=akNf#xlT<_kla*$g!G*!|Ny8bD3#ds~`3)_HMXN=&A@AZO=-VfAur- zsfEvVh^Y5`2jcYM_yYB*Ttt6$h{Q1Ro6+=Dy`fq1SLE5t7!qDdm$GUBQ_!bRhVgJw zuX|iG=I<6uc-KlQojkaWCSk$8FI<~MkEj+$nyLj)*6Obp^Nr`;!&CvP?ycu&Rjxl{ zJ3q8oz$Wpr^=3ZP8V!V{8!bM{eE9VvpfXpwn*y?-q7_wWl3PsM4@l74i>>LKO}k#g z69)AiF!MPe?V?O_-xRrS;gZelWNjOTf2N-L+6^qTo0m5!^1JR9cghoq0&3g4)?*IB zM-=*l{A7(^_G)kaRRQZ}OudR{@xXXE8BUg5=JQ!&R*dvq=o>qy5uQ++E9f7+lM~&> zXqy4;&cTt`TM4(ac;B;~>>ahZCFgnXJa9waBD4FNxsD~UpqqSB0+`=mQt6W^#!$5*6JD^W@*^uOzV%5}Q0-zt&pghZAr;K$ zslVBZWI$ze&keTPybSz0x*yl{*H1n_hA{c@$rP%8{94?6wd!}lX*g-0QvDrW-aGua zOH66#AuBz!bC_g@k(6?XRNdYYNj}ne3S-3!#(8(fvIp>9f=R&)A7?>?9mdq_^*ol( zjkibLGPAb$^2moyWi~Ua==rHGWzFi9M~+^R<+w>1wuu7ci?8`iN-%wH?*b9b=f2I^ z7P;0kBaoR5y@y}#Iio}GdEGP% z*eQ}PO!9=!&KQlAs6TqYtYA8zN?%s|fJy@}Q=&_J4pFw^4%( zR`7^I^x3@{vNm3+?S!_Q036807EVM~8EGS}`WzZ3^HY;}ps|ffEw}L^u(`Q37a1nI z*fQ%u`-`UCv%+gBXCcPF8tJPmVHBySWh_fIJ*cYfI0V& zXEA2E(=fA8veAZ6dL2qefUZ{(Zys^P-K2(84V7pG&Z}v;DQY^DDnzgGEOxKqn%z*F z9kWPglLL+gX*-fb8FtP92K!kN)}Made9n?0j*R6-uniOsCu9TBo^|8*t=VrN58Qo_ zUbFGQCO-WZ88wXwUk zko=Bb)_-nvU_Vqlj0H60?}(W4tFSaa0WVI`go9OW&t`and~uwGAI`22wewBi0zi0> zJ!=uwUwX`s@K+*$m0)v7$fDKn2sM&$*lkVX$q>>% zfm??a%Y*QO=mS_PejEB$?I8}kt~mBE6%KGLz^Bz}&pU8*0l`a;GyZLnUK_9;6`+O* z|FOK!<8AQ3igng_p3wh7Zr+-|li3?O@hw5KCXTx&YNCB~SH5zNML*PGYPnBrY^{8n z4)PhZ-IH}sO;N5!TeR${#lLcH5{&LuOrEHKz}hqg=flmD>^(D@R2ff1Bz}@sKc$#tG|a39uf!Yu z=PE;&^$&bNPVD8tj#i68^~y3f-Hr;DRk(dcT4Y1my;h*$kew@734=1c5-|VWqi`Ti>(& zX>}7|5+b$L*3T&wSdbJ`EVLAgDcnpdYa#hnc-p7kjvNw)Ud=yFl?k0JZHy6#5L6ct z*FutE3(8wqwl8M9By;u}L4i+8<{S9RUZ5RFYMdRV?H>46zJdlaKCm?1Ul=lK~lR`eAbhcK})@IjP^T* z$%qo{D`n=g1RuIJyF3Rcs0rIo9kZ~54Ymc5N7}bH7!?jrwDUA3y^ixlp5tS*+}V5# zrlkveP1Ugpz34*Wh~B^Fo^vx4Uz}2qn+-@k1R;o|%ST}L*JO1}NkisrHzPqZ)b(^3 z7XSEKN!+1sYlU4V)b)&v4*OO@?m}k%O0UYuG{i8y7nf?I-L-QdA6NUOO81Ka=KP|b zQx3g@J#l!BfBI+oK->!C(G@XuiT_l9FuI;3|yD`AmwWeK0Lx~d8H>PcDquL z=4IjB72^}c+N9xtCU9$6@=1i*@!O~Fp4L8jdJ)egd4F=Lr<0DEt(mYd2_Xn&EU{i~ z1op>GVL{R0|Btx042q*|6m5~=T7pz`#XD| zs(XLjI#q|Np6;3M9;kV$sbN^pT2yP@QNa)MmgQLFix7{EqzPG)#y}f0N!AYK48Y1u z9t}OY56JsO2+nk96DW?6SVq}zq@)sRm249n2^9!RoOSXn69mWelvrTI#S~&n2Q;9F{A`?yIx$8Gc)Di>Y?w83Z-&soD0b z{v6&$Kp3qICoga)6kt94`e0bf;M;ICIEQuRLcilHUW3(N>Vo{dAR3(}inv+oDaTJi zOdrpT^eom&3D>=kPM}jyaR+M>rh?*3ZRb>KE9;oF=ERSMFDnWbIc=htdIUTsM(X)` zC5&O7yu5>OmbmS;Yfw2rsGh$u9W7Pukq`~BmB61DX`yvdt8YT>v`;*1w7CXr6el)8+(Mm+Q&dMcJ; zGxb$K$XTH#>aUj$r|e*lZvcPO`Xmg_9U7sCUUm(pl2J=JCjeTBI25<+Dg~y$=UGT< z!v$fq`}T(Vm-_T!1yG*~Jd&4)L1`rAd}5oowGo<&0?s)ir)`vxl&l(L2YfqW)Bj?h zkY9lJVosLCA^(GY_FDn($N#}T1)wcYDy3=DUwbec9ANqA&PtRiX|jN9G7eQ99bV4d zq?>5mqz}3$_G{_HQ-BPP5u{lJL=Qt(bz82{`(gaI3K5Z|Mp|=8C(!y@6MOub@A2V@ zD-Bu8&pLX7;vW4@hC)T6f5P|CjTFZ_vw#1W`wZjmmlSHE7)d0R7gyld3%Cg< z!xL96Ux@WS>)YHlGkIuA93|l@td?q0@aYHV0c3SCVN;g@C9$!LBK|w+-r^1L-8;qa z!r7D8v#8XSZEStGKqxW(Z1n00<3NaFI-qwOu@8c+ku;0ZZq_runw@w8>n`5J5Vi`Y zBez)EVpDpuf3)Q;4z8TGxGZ5O^wb(U3XZ%Fyk%aj+D`siD3a4#Yai&Dz%^CKJ)W+ zQPth%72|h;)>8nYSkd83Gpv(8oa4z-W1BNUP^eQryk;C!<%(Wiwx_=RcG6Vz3E{t6 z<@J8dop*9Evyzn*0T-FqW9=chO>B(t1~Usvm8u~g?0bN5sqOK3ix9z!p!q~ov<;I< zr2KtsyS4<>VN3IcssRB8kz1v%?2Wo;#q4D=WX_j%h?~CqMLQ7({wE{#>gDO74MP4m zBA}R{YWXVPj=~PF=bhQIsxp;P%-)~6X`S~o^ZU=x`xKAz(J3K@k3{}=he5kglLn2} z^Y|654?nlDuTz%9t3ox8e?Y3!hIL-i438>Qlgtk){NWER8Xx(=Gu2NQ?;$ztkEiWh z5Ir7p&4^^sUIA6xOT~8v>tuE)~Qvs7WWiM@q<`EfT0N1Uj zoxrGM3Ons|&S#ma-9scTOb9-H1$9i7f2{<{_lYg|MlgTpm$pdV-#5TZ?0TWgB0Tj7 zkvI&R7TNQ{V(gNR^>ju9=}g!?29?jGNn5gOi>7+yv_}hcO8{>EhNOXt42$S2buh|E z4;JAUfMw&!s!0I!RTV}YwufN}#v1x~y;28f+`V{BSybs;j?&$oY_tmealv+W?292- z&@AoV?}*qV|8F9{EA;2mhfHg)3!982`OoQ(EN_=rf;2cX6z?~2Uyd%UHjGCn4>-vs zNymEPpIcXKWl@iRH4tm|bU@9gBmZ3Qo;5rKEmv1xdY;#(uU3A9LVoQ(&2kmB^9Q2E z<6tP=!?aG&rxHcs{k~dPj$&+Bh3~KS@YOs{GT7Lk(*$PG=qGETYqnq5isrs#xzHIiVERHZ**r3%xn(@2WA z{*<5h0FyFMFOc6gWEl&(!CI}Tp}-jSWZtLvm;B?2eO|JPoJf5OgF(_h_2NJpCJA1t zTqFt!NVbd}Ofrshg)orF_zvs zSzAcGpL*Q3GPyJD<)C@*BedacOO>~;-4MvJZClNO70fLs3TV+r_*uC|+cWlrW+L!{}<}`zT@AJyLo32VwQPMvx@twdy>~1aw zb6^fFqvh5IP4C`Uiy!yzo>^bLInk{vG}#xA$7hnysH4*t)hmA|$^W}8tSxwY`%+am?|^&!8N zZp;T-3W~#=vvOY)PzaGNa(eY3=|oz?{0=S@QdT+a&0o2)3=_<)qJ3G-#UfArb&5X0 z=0}_QOW<#ZbkYXUAI(Acuv`WlL1iW+DrRj zx!B{Gt}B2m;Jcjz9fO~IsuFzXEy;UlMxq}B)hz?|E%aj6+lrw6tM1dA(mw25matm^ zat5VpR1xAy2^Y?UY)Fd#2CXsjpkyyZf>?77vI}-Y`bWQjOtTr*`@kWZHV8I7efAFv zR#^Wn{M5d{YhoIYrTnlO+3uj3e>lKtCP;2mFtuNP;ft#pfwBB}6Qb}Ip2Lz!WtZ$$ z>BiAiZ2Y`GAr9A7N(qv2${lUJ)hup|u6k8DJd0IZh<5`M?v2(7+tS-s4`hi{F8524 z{8XqV4JXQIIEOk{xhxAnXoTqQE>VI~tl2omJtSAhrZ3>be=*WAFAj#7&ztS1+exg2 zktL(ycw0V1Tv7;!1CQeB0%cg=a%LjMZ`O-x89^*m|$TjWc<~3XW&(BccF4&Q{JI>jDGIc-pBF zPT@My?M05;-&LkGX~Q%D?l58WOA9SAg9iJgU(Y2oxMD)2JK133+V~p{;t#aXNG0TZ z7gGy@uR5=T!BPI=H%L}M{~&?V4%+PcxjD*;1l-AsMB^kzX_JESX>9ESWOpGqkRIqo zOe$~VD^ZDGo`(j9N6h-=JD;Y zu@U(IO-3QnAVBdJOGUtPbq#3u>l!v`-) zCunHmfnT=p+)nJ^o6qZI*u5$yizJGwWxUPb?dtLu9cuC&4U8MYDT&Ri;#%} zZs_xeZ8Y5MJ=ykfJ$Qy6+ex{PlLo@qKfyxQ>D(c!YCv0bIc>%O zgWFLLP&LdQs+<8lI_dWJkr{)>sPme#Dkmp1)~l)`vR}Z|!14oe9G`1E0iRA;!e2f| zyc&Lw#RD;?p9&af9P4K6Q?3~e#uMwZmO~+-4TK}_&bRuY*Z1ZL*F4(NnE-j z;dMMQ()ul#y0bXT#^+2oIt!RtEW9^~xuS!tW2^vifhIqIg&K$Puo0GMzba8F)BK0* zKADN>uEmukA934?qbZ;}8o>Fp!$R8?N=Y?mVY@tJy_xDxr#dSHDWe+)JFI> zJ(QQYL*&H-wdxRoAAzr}8~4afM1nV~BSTpGuYy zq$gz|?FtPc?f19gGVOS8gdS{RR&TTSGsJTLw_kmHeDSbauS$i^a)Lslnl-R+oYZkR z>!{MM!b~e);FeZf=*haJMcH=ftELUEWFOVYqR=9@;Sa(KX7%rSp0?=e6hJ+hS1&M+GVv6e2>2V z;aRf@Z-T@8(CIo(9U8rE zl{Y`XIVcYCksx*_G6vGAouql>jF)-B?C0*9$(VYoA{o8P8)gB>d&YhNQiLbQJPK0^ z+rO|N+VIOy@JL7XCDd?c&?s%j>YCXan{5m=wrXoQKt1#W{lB`SfU0MWD5!crQG{wf zF|B?Kc*Ec1=+QWlevB~9Z14|`iXVSg*fpYBueN{Fqu*+wm1y|yofLejlo7%Qiu3_V zoChb8CcyJ{kmDGtpniB-{adK{Y7sAFgNt?`AGWw#1csmNcCd-PkjI}({lV{z;jlwz?a}J55K(L zNI*(|rmKofH>!&K6CMSmJ>LOoPe5dJ27N}C82d~+%(NPBPlRdN7_fl^=O_#TxH-!R z2FGDL0Nl*zb^$RhtBPEO{cVp*VZQ32)rJBRp-^RiN}*i@D>%O)Jx6v~7m>mRn%n+q zh?)ZSh^XJ;wg86H4G@%l0c-s-+~>!_~A2>Gf_kQkTQ7fWHAwWFCF?c7Hrr3LFV{k^YxgSuU9G#XX-qh2bG3F z1MZxlK`d|@XOz)3fuAf0Fh^iS;c&D&B7D13&5L4TWAiFLfy7};!m!{mj-;y5equYh znPO=+)4S5|k7EXZ?nSk76mOpu?$X!B4TW|ISY%Xl!hIG#-IE9ii+c~|HDBBs3KoIP zFkz-4#(_m9@*qT1?lkqqOnIT%`H@Pfzx_?okZZ@(m*z)eO{|5P^iuhq%b2)R9Slz= zW1L23j|sC*;NSRY4r^g@2EHFDjgbooDYV^Q&VAtP^7eZ{;lfZf!mIl2J9#VZcSmU+ z*Evnk<%1DUW!o4}dn+*;&Rb0?;km2Z+)bu>&A6zrfc1lsTzZdNG!FcG^%Ml?lx90K zD}Qa74lkU!Pi$`IE!ly6k>$Xz7%+Q_8s$4xdwr6KJ0Z(fX81PAOqieSodHD|Z9zB1WLX3zCn|>S1mG+KTO}56)OPsQH>4^%af(ZOIVftO-yPs(y7ne zg|H;+Z#o|Drw6aokK|=O*+Nq<`%sU`mvCs1sB81Knz30Ko?h10o8*=cOTG-wTpnW4;UN1zaoB?h~`5E`(Iv7gL_#Uuf0TNl}hNB5|0O-p|%I!)3qw zc~YRLtH!Gli`D$|r;ANyHc^T=L)Or=j|v#jZpq*RFMv zh?>DI4VJvT6*VyE7aNf91J>;H=p=5|&rua?lpU%uj;j~U&8lUU zMs_GMs>k!;DQlZI&cyb4BkVFWCX9&`#88EFrF3*W!CK6;r^}>ZpNN+n@L|c6*udP@ z<^o6<$mKi)?F~fp{ss2zie>c)AsT6SoM~WFr9mFgIMHYVB37P4uGJBnViAXe$%|kV zXf|ZIQ!rmfbD8;b7!OZf3rq|TaV-_J9FwMc;`?E~7R#sfpMHFW8TaifD z%fmqzz`>iv`_k2u6X5f06Eu#D=3a{%gVGJg&c_QI@0LhRD1rLcFSj&yEF$`Jf%9=n zAphJ;3c4}HZG1j)c_Bn{ekYyd zt-b9@@QSUi5$^%PEC?;E)-UR2Vvp~X59wThkFjEKG}}0d#<=)TM4tj=I zI6=oaFACpa4KQ)%;YXel)1EjxI3!EWpvNd3t0hBE*XEwkgkBJv00|bXSVoTEXl(6R z2`O8qa5=qTY2V-Cc%%Vd9P!fv07-b#Qvo0eS6F+~vjsf?S-#wtu3FijO_-TQqt)6tuTyK~88^5vJv_A@Vk01f=MKPz ziAL}F1?^)88KtnT(Q52P0jk=9wy0-KfeH2iaAtv$qt$Qpl9*Pxb;5gIy-RzC;Mt(1 z)5{bE$V7!wQVq0^H6CCk8F3SO8?1(88OD2QH=iES`vPA(`drcC>U^t*vB-TOcW0kZ zKl1$(BIR$Z0^v;kQjTcV?fx$ZIHYBWNICIi6GS(eNh)chw`onB{|w5dKvckvX$Ny0 z%44ERP_-}KM~vYa?!x)9D(f-=gS`*3N;hZ1?gqdD?k^rQFW+#BfMu4}5eE zgDh>}&uH|=NW|qJp41vR`GY1H%)NJ^l!Pp)z~Rs0KrEX`R9SxMXv=7o-4*Nm#aB#d z9}0U*#;HY}R_giXYpY@8CIj=H;n!B7GRmbMOj(r9LIhGHoPCWSd6vuh@M50nhPP=Z zztaFE(yPL%yyW&nsK%vZn(m~k@Bups-fPPSQhVys^?b#8w5$*_dKBwo%m)QR^+f|% zQ=R4>jQi^+=ibFkdnDcORw>O!t*dT*c;`}mw=+@(2<_8aw?CDl21$`LDp4i)1@EL! z{vd(0RxHdqIqKa2Bv6WEZDDg)Rtpc7y$KhFaOMvZxUyc&j`1L%3j)63E)`Du8c&~? zO8Jf_9=09S7oP!CpevuaQOyCW?C+$Mm;-F?T8d}S2kn37OZOmu0p4}sIeV=g=5M?O z47}AQY6St+Z7Wy7+U?)?I-If=1+6E3#k(xOO}xOkqTI8>!Z-RB8J9ZDD)5<9 z^mKw*eyd3B2aguUxO!k2&V|-o}p> z3=oiFWzB_?)4uZOoII8G$-T9x`~fb@h#4xuV3XfZ&JYGwO(w5~v>x=U)(5mlp$1nMhp#_n*Y0udu--;Vh@ zD|1y9;S2t|b7#Gq^zCv%+L!7ydBscqVf7)MJ3xpO$-|L)Jq}z+-w+ijjxs0spbGcP zEW1X9YOd#AL3ImA1ibpO%EPCpUAZ5Q$UCmcqr`E_71u$CV2qIZPIhYSRfq(riw^;V zFp;s^-VOm6zIcEutPu?uGY|@~bpR#68!*B-O>x@gjq6NZJ#5Lhy6V4XDO=ockL{(= zr%qHuAU6bzz5sjHgARxMntJX_VX6BDTTZsGpRr`|b4o(!;g$8b{tAE&Eb{YPyAQfP z$JRS^+7==!=VMboyfb>T0)a0C{Q^U1hp|}zVf%a&6ly#s97*s&Y3QcU>IUeLa!H`5 z?<##IMTzNcp5S96j%{pzVxTA zNNQ8&Y6pZ7YHF9xm)}xDC@EL4ADAv?h%b)wurh=>zaKMuNGz$+`<2ZG75gu*GeLwN z+)?2`mLoF*@xurYX@maOu*GPX|5_m!-!1gJ-nxRBLe=`K-qKNoHq>LiyZrZ#!;sn! z{HIwFWD^hw#Nsc558u%t%d*iSwGqs>g+KW$a(_qpOSPkgatrncwzATBWYlVt(KDfx z)O)`WOJbMr`GJzCk)ly!d`Akvh(mCA?t%Z+CFeBj;bi z*g20>s`-F9HZA)aWTi8&3-fi`E@fWz5gbCyvh3ZD@Os?UC2WC@!&;fg)THC|e0>j1 zvt7}&Q`8mGR|!f`gRaT8GiseB4WeUX`^=*^4&TOnOPz{eK&dUsEauy<+4raf51{sa0Y z*k3r|LZFJtrwTu`paX4p5*JsHvA_a^uGMcg@*Y5bZT0;=G^2Q+%RVY{(u7g`rP+b4 zHs>IQ(pXxHkS5-N*yINUqfq=Av1CnUWmhJdjAQ)Mp`5v^r`Fjh;Ru~fnMy92y3qQq zlT5}mmnxNCy}4ApyCujZsKkX*bd>bYvMW)PvBHiV_BoMOCs{3nhaKm4O)OrAPyL)u z$(6a*Wjzb`@;6>`i|2`2=8N5v;qJ6bxdzd$!ykIm+F~k_X4rC20d=;qvLXKCm<#KG z3aQk4_=!$4NeU*N5lVikHReR%FA{9rJ2&U{#U72J^FQ?0zKCpA&6-m|vwqi}i)&0F zXE2|f{Bj$eLD`%@(D7qENZdw^0{ zOOPc$L8C?Yqyz)NVH+jWntFiaZ(?nFsaDQO(s`0RUF%{04OT+Vsk5j)88gLQZ;>p= zWmG|yiQlEYz@4i!qYQD45uFzr3p`w@Ec;$&!i_y-r@q_&8X z^s&yqRGETs)fapxs2_ow+n1c6*`zvkNVwvhS~34 zACm*7=I(6WoUwaL5GH;xkJ0?1y5gmLNJ1xP}8Ps@f6<6K*DXfL)~dGwV=MT9T#!?Ykx$& z8=U*ekuA=srprVm({bJYc)?PFm)$zb^|BppsI{--T9(Yr=f9<={4N1DJ^_9z(y~7&)&0^Qr1xJVbXINz?^8zaI8l#_mRAy#q z+uXlvm0Xmmw)q8}87E`>Ri_WB#cOu4s6iJ^MpxU-9oK@PKt|ipkijF6G7wxjtfUb^ zYW+#7EQs@6AI8YL+-+GT@%GZ27}PX`Z(H9&P7);~-eYd{r*rh$G?Hc5m*Hu(C@Tyq z1hmq_@+E6*e=l|)4pkDgamY9d{r*8PNU&UtWFRPFbw1gbPB#KJ(oaimSxsK79zr3( z1YaVL%2~URRQ;7IQ`4l)u6fM>E|DRj7O{m1U15S%bqWl{Ty2B^*;(Rt;{$_c#LivW zQrK#~P`OZ9>3d@UauM!{IXw552y4$(;=u;>y#-s9eYffv75d8h z$Mx5NHs1;~Ual=r!4J&bC*Z2-Z+nZUunZ=kbc0$pzl!Qc^xQa#I)SAK#gUw6t?EKb zqT=U6F=)f(P9VMWa(P}%@$0@rv)qU~WpNgd0OXWT5dN)?G1F>gK{&W)%+*iUtN-ZL zU1`?Q`3{9wufVlO1OG7O{r?d1BtYcv4M!pDP$<+NMik+KHg_0x0@T*hE? z_Hi%1Sdz~2+skL1e1>0mgYbNwmf6lePh*z6=uzC#yI)2>rCSB_+>5a4{v)+fPr76Y z-`c_rsC~oRdvI5ZB%vfg_=j?sL4l`d|Jfnr1Hi&S<%dK{av|XIMxCd1y=OUYhPS8o z?%Hks6i9u`1rhHF{}f0!i6duOd<*mJ>>l}?wq_B;ZYw-6W6s3E)>`jbwJQZhw(jkL z?<_AvfLrHv?g9_p7a|%N1MDkt?2}X#Au8&7#PTRt;#ctHnl26k8{lv6Tg&0Z%aPt2 z=r*iC3x9TLOIbG0P|Bsc`50~n<4{EqKjys}n80ox40=hG1sHo4b3wniG?CHAC%oW@ zjcBezPZi_>Fq$Ey8agxR<6mXQ-X6rSFYP8XID?Y_J(IBX)5GjtDB?7kBCgKr4DD$! zCdi35!@B;tg03pc@lfY-5YBzo-vB8<&_ri^t2cJL$rK%Y-ohm6Hthcb7s`#v2-=2r z1bAC)*LY%g=|Sxp?t;sLNCUF}*+i+k$&dfL&`pZMT%&R8`WR;Vcz3tP-|-gguD+ zvL!v08<6;F0AbP{@!TV|i$*5Am&Fj_%0y?z;T;@sN@)pfz>U)^rJ5ch(2WNdZ1f~8 zKXCAqM(YcR5Y4ZZqFh7yUNhMv6?Gx=VQ>*YViiLPCz2IN!lBB^U?G3I)*YgM@}s7s z(-J#s7MIyez~E2l6O8YE6sN9BuVOEzSpKMcXXza?JZ3y<7JyUxm%hmzq~i)##` z0tLM|fYBP{GWEJmnCaqS8whbZ)s|2E%owwmP8Lth3t>j@i0NI@IftBYWBDgP`o}AE zB?S-Uo!h6k?&0Ap#9af-?Mh$&jrc$ln?1djbTwZAR$6}K&m0Q}tSRg2PZXWZ$?~F0{3sNS3KJ9l zWg^HA8v>{%61My|qahJFQ2V_R)*Q2OvAGxKh9C-jQ!q|7a6RFc(eEHDBYLGLQEcRj z;xRU|Z~sdy<-?vFdbN3Yt%mrBacqlNh7RSPg0lSWizj8ro50j?&itJN$fEUS5KKq>sM=HyO!$rDgs+fN|s*)CJ>3nd`AmN&mfT}lSpv2 z2^2UmcJ=?UQz5XK{KR6krVw>061s8EU^ki~qE}0U^^e0KWpuFNziIIwy{DNE)yQb zxA*LLT)!mTgmmRF@kn#Ikq~id>oD<2U_TL3aw_&pk7x18eqi`ApfHw_5#w6k+=Xf* zj57XiK?zY7I73guKnePGtV>fUhF%#AnJg}-9UFw9^P^8>$!q%c`v1*Sg*0g8G3h;Z z>Ga)ql^qXTIs*R)G5xMZ)^H3p#~}ZvV%mKy{jmnV#!9KA`q(JXh{|}9$LEO%MU!3~ zB#nw_AW?4ulKT4oE=3DI&O1iAaTOIDKYb^OsQfC~K;kzH>6-|OPy(mubF*GckC4E! zz63kp)1El^w5b4T=3-zLwAcG4I`r?3CCUx+;PL5E9xmAQhmF_hQ-hwPBi#GRW@RC> zbgtK}g&j@)M`J%y(6EwHIKidGfi;Yrgrz&xq+G-l)yp@d{_$TbKyY-a3kh;>%z_=3 z6>fJSunnek!H2%v07aE{*r9JFVExxywcP1$$A1?h^yjtY|0@CmyuOOIfdFF_er~K? z5l_r?30P98wFWzA`D0cEi6h@*fT&5)JSq|1a4~S%eYXgy{tonz-PyRaH+`2>{#p7T zFeMJ9o<2q&ksFRd8zv@mw9W_fHn|MN&OyI&67S&DqF6|p8H~eC!HJ7M|KJcKw#5!A z8NXW@9cz?+Xt7%-=P|wDGIfj9m3}7zn*k0m9WGz@03<~&8jY25WTFb^d|uXKzeVhX zbz&;@jNrDzHR3iuBOE3FC!2J0nIUd7{@Sf)BENC3(NXXEpx1wKDGswaM&D` zu!-X)3=A_v!p9loVp8UTCJveXv7`tG+gtly<1*SWf`ZX6HE?Xa|KIIYr?>zkGr&$I zul_&nRMVWzns#E+l`9wd2-1~Z&mh15;3%8^r1km(l$zeYP9R+w_Wm%F@~kFnUgRCN z$x2B~YzG>RX-70!-D%d?d1|znm;yTH8T#Z%9VnyqIbvTbh`GjkH!l9tD0M{DR<@(3 zKSc_k>a^Ee8$+8bp~pxXw>_`Cxn%km2T2XM@(#877GV7Q`@4ugns@>vQ@e+jJ^-4j zoLKiS5v=4zSGy}iHcNiQc&U#&GX<*ZGogeNQs+2CCsf^o1zmas+?2x)wEde zsdHE?(IKL0yBc@=v<>Ccn_eYMt^Dp&1h%_{|LUo{XFooceieBe4+Od{N)ba!O<;Ev zPCU1da*qX--L=E}Ru2CEP*Vvq|2H+2pK4HhKD)4Rnim+C0Z?1SXZ0wzkj4LSQ<3!? zPHEQrutMHpePBh`DQRfj)@KYTJ;L%gX$S*G(4x7ISdI7BcRd3Q5@!Rh_m8TptXTHCi@Q{%ax!Y_MUK9Cw6UpFKjPO2Bl{C97srg`$4GZ<-08ZATWv&ZE;bZ>hg-%7> z96Huj+@xJOO;a7j^l7}-@rz!qhkx+c~B^Xt{5s5Qp14Tt11^TE_f zG`Pp(%~p}6MUS=yvhU{^0wPjTzFB>4P6?{^MS7PAggM9B`Wu(zlkawe&08)YGZ`cZ z8yZ5dUlxpacUaHqdFg#Ulw+r9uAQAm_;uR-(_>Ik1NJjuMhr-SHQ8Nu-{W%Ukh`LD0JK!F|Kux=)gS@oN}KqeJQE+GKQ<%2u*`sC zHPc2jsPA@97d*%Y7vCulm!TLQ6Jc-Z!*NmKbPjFy`$Sz`AfdiJrk~lW=8iGMYLe00 zI^PI7>yODXVuMIr?T3C<4jkG7c5843?*t)!IEmP%q@*%B_4_ivhjl!scp7r=Og6t~ zR<1)cI=6u@Dwo;W5Srj(5tiTrP)8a6UEx;&Y*d*5`II`KHrn6@&`$vaHXvTmXQ#D4@---!T8QlfnG@^KW78$sl1fKv*! z?qBVB(=y_NbAJUl2U1N~EC(+_DmL&pc90TCVOaX%%&g>evDu@(Y zBRs{MSPZ!Lw{KcB^VcK>_#yuc8CcbiDFMK5mH^6cf1Om$DB*vGG5OxPe5P*epA)*c z!|#%UqF<2B@7{o%LM`*{^Q`0C7N;eF^~0kQq#%PzLPm5{TK@Tx z;DT6!` zOy%n{!N-iFjm_!vTNNp^Oy-(dxgOZr#Ct8>+S^=@zMT%NF{GLCA=w?*`zF zyP!4PYMflFmO+f+E*Xif#|WltISaRrtuek$ZEa|_x3YDessw@;3uM#7yEhPQylLEK zeu0)YYoQzgL`^fb-p@By)^1S{xz0SK>)4956(}utRkf?pFbX6WrC(U=8j(ISamNLO zXG5zD2SPWfIFPnof37Rp>?{O*am04~fp<}iyPv;aiWSUUcg8vZGbc~Cu)c^ zmcX^Jx*1v*GzTHKerv(tvHg?%2b@BtFZbcy)^--KUGwwd0qfL=8g80=ZGqwKcZQ{8 ztQ_{wM6}p23xNw4bQ#f+y(*sl-4I-BUrxGhX3e=p=I3LUK}08eV6(eavx>S&+(}TK z59wh4nd;y!J?RRYphexO`A&M3Zk{%%#%(-RF}}O5OuW<(wiKlL(id1sbU}??#R}7CBJgRAf4|C235u*aXxkpx^H)OYNZFcsDAFQ0f zE<+d#vQv*SHMhvY&ju1iN8?9A=2Wg$Q!4&wuAZ}j(cK3Q08P`>iY};qdtd2XK+|+> z3N9Szr|eequef0OgM#ls`h?32N{mJi0sdnReY_=jxKok7oZ}_(<-?hApBx{*zj>x+ zx;wbPZOol`xqpW3bxm&beje=unx9%+JHX2?NTr~QvKt3Y~xCN6;6@li`o%0lUJQwyk zT3$zP+x;qaWz0GF32|PHzK9+Um*(=Tv>q#jvy__%>~-o*Jl%3unDpVA4S~ivMxMZj z`+cDkH1}GLjB5i267^%5wI784_$0N^bb0zDYkyN_Qm9K3gA;T0vok;Z-ZTomI0Y}4 z#R1Img12KU{VW_R-?w2<3%Lhs_vWqA17DqPgIT_eZ?0{a@pL%3we6ZFOb0UwE(vvC z^pRSIS&)B%79Hxhx}+vTzpr703NiIjw~gQ|CUsJcmtWGuh3i*TJSTLqbY{sK!WwY* zhKnW<1y(1jdjUK4>p^QZQ`MzmgWiBnvOzxC<5ps=lLs$qnZUKx3@%H(L6Za2c(7MGHH2*!6IrXj)_L4zjA=sxW-$avnqJT*hBQMMnhlR^zDDYW-%O^>gYUwC zKdSc?@_=Zana}}}rjtqun#+T#OK|Tyq{vxrM6?$x!k0LtW>++)*k)BI-r^$|D@+*I zicvE(_ioLFx-aqhguS;~DVsF{)|1J9yi`iTqda~NR;oFaNW|+}BSsp|LwE`Z;YI*2 z)u(PicfW29)i18H0W@Cozh0`iB0MJ3C4?r>a**L)43BrvV_#(Q!?KE&HHQ4voqUl) z_&;IPk{UytJD3#C2}G774m>BoSgk~LAq$E(;i5%?w~p6j8p&SV6`DCES**-Iqq%hW zYI3&NA%mdOrquF3whM%tK{(;bcAOr(yq1q_`T#-G_6$L5e-nl%Tu)SaP>9)jUzL=U zeqG5R)>(3~pS%}x3^}H8L)eF#YCS*bZ={oF^(+MFcG@d=d^(<_b&+Z&QG>Hz6{Bt) zAB#2n^r|?^r=)t8fv;SP9dnE4W0qwlGPKql7ADLIeA79|8cU3wP)wcpmiNi(tl-F`fCQv^MapGv^<|g*iT*L8v zY{;Na^CnKIh0=EHOIaur8qh?Irgy-Fkz7@~7R?wR{$yMgIg-WF(4}OlbHQ`A?g1M2 z6~BqcHOS!3ETlP9tTFWPjr?Xzb?j|5ig0%wkXPkJV^D@9#%c1?!W-KBO-RP|q>}Ed2-JB$rySKxxFoPT?(U_Fyg`}+% z6_-q@obQcLgNopQ48q&1I%t`BNW_>jPy?urTK%bx>J5jnk2rrfJKjP~?ALoE%oRm# zoX=Znfy1l2iyUAG(}LJc7@UAL$30DBES$@W*r!#nFI>1Cw12_Q2QrSIgrQQB6W*Q& zJKCc4h;HJ^sK?Bj6D3@A7HoRZZruKo;;f_Ln~Eu$DfH# zqo>Hi&*xZ{S$q3GqoYgzL`UB*KV#0zXC?pl=qMI@(M;`2$^VLueiy*_oP{_*3d@w+G1fIMX=7tq8dsY?gY5Q-{ z(M5Xq*Z&qB&G9Tn07OUi{wq2fuOH=G`#Rj*8U=`s0{xASdi%Mmwmenly#7~o^!-nC z6z^Xr)on3FeN-st>yv2RtM3P#lShK(-{|O38EZvogIB|;QsoYK8bC>9-mGgXMna;3 z_mIE(qiDzVCeL|T_4@WCN=b#ctxQxR>yuI(HTs3Ey`e6MUUqM|omnzpr(rhW%ZQ7; z%xL2uDV6#{T*rh(G)Ps;i-OD2TVsY>qaUC-sy+3mIoj~IIm*b!{M|K3yMydcb99UE z;CGja6SW6YL?X}^Ai5Wi<@+BM-}5Xzt6yzA)Z+HhL5$)%>Xh6`O3xWyW< zXm}eu8wS3P!JQrW?|wHgt-pge215*#i0O~iZwy~yac~4ksXAV@aph_NQmQba^%=uH z5v;SDBIKuu|sT}@VsYu0Kluz9Vvoy>dUhDqT98ER3hKbPw_niObvo2M1S|=D( zHTpYnMfq=Y^wBZnJ4OQH3OS%T%InO8$!F}X&zw|(*MpK$W+$O;e^;(+R5*2*D9lI6RR=J7x7tuS( z(;xiqk{uO@XzL8CXV_oPuf>+It5@`eE9sRFvE%a0G9?tYuAAYTP3$vJZged}n-=mI z-!&m{Eo7&SNR-Q)^Rc1;$ zXjLU6ysK4Qzo8K~bm*Zm@7=cK zYW8mSop}~wy9GWdfEUzl-$AQLPG3s|hElanpt-&crLwIty+i4?G~rMgU%N+R$+BGb zaT##1bl{hik6u#5UPNPMJ2Q>|3tSx3bnGt#A0J0J#3WtCRKbWf+%s+3)i})93)Mls zmG8?t8t@-9++D>rR{aiDyllck2BT*0W91~sPxCR}t*REb_woG{iu(t!MbH9o4u3@c zz2crS-*t$7Lpi>?AOrdco=Y%&(T%#6a&z0fb2mrDd>Kn`;Vy<-Zd6%=U~<1tebef| zP%3P1jpl?uL#f1+#m__qhTlEvR{=w*U=$$VhEjd6(p%G2Z@|j7SN)1u8?6rebrwNN zJ2b^!*8XxcdGei{EUrX}ijO%QdlO0}afT(mhp7>`_cXi~#M<#72t&Iblcdv!PeE*~ zW%F4-nS}Y3r+V|SFgYWc(INypQ7PjRt0q~v(*~}$T}^Y8#Jca;)i7<;9CO;y9k8V1 z(NYUf0;9=pIlY>benxuT9IG-)Z4wy#p2U3=w>%511hg!1`+Sb!z-36Nm zA;NFBK_6g!WC8nNA8Uto0VS>LrHI0hFz8z%*8}z0T;^vCsc_)RcBVWJQkNk&wnAxD z?UZ)VcC+c%?@2P+sm9Qw3pmr2Z2xU2mBx0_T_#7R(^0r>;^Xl5C)!VKc|Td|Pz!EY z;*^gchFa>;4i9fFOn#^B_-lN|qI5q$IXxOyiM#{IQS*PuQS7n1xrr5AbL1UM`Mhj1 zo;n8=?}=|l(`U`XNuQk1c>Nmg#Wp%Gr5Se>HqOnr8re!!cB;&?DRCQIJY2m*g^y__HY{Yct`ZDnyEb!BnyA%~JEIjUqaS z#SS-=7)ea^^e|C@V9G&e-EdG-@|0uqD>dm+822mTAog+}l?Z0t5Wl{^OL8Jaa>+RE z$Rx}5QWK{+f233it_F#aNwRk;w+`oqEzTHLK{1YcaV$rRE#mzRUMW_RH;oNBSx(#9 zNqRo#Y5qyuTaF`y-eye)6*yADAj709{nea&UA<~sQn*|dcOS^8947s&&l()w#X3KJ zp!iUY{fz>p-7rTn&7L5!C2xwWvLz3hCZQV}<;ADN>$=_G)>P0ImS^mSGF$$hw^s@)nAtf4jF8hHZ76?5|7yM*7^5qp)_iw{k&2ALLZ!D z7vH^;pB<;j8u@Bt8eDA^Ada4i1vW~50H2=6{*pFYo)xo{q3UkwU6CHLO<3VU33qqY zJTboz;Q28tjS`{lye#n8^}IYYTQaVUjXHKBNj?E{yjtw@-iix`m5z?hyH>NVYD{7; z^<6JKRH-Z3Pf@=-Ye8AexxSD{kR&bQ%k&08vrPIJ0!hpwoO1 z$7+^PwaI!&T~*u^Y^eJSjw+FeLB4^bWB-7oFcY2mE&0a0XYZ{ICr{NUZNKT;7ewH8YQ8lcW-6W}! z&vox9KbLSOAzUB%EM;#lTT4S2Ix z6@)S!9!tWR)zN&MIsSAT%h;%CN~BU@)Q_xgY4(yD2pFgyU44Q?LsZMVB1+h}qx?*) z^S*(pWgu`LoI`0b6uo%^SMMyU}O%ld&R?yg!T!Lib+w~Blsw|k4 z+V8S?4Q8>!+wJv`=@Xr;qv$l&w4bIb^(u)ex`3HegxCVqLf5D9f#$;I;^-+yQOo6Y z?gbXZxw#>27zd%$Be4d^Ss;oCGZk^j$rSW*vE}{6Gnp0+ErpDsg3V?{3Sa6w{Pm%3|1%_dg>Bq|xpvSwI@idPl9@>dgUW zo#iAeS50Be!`N4;s7a?SLFDs0h-xVqy-aDu>X&AUN2yb<$*&LUG@^yEg>^Wvj{agO zKNfwq=}=9mYj3lpOaq3{@uNkK4=Nw>s-1NtJ!}5z`` zthFK0FrHLZKCtoxXR>f~N?|~j_3r&3*zKBHa@o-6%{TCcQfTTue~pSG-n+cMv`}Lg4{%|S8 z(9-QTuM(&8a5YhYGWIZ=KP>6qgRRI?O2MU3Y3A^KojwM07qpw5yriJUup>Q7#9=7f zjx3=do?=G*BfBaW`CaJG@5ta{rext5iNd5SMvN{MoaA+|9@<{1ELt(tDYLboU)u`w@KbgNx)ctnpsp zZ^9YPS;ZdBo-JtDgrnndg0`*qhNJi%s zA$}QG8DJQUd2EdmPj1x4Pl9(j)AGyaC*ho)%j!w9rYz35%7uDvRovxIzH}$hrze^p zH3Iwi)6xB_&(W`^4X!2~CQUBZ2Mhb!(ZkHx)l!|RiwZ$4anF#0l1+iXW@o01;R zYU$G8lp;mD+QMWlJ#?jI8iRPBjv6h#K`#gQ$gp2bQjfuvIv-ALjdo%iLi(CO|LfMH z!=cKaGGzUjkxmqU15NIutTG)82Nh#Qhk;cV)WtcZ5+ix`Ozmi+YDPC}*SRPuoHKR} zx|k&CcX4ABnkJpf_5#)Ct`NP>#Tup;7Dp>)+%dIa7?>2$5pc>znCzcf5DFz)G~bl= z7g#i%zXQ%Fa|M{8$scEQjOXXJCN>A-5~gNsiXvJjNYK@z1)G5j6||Y+lE zTpJ8e$xkZk6s~nb*RC zV_91hff4+$o!hH9WANxz6Bm@nnFkk z>qA5Ivmhe6H*F=E)Jxt7<>?U{7^c~p5SG)lu1)roq$Z|c}iyOUATTvujA#o7i->TNUKGJ`CB3mjKsl;8QENG1Y;L$o6$=-;QXV4 z`uLNHm`~p1`vm98!nlH!57m$>OsaHEzub^GNVKr9QfGqU{oo;gH+OpR)V#KJUD6fd zACJyV)1b>Lgy>nqzB!{bAoc1dr<8MioOJEVpIC|9=6$y#y4peo#VkcBb>WI}ni-z( zbsxQ~2GU+;i?Q@Aw)K|CO1^xa@uNc@`?kd%G*m#1K7(zRbOiYmF4Vw^A4A$1KAw<1 zrXC}#__0!v(B%>tO%X zpa_4M(J$uOA>djpp#O-UO6R!-JNylYuzXvruidS|(CH&j&86eli~1BxIn z6_7_yuas<{5b0W#+cqZ2zATF0V$@<=EcO*&*Lt8*)i-;OR>XLM2e6=`s&R9^)Ew3n zNb!AL4QY6uqxGd+4{Q&oi6tpWN3XssXoPcriIr~0R2(_D{4FUc%~rrSRy4JZ>l4F? z8k{R0mELWgYv8{}X}dlEx4Btv)x76}c9)(htLpPoB zZ^Q|%`95J3jjmf67d0c|#`+0YP4zp4I#@WR(6Aykqtm3a=YlL^cR*t_C==Ym91DwE zr*^G3bqG7V>AxG!XUwmsDJ7f{h*&lrXW8pm3&9kjF@{fV*r`+q`Z@dkMfm>MLxMD?5v(LBeb&za}luYcIpO{vo*!~3ileZE*W`fOy9 z)1<|O5xNIvmeJ9qb^Rk$bi8mEqE2QA>+QV-zLhh7V$H~ozAAi+IQ?mQ?N)}dwAzrI z=GHU;YgE0LtzdSS`0Op?v>y-?&`E~j)`VPXIs;11j}lYtTtu(PSUtNCG~&5N0)#UN zruVzVoblv%^n1GHS$!yYjQ|m;a`mhCs>*Zqxy!oKb6ZLMEAeQ?BFN zBacrvf34B42J}NJ^a6l2I*wqZ{`=Gguttv`)-tbC9!(J(A|Eu{mYu7U{z*BVO8=&u zl zOa!EyhF922eZ7LrhnB$?Z`f#~P_=o+%F?#rZPU*)6K4|Fnmn$0=(wvaaqEw>xX|J% zHG>>`CMP;!B+x4Gx+U9M5H7e+xDSiW&Ev3%UA_ovY@uy6l%Xdkh$K%{`xXZD)iK7Q z@0cT^*2MMnSQxREqOdcUS}(Pzdy$qa>qi*gWIXEF<}@Hf1hoUA6R)(4Cq4EEEPH zL3-QUMd4*3){$DJc0*Dq304u?e%nf7@pCQY z>LxZ0XtHK5Y-ebbAHT~^G#f)?6=jw#)N*EojMlhCvgQ<1W2#)EyBMf0A0)wA<`^1WkJdH-oFTA?#liU6o1S#!@+<3K;OK7v9F^Dq1CDk?`~gRw z{(z(L=-Qj7^*3+es2U0GZt~M1mVIm&=fk&W#VV?W^+mU!Vx3m8_@JSxI=}SAPiu9w zjC}=jw8g4o#PNvLRH@~+dvYq!62Spt=!KYkA##edd&7A}#^6m_0!jL+QSXz6kYUoH zhmD!KlFNKC7@W8UCClOm;28?wN|v$s@uIMH>Ruq8VAFk86u3ps*2&!X(t7?xokCN< zfgT|0B&dyzFP7khw`$ZIw&sIC^*EzHHhPZwj6r84!%{-JaB(iHk@=B(@QAfZb zZzPokAySaqC$C6*zi0g+EgXz@c*XkJPMUd4V(Li{V~Dmf+DaJsE}xl>N)T(RcC?s; zBjc^&waBm&Pf)_gmr3ZNB0OV7`Di6jzHI=*k*hfOW9lx&7IIA_cn(hS&E2UCZnhx5 zSCvi^hyNVQZ_bPpAz-M}R+QC!ukmiW{n)SWn5D%;&SK|A1e8aTi z<5w3i9vv&2S&PXZ1Pqi%;AH&nXrVn0Z&@e8Y>?~UtTS+t9Un#TAjYc1z5FY$ghj1} zdN8zgmb;)8Z^QwE>pRCKLvZqIlvUjfrpn1cn~<VoSnnTZ*VV_b2)nlgj;?#I7?HfJ7+8|LsBz<5Zny~H z1Nta{kOm4pv%FTJyq1*#_XF;soV1^j>CpQokGhNclf12CCrzn_1 z=_n&WkN#PGdOx$`p0V+tee>S@dep2Q*l%472LJ4#eE9erj4!%5hWTZ{o($Xo;G@9Z zv8b*>-cAfjDpX9*f+fHXX z^>9tEnQA9AdBeZBG%ptre;mN(cva1|DV<^jGEkrlT|Q933wD=u~j{j7kA{b(VJ) zkN$;cR(-mPk&A5@QF(hVBA;cOwFpxug8gd^!;UvSU!OdezmUck=^!K_n&aZ=oM-lB z%Q+z}$bjGVBg4Myy?h6H()NkH8yhirkUa~Y#L(;veuNk$r<5^H>_o=h!Fj4}Zen8} zHUc0>;i5j45>k#G_@HwpC>xtJ-rY`%o8Er#EMYBOiGv(ZCDlmcrEhlpP?e~U68kU| zsx*dkP~YFdD3P&pmf)P%bju-e87n(vLC5F1pd`W;W!4x{^+BIQ_%+SA0`IHWR6fep5G5DRW^qD6b3>$Gl99YR$+6B z3QVTy@!N`NdB*L2le_+X6)Ee~jOTvH;id+X*qbvdcAVm_d}4Pd`A_qSP9KE;jf7Zk)b+4c7sQxiL5|De`siY`!HQM10adL#^XO{d96Ql}{Z z>`}SOfz%hAXGSeVmW|fuJyzBbT{+SESTjwsJ#0o2ru~g-UYjV1L5_)SSW4&Txj=RH zs2vHb0m#+>)8%F|g0+6k?eNcpVVaC(_VYs{2FQaMp+0#Ou<`t8#4aW?g6vKs2mT(&5dFX)&a zbn3lIPwoT14byMMAPdl5oCB=B zc15d?4w4fv zb^25^;=ZR4s<~nDPL-S#VFK|seQNSX;YK*ZVX=5GQ`{;K#Z3*tmT!_j+8$}uQ1yqckHpu^+aOL&?m!Q#-+kkWT3sVXvT=luNa#BEu2@?r`;K3VE2 zhqdqZ`43m3M@>6t;1(fS`>|=O1%NsF0bLw#`X6(&q#mX4a!3^&Hxjiqd#4_BT1PX; zPO#G}Z0`{L%^W>n@`@J9Y164yvTM+E?fX)_M(D1`q)m zmp&~}aIkoRuQrFl$GdJn!6Y9W7*t^{m2Ew5WNcm!;t!1AQsNlkyhLl&hL49IilcBr zN?De#Sk>icAZ2;BgjBOC3XbgLiB1slIrpQSgmz^V!0^>P4ET)wqvBxOcak$`?a8Td z4prmf!d(clv(#ao&zJ1{Ga?@t(=S>2bHVeo1m+?}iX%e1a{<_&fdicGpl#T@N*E!n zprnTaaNayK9{xyoDS{dh=#6XGg;xTW7``^;eAnv<$D#S`%?uSb@!Z^07)yeR4x6*; zIv`Rrvf7co{=_I_lYh-o9rUL+bM!g@^J>1|kvSw(yHh%m^p|WeGLFLWn>l*&W{#fc z!}~si2*73s;02mO-N9zla@RnuBR23Kq|*wR0p@7fA9FPKdL8O>3sp@B90G0-cq2rX z_H1tywFC-Yv5jddOME{{*^eQ$ zRylKY!HTdP;N3v_|Iv1C^#9X#CT;vz+d1l9UA|fbw4IA7_+J%+GqJXe!{5l!{C|_9 zZ4sCuV|tuV06AL2sh@RKi6D+)A_u+s=%PXft2!M3kfS+&$WftTJQot;WH)e#Mw>t6 zsD8FOwKq>N8ZCurq#tGV2huL;)^YfV7O>ucVMSkgW~%O_-*+ORB$|~{F1?Ro=lUHHeNfBPsb6#9H$A_I< zip^-UoWMfp5HfN{=j@FfO&9({j)ue50p#d=@HcYQ93V%H^Ot$TD{UAw8#9d{7@l{_o}`WVvzYywwohaa z`TF7J?RDt0wYlZ}+JZy5*@pzZVFTD@1VhD&_vp4V-1BSJ)O1&-eI)h_B(D=j1ZjNw zX5Kf?qkHx+laS#2XrG4UY(o36os+8*<@%y;V868|Qr<20k!xbjZ9F$8WIT#%wi#FR zB_61y&?%vy+8!`B_IcM{bCcGAT}pgX*#_NJPC9lvJWs}>q+A4ZAUZ4KxZBhu`w#ER58#MV8}1Ltf0$4dPQtiW4~W zSSF2ViSg{Th4KPe-f|eJo(yLKRI&P9A{+HMYYs;=nJ|+6jEFt_y8dLevw7bT! zv9eVjQ9X&+^cS^l|)bC_Nt>hq8#cLbkqM9I=zW0czO@uFV@>N(r{VJAm2gDG8 zA?;YlcO`~3-zPlg7TsU%NpV+QC{pWmhY%l@k+jwVRTpt?=wOcab-N_aq3H0iIZ%*A z@St!sz^@?RHFG4+oG~aI?8!O&vM9C z75?ALPA`X(f0dnHWT5|}vXkXqLJQc;TiJQU`A^wdTm646JAb~5`OmVG^ux~oS$2L{ z|9>evi!A?^ogqUErF1_ZsCkS3uVLqZaijmEuydCF`A^tM6w3EM3OkSJRR5=8C& zY?GJJ0_zI9>q&`{aC8N~HG9gKq%ePsBv*2qoA;s%@zis&ToF31=`2PPV>%DyrFxc{as^!BeVbLMc9n@%n8wGX*$^MX5*Ib1+E(4#r7tkcJ2B;7 zv}*c7)wN4UzZfjeuqWgTA6VnnO&xqA-|bpPvn&xZd~8Deqm2reDqD*%;zNpdQ=OyG zK6*`vlygO=|DL&CuPAfOL%D11TjkT>lvh_-u63WJd2B8 z|1vW8t+kHL?1Vx}&lh{C9&sJk;zpT+ybYR}u(V}1bpDGf8k5cyLz8CwQJ#~LHynJ< ziD^ZJGP~aG;1`FX#Ut#4TN$unI^{;UB7VuUMRl~%1!>qYc@b0)MOl5&1?hWpoHh%> zPY5n`=YqLOlf6Ii)2o-n7&CSX$WPtlsQTE5DhzQ*Bs1y| zo6NAK;Ky9k_xIk#*p0{L!^CL~ObGLnM$>4^U(qkRekr>I>n9cAPjRmnLeXGIuHDL; zyWf_&=n9{+7^cQQPpo|4q#8k^@eLczDG=gE+dUZkH#Yjz>sHW4Jq2K+&gp%~ z&r4xTbtoYnzYn17P$jPjPC+C=8L2VD9>V2XO&@(U^E)XH__c261$IN)$~NL<&jauC0=vE=H;TIuR(NT(-N z{ET+Y^Gs$8=2?_OPben9AkK)gwaqnl$0{@tBTFJQoBOf5jfGMdsr;*Nnhg0^j9=(l z1?C7o73vo48*)+!VgsTJDrSZR!Wv0(A3IbZd@QB=!dY|uSX}$nno1Ht6ca;^EP_i2 zCsC#&7o&;U>UYZ;K{y<0-g<=-j?-$>H&LNeG9D!K#VhC$%cDPs^H{p|McYSMuNef* z8*hD`6tyAUlxAV~r?;3Fnd|d4 z>``%1pIb%ND!UpuOJwm0dnWI2`v%m+xF^h$5!LkAijI+s^GGwsGwvD$mo7!t40>jakXm z`3-rUvVHP081tFawb@6u0r(bm2HD5;rIoq38p3ni6{nTeyr1$VkYAF|OEMZ*mkIkf z3PlB$z{1X|!7}V8bJy&n7!)oj{9r6E6Uv~%Yacx<;Rn{V$FL*xM+V`e80z%$YG)6w z`I%Ih*wvt{B8iHzw2`u=YFK~qjyiV-OBM&pJXfzP(42uB93FgrSNf1FWQBGojQTNTC=#4azxr-!OY7nCn*T)&=v6WZFj;QଋPz zxo6uM)i}`$?mYRV{tD^;1#(r##Cbt#NH!MIDRj8B$2QCsLR9*<{CKc%$aRNpUgkX3 z5dnyo8cp0hg_nc-7UXB=iWgHkNrcoRmC&f;4=F*y>G40Zv3!qQ*)I2j(H(hh=C;4G zKy}sol7-rK)aho9&NOgWMb1s~{J7x2sXHot>RhD>d+}bQ@i%Hhn-99cc-CL>rZiWA zW~C=lEKF!68Fu3yg>m>fYp%(C@$5q44FY})9N$!b?nsBo=xNKVK|EX)(_>cc{k|A~esv$W>CwFo>i(4SKmNK+$L{Km?s_)xkTwI~?BXw#2 z<~4^`f_q*iXGs%->MJDD)(*<_!$=G zZrUK*T|Ni4YI;}u zpVlZRsN&qetx+=cF=FPfPzLFjY@a@Axm2>S;d%R}Bo)eI17y1+v``-ud9>V73`k|# z5^JhJz8Pc|K^?{zl=C?Qqru?YEbD#2yr_@5VfAKqoOw(Js23?*%C_N6sQmTcQDYH9 zq#-NqHhCAwG&r=u@(8~Qj}r9^gS2|<_q4{x8HH8bAMv zoW{3NhnlmPz$|P!C;Q}M2U?r`yxJm6E?pL#{}P{Hq6WKmP*yjq3T+WZrd(LTne>fX zisorC{#Qr9fC&bdoo*Fov))Q&&luj^My3XQFn>UlJi_CY!5YXFAI{UR7)gkU-u`0G za+$N_7~eOS${SZt{z1hk`W~gkHE@sCTiy5mF)=!XGdIZkA8LqI_=2i&#?W`#3kex+ zBP6EJ<#_$5^XAusNeyVKzsthxq*KsKpGHDUJE#jh#sm@^% zJOE3J(odRx$1Bj;s`psOz>i955d4e(y$ke|28gJBLWQA!Brm0g(oi7Ke)ikrfmOr1 z7RMrvkb{^PJj}JFapHZSj3uQlJZWrMmDi^t`LFhK35Qy^9TW^4w3!}4;$QLSFMS~X z6bSkoe>y(@jXxoZ_N33U{X~B(kdthcTTv3DsM!%4=(G#)$YRs*FbIMO9uw-T3I&c; zp!YX^?r8c{bhSGvtYC$wkx+pnjXe59*tYTV@Yt_v&=n4013gi<(UC2}7IR&}-IKJ; z>uDRVc*7IvPR`8zJD+07uhWifcLGbeDQzE;YZ1_RZ4Fj&FK^p@L}y*tf|G_$e8t9nq0ft2m#$E72G=lSHcu3JDG?Rqv%eMoDWQeqj&cg%HkLTFTb!Wf@pENuIA%!AFg zsvhIlS2mZ=!nF4|aT=#j;y5eO0U5++8+B?tX;()4lB{1!gIvzMWm%732%Oyz6HHx9 zYqpPo%8Vl7aWu6j)jZR+d`cST)^tNOKH3w?QsW)f+c}!!l`EECc%@*8r`go@mj<&ueduw2OC19wJy~C9IIQ>tFn7`|o z_uij9Y$=$uAeuJ6HYi@5UO8DV`HHet7z&p~Y{%19El-=pVkq4;y^k**dYS;GbCA!d zNU=+EyL`ODvh}gmB`=hy46NVyZ;CiK`(+ShmeNoQ2N_Y}R+Ek!OGOv#;3;v#c9JPCop4B#*`#nCuE zU!=QSd4#-<44<_0XC6`w@mLPZlq~wBg#4!;3g6N2MeTKqEdvtft>tX|0iaI&dY(eTMSP8>1$gqr+JsiP3OH%(XQWxiY0=Q zS@IQTSp536Y(Ls8i7h^RM4CHH!46N{br><7b;G4ZzL|PEtoEm5`}{4XvG~Mn?ueEz zTW}VtnU84FEYR^}^t4(EbHxsYAAG%UIwB$$g%ru>_>xH=j1G|_E`Np5tJCKv%+faj z^&hVMm$l0(_99HJAq=sWm)U&Yg?lnT1TfHp!Et?-2?nMfmy;9vI30nbK}a`4I-AWe z&L*L`!sqdHxu*`LcOY9wKm0h@(1DNpQlm=kwhK(LldNj!@D7VaWNy%z!nEh4e#9(M z9}h<@n$-!g^4*qbiK|3O!o@MO7FmH@kf?Ib{SkVjZA>2Sr4=8eIfycIxTM28bgv{Jyu5*#Np@CV$ zb79INj(^#zY!1^vpww$x;@xsgS#Afw(bV0oDd!YbWS#R|#04=;D!o@0aKG<2FVZS~pyyH-)bOs0O#Hi!0611-SDQ-52 zmdJDElT`UFS*7IFLX89y+!?0dT5jbKt+#$b6I)i+t;QdNx1xa)_vfCW1G^qHnv$i9 z6@>=3oGYZjXD$WOvDi)AxY|zUPsS4F^3#=JqN=tyakVlcIDj}R2q>f+#nJUMT0QWA zmMpdCXGX)%@TzW9E2OF)%@sC49u-C{JNbjXZNR_L5LP@cT`$cPY_W~NFF(%F zLYIFh$aXNd0sfMntzm=a^rFJqOTp=P=fi9rOS*2vm$aSy3avOMF~98vVNUiZ3gq^m zy;Ho11;o*~qjnjy^=$)3`4q0s6n-yp1BPqm#S&?OTw$#EKtLSzKnKK8Zq;5=MtyTS z(Lo4!-MQI6;wW4Ks+OoiHTuXqMY?%|x>~`Kg1f?t-ul*k_D3A;ZbWV1&_FnT13MAX4<2GR!!syU`%%uaLOz=j()9UH4%mkE zNtaC97KagbK)hS(Q;d}e=`SV|*3%#U=~gogk2Padt)PC|THGOEmY6Ub987@-J3`8C zDg|%mXvow*J>c9Qb2Q1;H?O{`;T@^(w`C&M$`@j`W_9-o>r*CQ`7Ti4FDA^if}^V)T66&41O# z!BrwBO>Q9J8aVb$d7SB1H@!<)^QN~56bq}f-p2ld&Fa{cXD)zxf(D?Y`#2jsp_q8F zOFbaXEo0|ag3{FmM6o9p??_WhayEL2I@hZ71~`Az6fiFfI-c3Hqd@Lcf(d(95+s+gh-)sOz%oJ zkgU!qiox|syQ6oG<`_-a6Ph7k8h94DrT30*GlFbh#erGDkt~+3Y-+E^XgHy5X2;G{ zjgu`TdC8ei*CKxvw;6^nqSfoK+43|L_tj)!lOPT>DdviG6F`;gPdAwN%i6Cga+DhE zkrkHj!)17y;sAb&K^cfH?uGQ_gq#>{57*89QAb6eVcOYDV0PB{F4t#BDtmkbD=%WO zS=`6wpCG*7?fq=1i#kOBRVK%<{&}6CydiR2(68q|PnG^|&ix!y<~rT`RkAS~r2K`o zXNn0&-afU@JxR@>8YT}s@Tba0*^~$``hnz~G0jBc>Q5fwaTtHp(FRL5-Cmlk=+$ln zLXv@t&7o82{WuabY!d<4X821H@W6`9K&otZo{T>FF*Gjg+Z-&=b}uSX z>S}VheWRZVr&>nrA!@$E9U+p?dZ2QKQ=4lhC<_V~S!HX=8zD_)V*=I#JBj+r_H(WM zY0@KO<{+0yFUd%FkJM2*)k~(kmDX9(%hCEbJTM8#op=H)D;u$Fkl%(9W@}V%woFVc zj_b-Nj)<>HCH2M&Kfw!r;P?sOup&9UF&=ndJ}f4oMXp|)M#`K(AY){S$T@tmZElFW&n5|1Xq zNxkA%?D&dJO-OxPhVyzqkRfH_)G&9EGhlJOXkR;}yRak}p|KJ3XW73FU=3YPOw6wr zPk*f*RN-(qT}Efb zrzQq6Yff{M8cuBocQW>Z6>}|?r{&S*K*Eemv!hByKHuj6uSB*~$HuH|mArn@?Q}%^ z()b1*V-OMQ0WXv6hs=F+bKOF&V-s37km*bs2$=V;#`E|+&t;D?l)(f8L#+`~5z=9e z^jKC9$6zkXt%SW^_0{{R74LT+cc#eoa0eD&%(*5#G)h1x`00zg?~> z0_4%kh&Oo@VQz}Kw!BjY+pcEA*`$Zyv96}m+e&Vw*39yfs*Ku<;2rbTNn&XelF>z= z)b#TvY%&4fLc>%a{4cxAU+X*Tq%6J_=z*1V?jJ##r3TZUCVaUY4%^qJoTQdD8eW6B z?IO->+}RzE4d3zKO|6z>c$wbpG%E;|Hf-Kbgxu5zwp=5ZPp7eJb4^`Mt>qA`eR(u) z6mZnJiGY%7G({XeYkh2l4Iv;p{5c~c{~VO`nSgQRXOCf{TW)W!khtjc-~+WUdQ}?Y znnrAh?{39Olv`uqru#{5kLUZP7TfAA3J)&OOV`ES?g0sETz@Muwjktn67P#lj|ilM zulMwTJ}TY4IUxGsnfr%N&VFHASb7d%kGh06F9Q~-8Q@Vm;cy7$>{HYNHv}-dgbPkg zb;Rx)B|tQ1KQ20z)o-{$F;pge`XR{cTruJX9R)C>j@k5w|C~voU|$Ipht51R0_REPhO@d_I_p+F0khWJ$7* z?pUYq!n@M4Yvr#OHPpC^^#K4Bddm#Zpe4}ZbKnC<-XtH4xpAt5g{Y^~ncoCbln}dK z;x+vbBp(g|e^e(5(ez)Jnr|O;qJRf+jeL^Vg)R0>elHKKtm=Lia6wCcqYj-`xd6Q1 z0l<%jgSnOBFRt|;c>{NNVRkuzst5Mq6<`mR{*J zm_5Y6Hy;2YtqR|C0OZhcqslgOeqX#Pt%l_ws1>@GASg9UKqU==YT<(>!8Y4q1io#? z0z4@S!Yw1WFCKu6eyA($=T!vnf2oC2d0XFm#T4^Wl6$P7bzr6Y)E>YSjD^H~|5N&=^v9dJgdaf7{^7LX~CzyvVne zew{}#GXqxiIDrHJst1O9eg*;sg+=BYEPE$~_&4_(Wl9fmd*Sv?9f7OIz|4|c0Z#wL~)r4F70(Hhl zRfG*QMe2rAOf2qKtbZs{j6W3VXa6^f)O5zvAHQ`$p57UL<-+0H7mKz-FwRo~1232e zV7w#sCS4Kz3%nbg6r0Kq5}|7HX;g4fJ@2cW*FK-P5gylXz=z9ACWLPiX*D`6KUB7Z z0DL)V(~owTtcazg@OJ2r3g*rGOGj#|4d{kpwn(z1;^a;TtuPr+R^R>Rzw^yKF2i@s zxK71;m^)2a37nNx>B#=t{*U>NaPA(J*f65kk`?Tm_*Z3FVBR_@s^Mb4eqJ^hDtWp( z-rhb#_z}2f%upkKMiv#OH0L$_JK*t5+-RLV<)i{q_rmEhnoy-`TjuJIL)y_s7~vxl zRjQ0@aRAi{Ay)dSk&HI3?yQB6@;?SVJ^=$BCxHQvOkU{+jXbt%38=1&yhHCEvqFt5 zM9wMz;Uu`-6CXI=upx)G?Q^)9u~Ak*sH3Rc2t@H6+3w)0{XNCL%Q*Gz10w1RaI*6o zL&`z~sWwS0ndmqBE0EN8devwKhp@y>cYGx32Pl3~0_Fk4_A|vjspHBe5EQEW*4H0b z5Y5d)hJG>kBj37JPaFwtwPJ%*D0N0ZfqXoU^s3NUoroITbGwY+`(AT{o`OWrHunRZ z40Hz*QqGsNyz-dHz*|G(fUR+&;V(lP&|L3uEBubt38$dl7krMZCd_NG%kx=HdCemLYzk@oSjCM=6ph0cxdR^2d!-O&&ObfCh=kGp>BeBi5sWU@xfIWm*#$ebjtMJoL zGs@iNMmx_v;`L`!>B_P40dZ21+vTx*BxtSoG%BKw|BI}RuxVsJ;?(Xi+@ZnP2-QDGsJR3~MqZ$*f8$8Q&8wU8FsN&S?yD(@)E6%z-);BCT%(=<36ZH^AqeDd z>gulqo=+^Nkl_=e`DRmS?|eOCD&3g^92F9+$^b`&fj?k{HTR8NhR=%KBD$@W%v&9& z!#^vJ4!`@=wN2fM6=iG3ej zo{2X;wjZn6A16O}pN@B_Uxt_!6o8wsGc%7^-#3?6LjI30H3k@*qti2-I&Eny z(Dg3*7lW($spXx7+kQAaw=gYI8S37a-3}1K4ekTe|oF$ zkajxyd8>HXlOL{~%>|<&~|a7PMvuWU{n=R zRW_$8G*P|6O@U&+42dunqRcbPH2L~6hxny3W@r{v*KL^-)h^R;+Z|H*}yrN*qed4=U4}!_aQ$3RMB~+bli@)cWVAKI-(Tk2a~C z^KI)Wt-&Qc z><){RB;FkOsgIsn6}+dIA0eBDA$^ev9O$e1F%fr`8O{TP=GX#-E)_~zaX*oM3N?sF zC7^}g`ej`|(UXb9&k7iTtXdyW10Z&8yAoylkTLEb4dURN!Ccv#5!+YSNBwUAa?aHU z(owIsf#_>L|m1@QMbtDi(s@;Lr*$x5C+Hu{yMT-jz&-)Ct@Ln7w z!=0v5cW>9}hs~jz=r!lGA-h!yzqQ0X4`h)AKA-%Hyrs0mdflxojuJG%e2^45P;my| z1Clr@n=cl>o&$gP?Za{KS>|pmeY|ZcL377Elg6Ao1NBjc{a^p9k4CWnS0AO4J{uB- z6G()+!x`0rqXVImScg?zPL?00w8WUFCV^guWpKieYvKaF;>4h1%@{P)tVxz)keYM! z6UPMitP#)r(`9i&B7=`31YQo?s+ABSf94)O?9<)Ilzbaw!9z%}S|t=^4}f9s2B&5- zg6ykh3uW%-26tc~B+-INO}}Ikj2rumK>oGj4R}-@zW-y_L^4bC6HT(Ar~Hcy6F z=$5w2L|eO|oiqbnmaG)r+@syuKisi%|M1c6Pki+6Ffri&kB`z{v13D0OcM9eDkEmo!7NbEdEwx1$2+gS+BM=;MN_Ux<+AFMTQYopdF3H{acz(^MTrfUH`$H}V@)pHUj zD3mNSd}sXDh;R!lo}WQK%|1cKYz(<-_kxOU==Iz1KdC*S5On^vowtyEbS01hfPT1^ zX(5!8!)HNb^ot;qNz~fh<7ipK;)-NggmE!C#+-Ms1gMjr2O!ESG6NB%z^LEAuBg6G zjcCSS6u)7_3&?ZwbW1+h7*I6yKE7nKa6(F3$_!f%SKEagTb=1$BLX#BC<{V;itQMx z0`npk|D>7Vs+7W`+EC^e14z||p=|?PgVQ{T!%jG?BacjRVEjGrw9^m~cy^M_ZETZr zXbBV@^y4~d1vD4t&?Qmp1eteX5H6JE;=9K4XV%ZkHDIz*W(v?BXUg>&7tAMRc*EdB z$|koS;c=na&MO;A@G7c#<=U^SwmDK`NISi;;yRuo%}}R!SP1aF3<{lht8?3KH53MO zlb2G$)vGP_)dG$20EApK;JHyM-fpSWWjS<$ywO?Ga+-o)rlU!qX91C6a!! zkXH4Fp5!F!QZH})^HDoCuwf75Fb^tFmzg=`KEFLJ zVZ5hSCIzFqk+*&V+i)nfhvaB@>TR%{GZ0-KG|BfGVf^*Z2;+%$NG*p*GW-kZOF2Gn z)#=5#i|u|{+3Sw@IT3Hi>XT_q|4-k~1&je9_uaaB1GodzNM+&vyLhYx-_=+56L`Mp zCp`)*{QZ|6Es#n3s?$OT52QyoeyH9^#HGj{u5>Z}GS@+;MsOcBXCAMJ$QW51)-c5wtH(SgsfImEsWd^*N?Q1a?b(DvSW~2WSjE9?<~fx&Lm#q&|$@ zqR(_EXD)a6#rV5J$b3Dc1i|JtiCoK#OzaE!!9K{s17c1G zW2(_Mz1mkO3yK-NZ<}RPCf|Xdkfk^0R-1L6r(9+z^0c3hJb@Q4VPRCofgNYDnP16o4o%ikHY+~JlbdCq)De@ zKE)pilt;x%=sxAq&rO(;RVre6wd&ASrJ!LV2;{&eNt=&Nbc4@?K6;w*pY(iJPSYC6 z0Bk-msQsHt`Tmzl5mOnV#at*cpApN9OPj@Bl%DLy2}WO$KQj?jOlTvQ(GBnPc%aCI zYEVI3t;WY0rKtnD;+<7!T?b2j4B@WRCoAsVs5a8MTqG~K1>v3ixdv9ebVh|QngD(e zr0y9@F<ja%91DSDpu26Y6{f-a*JV7Vj zjrn{^{A}$6C)9r7%A|Zr1sejc!B^Z;V z|8Mng5#vRG^SDRtA3XYE`SxFUG^Ipr!UhPBD(6y>m{y|R8ENY9v?8AsW6V75x_%f@ zJC3dorhWG&XSjY5(Pp7mrJMS}*&b45?t6U2oj@8iBJSwWrx($OD)F!(gYhVdh8M@T zE{iE>iKG4;2nC+F0Cbmp))Xg!FL~5@Nr&kml!^P)58Y4S{wOa?OmVo_of93Nr$3Q? z?`lLQkJm3X(rxzH+vDT7)tATqy3yn_E&Tg9dVMBpGJX0-NZf>L;5l04aZVB!&vy>W z6Sfs{t7D=n?GqNm>XGG~KVZ{_T@CZnP|bS*i!q^Ed?_?PWEe|(X2nY zWj|OevC^J$uW4>izNGXhX&kyyKsr0p3nYA&)D*|Ol&5f}cJ}W;UUcs73e2Xh2Pc-( zf$r$fhra*1qr^J17_MRn{w_T@cC}5kQl@#r;FHu)Ny~?d}7IScIHl^Fl9uO70R4RktZ2G@BMT~#sA}umIc)#VXQ9~lvDr5 z9p(KWcN740NAtJaq7(BCf$k`=sLbYHAxzZT8yh5AV!HWUNj^2aeji@XLI2%S2BZoz z$%&jB-btM^C}Sm}Fe8v~L9&E0Kd+O)_h#M`t{`2Tpcg(_H5&F+8 zT}tg9gg+=Jg<G-|ggc)*Hj27(mF7 zK08w(ZcZQ|7=%b~=O^S8$G;E{rvr1nacK``hPM(Kr>F=`9pWRB59U4JxJY2+-P{=z z%P0+i+v+NoMrjDni9>@!lFh4Js^EHrOxph^GzDZwKSNV;v<241uox?~`{sS~=&&z# zbk_;MeXRD;9|-^i+twgA;gK|OXfn_4PnvVk+P)ZKG`KMA6LPxCGJh*8_qj45zz~w} z^iz-qrzR^EH9`s@>#)CmR6u#K0J5Vuh-i;&)HQ}MH5Ivkf<@AhL=HEgi+r4OJDXSi z=F8JXQI1Rl;&{<9jFvto*Eg7(f9bmKJbpN1(wwPjdx)s~h#$2Fq<`~?ICE4p^;D~4 zEA=)%&=y`J2`^bX{GLP0o>02HvbeHB|Ad8PfG2+sKUH8L0Qz1lUI%*H3;c3_B7m1d zWdTJL&tAHuF}+nMe>5G9Ef2%gL$)r)!(y;O|1&bhP-40Z_61Uqx32G(P+R=UJ-x9j zFG5pLZ@}1oFG7wE{_BkU7h&R*xDT9^L_pLfvRqF#`>h5ImJha;yfww%e7YdT+N2X? zJ=sxNk@fIO2&FU9ul@)Ve{gMn767}JFy#zqP3WTcR>pLQ&+`d`l|%8X3^903NgtdvJ; z|9P87Ho%`uFH3gCD2JLR4M$)JjJn}!MyW7us9wtJ@a&cbtWX>_(BkF6Q+30(;1KMW z`E^91E+da34<@~NR(l;^#;ZGN&qLGq$9|~}!SOz-Ho}R%V;FW_nl>|8^t`=fHsmxZ zgodc*_wzzfdrv^jVrdj*JCZ$9d8g>`0;5R8J&>(f zxO3rrKN$gC{4W^q&odZsCmjITrSjOnaid>8OIRzi*~g~q2M0KJ3hf$NrI`Zl7xUYC z%ID)yvL0Bfn6i0#x)#I+FB%33ruwx3W;V5szm?5mR=_MBrYr0kwwZB{`xn|Iv!x7y zhAA+EWjC$2*#JyoS^u+4r}c7{5A2!3zWn<4V3v!2qNe}ASVJHfs|plN=cu>&IWJW1 zRx}ilPu@C{{@fpS866!arUeuV;&K`_p1YR@$=h!IEaRIcB1zg9RACeLwE+GKSd|oq zg~+TT76bTXqML-Q|I3+z?;SI+YG#zdyZk6R=LwJ+9iOCdK7eBp^s7W*OEiy33h7o^ zcaAsU*s#AeQsK4={vKCEAr47f9D$3QrkWYQ>eb$>z&QZrgPrIz>s4t4oq95Fok6`a z!edYtvKJI8Gw6R(%X=Y-`wfhV-{P6;-Bf%O(ZpJ10U#Y&$5pG|o#PO>>iI5n^`uAX zy{Dcmug0wFW$ji2Mr(BKc>y|z!#db@KgE^X%&!8K6Xj&csKLnvD4(+8Te%y7awR%U zP`CZVXg+!J0~zw3rMx#5yx0k577x$XK-5&u#xngK={~Np3GyNA$C-0Jqn%~8?zz?& z{&G6wTCF$S`o;GM(XM?SqtOuYb5c#yC{858Z;TC<5do-&#;4AQwYDyu=u?57_)QW~ zg3A~ogK7O!KBv4B3?UM!gGx2-2+{1navjatIO0DGSb;40C?-+m{2lyDo30y@4Lldi ze&DatRv0xWJ`#{cl)tgzY)gN1&r(qpr}u2ZmpEUViUW9N3mY8ls-~T&Ry_70));XC zIc^TEMFfOv@#D(a8G3HckPFl9J{;fs(C}(aFqyvg@&{bR==4EKmZs+e6Fr{+EOA7I zrx2S#-ZAi>H{PZk`HEYHPcRbMrAS zR~D@;uC|yzbTLDu<$Ap@K)+|zB!$arTt&sZacU}JQWQPwZTXI=N)^NEbvsuN17Mt8 z5b^9|Vzzn{tbGB2l$mT7wQ%=eeo;4O5p5J%5jS=~b4lqik!I1R-?2_W3fBIJ#0|KE zHWM&=V$U_V*o`^r*|@N$HSk8FIfqehADfh#ob6U$7#Kr z#&zJF#h;9B}P3M{OA^qXorHp1}OM9i?#6?`Jd<#`SCo$m zOS>nU)=SV*;8}bPkLGfK^8fN?2=3HmWo?~hXW=+6C^~f(v6+!ij(&a_1?c91TU>;K zor>{#ot>mcyzTbbJWLJGN(J_=ET`FLmw{qpzW8Jm&>I9EIMh|IWKhSKB@FnU#}&DShwT9sJm}!XYUiPYE_&p zA?LUs;eKz9sMYf{yCyvz73R_=6CWBx^B~itw#a)jV>)bj7uS!BE?gD)@iaTX>ScA3 zqcB}l3dU(F3O^q5g!`chN?GcS|ABZ1#TC!5tZ#^9f!ltAedqs|C@)%m?a2N0%i$vq ztk6NL<9Uek@iRNpD-%XGr=vJ<<}dCk-u z@ywaO^P}HJPgwxCKjgPa4+0W$k6Cp2kt6~kz9U(LkBWgObOz+J-@_ygOA;5(Oj+v( zP2ANuyD&^X+2p^?AeJsGp+L23Hg$2bK3@h@NgG(B4!!RFq1jx~nKIgVv6SxL7E)_p zn$dxJv7ff`xgZ$wC0MYA3RTjbNtUko-MnBC!o$}?f|^0ViNtsHB_Z#emGoGd1*u)% zcEKB~1Qoe$sbK2H%`OBOz5;rt(k=5}GzoIKxR-H$Zwu>LW}{|Ifw%o70(z!PJ+OiS zo~P2_@N2(y8Mg0v&TfXzaQDuaC+9g$r(mA9|9;sd{U z!t#>Q(!h;CW5>nm)8B_qVHCeXB<>Y`E){KfEhPdiV6*h5-bOE5_>GFO6eo2{!n`}oImE>&UA$3Z zJp=^3k7WdFi4?yIW(__M68PDR}EUJKqvHj)4y+yI)8jmEKxsf%Ym%v z**e*Kx+IV^4J4O*Z4Ud`zjFBF>r4zhpbsQXfj0p5uCSH($*^KBtrSZg#DIjUti+#D zf$U(H=p=V9Ngo+7V5BPCWZ}Pm!WL+oO8$E`Is%`GHqD>UR$L50_GxzXYlqvvEwSR0 za+?3H4^MJe`;W5vpF8)TUjRIswjN0BdCN2E&1<(#&K>yy#I<9>C_++$6Ay)#iPVNn`R9K5?%$st9yZ z1JAx2u>pfujA!+~p(mXP+rr_~0b0`kV5uCy{~^$y1>Q+W%jx<};D7VbZn_@j z+UWCe0DJGDc34)hvQR9i#}D0#X`rs^()?Mu!cZ{;-dEouJV9`wsRLqK{-Cd><(;!m z?LNa>y5qyu(!Xk>1vqqHPLjC0UY?V1KTL(uI!WgkJGszEItDrVxpBn;>N#m;)6jH7 z3hV7(?5=}rP95Y`Rr2P#u(y+TJz^#_e+qx)$xec|o4{N7H%xJ{mZ8AjgJL6W<5?J5 z_a76lzC;2j3qDAMK|pQugn(R2Cn6bhLQ`61Z3QQ@Q#}Ol!pbI9%qGeH1y-&c*SqI8 zyy)1{l+0%6w3C0KRXW6A7r3VAorw(m6p!> znwqWWIiKNQh5rgX@22(KH?^7);L}%5Mvm@sCTDx^m_UtPP{7dHWJl?MJd*(*ph`TV zS1-VXedxirmoAWs)uzd(8AIMm^-TFpZJntsOQk7y-ZGfjt>Kf>tcBu(xN_jZH$Rd3 zIZVOtk@cdoY3y^aUbL&Zq`&iYjkwg&)0z?3nMgkK_KpL1GjHZPxu1(AgVe__Avx&~uxC%uk-KY6`NN7g(r1O`?KG(y1CNR@EF4aa4@WnQji|=PGgR*_vO;n|^z36O#h~JN=0`t%Y>#QMtvltw^NRALX&65bO z#+d!RD5cB)M0$*pR7ZU^REP?xE+9Kp5aN`QYoDpaHuSc>U#A^O4=44ax! z)P`KjJ(km@7ZS5-_;ULpF_BQfq*$t^RYygs6~-wkuOyAtBFEkblt=BPb8hqNFx;gv zmckk>4*rg{U+M&V`e_MX|16x!e0CiXI4c1cDptv9 zt3B~-?B+KKf?U3Eu+FrMqaPDQy@Nsm%A*!QdDMb=S|u!?TR^aKypVlVK{feuHfRr) z7D6a#c|9$@eU@Kiea4HmGv9<)9gj)~((~_8caIQI9(}&QYi6F-PCHhq!=%2Un+3|F zeUNW4i5YcX0e0WB6qLkgtIwUUv~ukN$gwZU^=7#cpDej0!uZ>QI6Oug2DOWk4|;xg z8#9nEGH)~gE#14Ag1eVHgLj5JWml+izv$5cqx*(Lx@v18E~^>30J?)16yUrV@dQ-5z z2&0fn2kQ4jIIwhOuH8uHWpan$|-j7 zeR+R>y4~=3oWJt@A9~a`Maak1$;s>Wjr(H5K)>V3KkIepr9)?}toz;ZRnYw=(1Mzp z+7K9m8wjy1XiceeDofs`L^IpNk2eY9{NbCLw$E%`Y7yJ+xrzl$U8Szh3Ka23%a9>` zCr}c6)*3iz!YsM^RtbkS3~Mm$r0ds^^4o?})Tl>e|A;f_n8O{;Li!F8Us}&p`!Ro;2188D>)&H;fvPx* zNTM_4v*B9phWhvdB;W20NIT5UT)R*r)>a|LL_+rJo+nN4Cd%-2@t^`gh0`4eh9 zF8s+@UWq|Gydek!V*=^(nHfkm3ai@o)$$}TqB%{xkF8mkC;dJ2R0(Yt0;p(bo6`i( zA~pMhpVrqRhOf9HS0Ya}g>@4&j_;YqDKhYv-^@=vcFmH14$e2P+$#7oLcJAXl&Nb+7D!~M@llz63Pbb zD8(#Bz~#!FpSN-gt8p+ic(Bj3@|n;|iiOHrq%Wg$Ra6I*ZpP5X`DT!}(W#je+mw|m zhq``^%PfrvB+o_@Q4vg?^zrq4wUN?36tod!7i^mYZJ9Pu(=Li4Aw43xq@lz3#7B9) z6JKZr)Z6=m{N^H>p>l}NP>-Z!0j^)LF?y9GAeL+3N+HVD;bS|&3erX;0x_s^)^uzh zMwVdO7LbQif%xc73Ldhp-YrkOK$B^Uce!um9s?nWHXQE~^u~0o@)w?jWf3ps-p;`q z+Ssr7FWM|HMJcMv)Yv~*7lxAG=O|SKAENMA>nqorWoAn1OY93e6+r&->hI156sqz{ zw9gT5ro|7dqP@UOBF`U(Bsw`41qIf^mx;{XEedvyi*ml>y211YQlrc%z*~ik$Zntw#dt7NDlF2Vz zBbWd2R3Qrx%P?3j{SilgI_l898$i!b!4ia`bq+O5uC_6}qSz&T?S*dTc4)IY@lNXA z6=WjX-Hd{S&X%1Z_Bt&cT?6@pL9Xv&{Nuf4a;r#!Z|>?I%0rYx@w>@YJ_hI9*LaOf zI`&MQikYp(+mX7#SZFmln&sV^kS@0c2UG}eqc#_u)Esyo`x8YYW*?)nFfDtyAb_`3 zk2}7|fV~w8y*LuMN#U2W)G1KCL&^ijC4?yz@OR69{ODYTxdK5j=I8k?CIxwkyyqE z$7djZA3v8+KySkB%D|n_HAScVKli zQ-GNJ^LoU@sAmec>HJDG5w05#ck)8jFRhMM%z#VjemNr%LQL&|VkZDrs`wL5)X-H6 zg=`%o2LL!E&W&16P@K{e%*zm(p!Y#Z( zb5_=X<#FwOa*MurY?P&@9X#Mcg|qD_)OBXoRjRG9Gl$jX)oh?GhWAPPhKXH}u^pg* zC|~>-lbuXKp3*G*^}al-<6+{g`TH5A#+q#J2h#|AH6qTIN72X2#z%jTlM-7O(YTIpi(0w)52LM*}tTwXoV zF3ge>4wyJFWWz3cTqv5mqzkMF3aUYzk4h5un2h^!bU=f&nSWyHVD|Rja4WBR=(+!S z;Iz4Zqv3~;m;TidC6YK<6T=d@VQ6h=D98a+K2d;@4iP-g@ zMcjjE{ev_8n}I9DJJmIMjf=OO8;{w)$o|}kCdfd7w5O#FIkW)ZFY^R<0dq44i5`1{ z`&MbS5__WZx3%NX34_DNTxCcDwYv>I^%R*25#JsLKD>|=7m+oC}t)biYBJ0c;4l#<` zVQGQHPTwz5hVc(?1|DyhvOy|?{5~S+DlOPCxqtb;_*ptb9 z5~R4A`GJ_2HVez*>x3c&=WT3OCZeZ^+al|S zA8_cwE5?9mm5n*~J~-+%bi#xsFoH2^_Qvj0AYopjV=kQ(v))?)(&sQzH>dJ9k#(hT z0wzmxqWxk3m9t%kw`+J2aiU3%jm|oJ<CcJ z`L)UCC4cXV9;JYD{Iud~ttz(5ge>@7o=mG@q_b{1dtGx~Yt84L#Eo>NG=AHcXnb^mf;Y+yJF67*V;A z4h)@J0LA^4~RQ(uTLVe+o0*8@_Y%0_+^K4bQeDw+Xb zEYCEwOAOo-s@rLH+k>%fCo{OqCgVPm(RuFn=yTBywXYtIVI^9VKi>%fEA;A83+TMT z(V>1Ff;}1fO8;QgbyRc7Fa49vj7^EyBT2%Afz0TypFXz+hP;OFA8Ds02fefjdtfFAHQ(FtJRZ*nV`yLg zYOLh1w)|7Bq6dW}5k~SCJA^5ipnj6e#g4f&Z7C*;m{cP#pPVopR>0mPiQUvc`CS;=jV<6}L#bBDD*elsy9W7}+{Ue`JC&Hg?WxWU#~ zxsP6Ne1X|=i_Stgu=6hC%C-JvNX_l<#T4e^m(=hUv3SWJ8btj?ZN3%r+s=Vn93;EQ zv6V$vz{@$maT?Ba-70!Zpu%{T?WpYSL}9YuN)Ufn0Wzd%R@{6ry0-xiJQ8BG6v-~N z9I$_`(WcS8_rX6IQr=I7w5>lg&;WYyKvn($;(%8EA43YfH$aAz^umin`H zYv01Sz8mvSNjddyDgguvO;)24%3`6pVGigh2WA?wC>M)*64F8FXP%ID+(NiWXgWb8 zraEH~NOr6PW~27I0$P60;t}F01d0W5PS~XR?}OWkTseRV)b{C_F(4pL?XtE$PAm`4 zZ(jBdqX8sLQ&H_)%K;fBGat>bqE`JzN<_nzeKM086|j*p=<^^q;1`m zJ&$+@s%F*SJwu&$0?=hx5^HyxED+A-)=;n0DNfioA(hC#mS5&U?e=n(8iW1*QF8qa zc4nuEhekaybd#MVnufdV(;+o!x8^kr*D$X5bVzk)YJ@%=QU!G?$egp1K=tfM37q@z z;@*F~Dj{I6iq3bfyW}o8W`jc^V`5{@#CDUKxJ{*?xV^pf#w{6pP>)UHF`=sfj( zc@=4{8QlV&Q(VYD8wY%+lA+k>0CeIQclX0Wc5q;9L-1qmCZXy9z$BIMrIw7x%|uNt zG!cLF$LP9&Y5kF9S+US)8n6}C-I=#;%WRhy1h2{lJ(VV~L{f_HN8%3>8d6N`wvJlq z%b1zVo> z`wd+MEv!gq%d4LM1lOa`X9Yc{Dsp!;Fl_=Qc&8#A4Q9!WVPKT-kk-ABRMS(MRZQo! zW`s_vps7yfppfIROtY?+a2?`E$479mOtR=Y_2_u+W{yC4v&$IA_*1Y!lkBxeqLTka zh-Ij7dgE6*r77X>J}A`pGM}YA)Xk#uz>E}F+5zijbTc9p_Pn;bV=hM0pFZ_TUvt1t z#yDwhU%N9PGJ(~q=AhkG>2Gr!Q-ZV>PE_sgl< z7eDi4j;_04Nj~s+n=_%WMr&R#Ctanw8@vnA4nTa%WKBDBtqoAUMEOEASgELT56f*= z4rW^!Do`CdLpl-M>&MY3;YwW}J2i4Tnc2lXsmZM69;exDROs!xWN~2KFGR4lo*2^m zklc^h>1L>;Ts^u#j3sjr6bX+x!A6CB<6RHW!>ayCkxE}5K3&RNf}RG=WVUe#hvP{Gc62TPC81LTyjppAkk{i^Q;} zsHDi*M9N~>+EIlu_v??B@$NS}i-HLXgjl1Urh;HsP27qFCr$aAB>jttXSvLTVhuC^BrE}R=6wN<>2a5WO*edOZa6C zqs349k^XwYYfB7iRnx^zo~NaYoX8KpS}*^`{YOvV4bMy!bY0(n_95rO~G zN4I&1qNP$soz7?c1i=EJ=w5D4u-K&UAX}pU>zR05-iBcS7DZ~vqs=xL&RCcmL13So z@O8I@Z;Vw(t>sTENm*JJx3Oy}5F{NNNlVQ9t>}C0GxvsbRdPIz|JX>;pF!VgAlo9_ zhyg2$XoED}J1loheJwyu_tw|TcSJzQC4^0t@ORXnj?P9Ofd`c{Mr@;U6D}hA@Im?3 z=i_&*=HNFNJeXlZ*Q&QI>kL=+kxRISj8ei|z=5THi%9LoA29{PB+OKjlnID8N@!Yc z4};4mofYWS43;`%s2nsD1Zjma(N{Tr_de?U`rM?VOp! z^Q6HMzqO+wj0Qw08*-j$R_@DsiGu3yLyfAfqhTg?`+$lI`{3vBh>}A3*GCm(V%juw z?C(#Gi@Vd8PAhbSlLC!_BU;Ng2~=NMry0!L`IO6Me&jh6lmG{RtUK(Yn`GD%C0uT5 z^B3wjcbPTpCylPvC#CVfpzMG`Js_K%RUdX6=iZD(eT-Fp?7=8_TW}hQ$gpzO#wKRY=ymmQ^s1H$bc;>; zJj0GNsSlo1DD=HP9n3;tyI944FRnV0pBJj271EFM`k}jqlF7IGb+AM1_W$h-=evq zt4u21NEawJ{Gpk(rx*94b@7+B1RqqzgW+u5({0ChB&+cKx(?jJPS zSS4qWnC$fD8s&7wCeCndzt`0Ql3qC|t>ZJD+ETXJv{i(A=3ME5;X0&{1UPjIKTMEw zlTGaoltLK^Y6Rjg%Sg%zPQ>yf631KxwNnI;r3#i5qa=MhLzh@q< zLQ@yX5w$7V^*?L5t&s$}K2LbsT|9JXIH^CXF$DmuT0=kXW8KE9pZ}g{>9`5`GDyuV z+CdTbEVHc{zAUR-m+ETPShlu3Q)xZxkxwp%Ab`&=s&K4ST2WmwD=J$-FAFbC<)WS2 ziU`7`g8e8{z^+^mBlWa-YXKm36v=@Y^IbHi88NCk7)+t%yf1x`I{XPtOAAG~QHyke z;Q-8yN)cxCZU=^6M0Q5f-%^Jd+{~Ysu{h%O7r9+6bTrns!d#t?g%O1PgVkgiK+^Ll zj;vu6-Ytt=t56c>hv4j6xqXXw-UK7*0%+Cq`>k2DIN2|+@fIHg{0#}DN?X%Rg`ZaI zOD<-#LAL!=7JMXBB`{8XM)|~oO#yd!l1bM}H@d1tB>25jnq@hR-sNsZIenzZLmtj% z$4w@BbF!8gg1i_cs37Z%AX3imbyd4PZb3}R0g5P@h?}M9RJ^g9-;U($#l!rpoSRNt z`zM&b0vwgXJ-rVVE2OQ{X?1_w2ZTwPcap%nvP1r1nc6WAECF$bEa9b86AvgHxrN7R zY^Xw@AIPyVJ|`DHCC~RACA~uhYiRhnFd9%ucB_&kFej$>^58#L-8K>v`y@RMBHN~w zb~i*d-Pz0i#by(hIZOguU2rUkx!>3#v=o9?Gg+_44G$F7Afc+ESa`afeAuR$a7@sz zZCL4pvc(qhQT zPs)o*&1Ty{9)v2#OAZ&t9agO&TU!F>(tZE%)df6w$42ltfjr4M5OpLFdAl>Z0=c6f zH;|fk)-P-{0VcVjLk4!%20#BMP~ot9ly9$0wS#PFHg_%zAosLZ5}K$_oFlKdRtmE0 zI!|G=h5FL(PF)14hEm+BDUai#Y_8P!gDymr(`uNqsrBw^CyM=!_Xm-3$c$dWTZaLV z!YtU@&e4`E8+g(d7`^_uVRqiI5v5r=n~W0p1}<~ZEQlk6JvG-Af>xxcE6aVK=aV2 ztCi&(-uRNqVy54N=T6v^Pz#Y;I}{wPAvFWGfeg%@uAr(ppepPx2JjV%yRn>8oPoRK zkm2qYI>sXb!r=hp@gU+6cotb$J*M)&$9OBHVQ|X8j34E9ahGW_Ow zulF;PZee|{L06+yKQ?Mr+R@zv^%;>ml4n%-c}uSf6j_hi(91J(lXcK2wu#Yq+*uWa+nU0#>$ipqJ7B@_{ng(Dc zHIx)^0v~4&;Kl3T;Mb<0TJH=n_yw1I{_CjN z3lBEk90A3xHB=d^G2PhLk*B74(NVyR@d3&JumNnC&x4*b)xD9 z7QZ^SEQKCemkmPB&UJyA#2$RpK$GjC!KEjU+@c)&=S4n#$mJS9IzPS zg;-SsiN^&P(kZ{X*Kp}cn!%ESljsa>=*cTK4nE5a$qHz0b-G2k=Wxz@lgm6rIqirY zK|eFT7bBO?wj{oxULJyoxX;5pbh;q8T#Va?=i;8b-%frL|1An$s8PwH7XBe^rC5{T z`=22s+u4#s_iT}Hak_E>O^(KSET;aBoYhad5}kCGU9YCQbJ#XrwkkDN-Sy4GWSbZ& z|5UW1R+Fnk0U?#PotUrn5mcL3#Jz5kjK&?FH0z!o5E24EVc>${)hnV%u`qYr zN7>lH^zcE-S{Dmx&bJr%l*wz1dWhF6tv!U0_}jxiUZhl37?-c0bEbU@Y?I+`uY~JY zfQsgD&`P7WF}p@p`&+yFvlF`rPF&r)>ey=ZMrq}1)kf=Jm~{|uTL}Kwe>2DvVDF2v zh;6P8t^oR%PEZ!bMv*h|9#|;%Vi1#Z7A>&%^*MtC_P)SAdtam179!)*!_2e7z}}aB z;Bt3)22up13#NRuExov&;e2A%4>K?3=O!+TJw$oc`0}*2XHL5mEjxSgFkc6NfXiWh zRQ<@0>hOWyV78yK@!ZhDiLzi1iE3v)s#chX6-rhVq zSRDk6;#J%H#O~?PN3Fd=(i-;B0n2dtCvv#6v)=qwr1%wHbY+(h6S0R0bDqT8^&=j* z%d^kim+sz9_+v`qo92Lhdg;|N2ZDRtj;Ogj5zVEReuTQZiOVq-uP8lfGa(KtPgN^i z9f6FyqcWh}H6$QQ)DX5#!aCAD%kJRU!du|1rMSby^e@;6_rViG0!Vn6KyT|Iq4%SM z1gLdeL9g3I@mPJuNTT+2EWsb5iojmb?c!78VJ+~81n|N-3B3CAHfuu7Lsebtf(2_m zomnS;Ak|?}fSbstjV2}9*9+EYnDe9$6eB%G9jmF;D2d3smG)k%8iaP0a|oD4{se^CH^Bd4?Jk4j=o)}cuf{$gKS z++Z|9zPjI#kjNCPKd4a}ONoeEwd!QBT#mTdTd6V+BJJw$v2Co5`%{6q`*wqr-5Yj( zE5?=&?-hKDJ4Gp*c-Bfmb=eo>;7V?nY@Ullfw$OFu;hVMd|U<8kzar7$aDU`b)*h= za}&o5^5fitS4^$~p0)J(EpCx0`&(B5+q=C6_Z_Z;wPix`C9O|Y(#vI_0rSkL@szhf z;5EPG-4+VVU+ilMfPJwjxD(i2=U41l4H41G#DEDr1^sU8!3Ar#e!7&{=RI@T{A321 z<87UI*!^9V!-%w5(5C*^`m*0FM?RnG_;9G(dbCTy?^oqYM|niyjk&`2c3L@Eu=^El z^dKHcftvx!oUKm4X7~pg&>qU=?~$0c^Oz=2e3-TJC>ia6l9TZ{@JZJavz^W273koS z`kKTX4DfpnZgHa|b8%)$ zVp2GsZX_L_5*VHU%9s37DhoBI4G#f-QDJLI0@4#{{4PQqlxr(#tHC1x`GS%4>S(Df z%4PCz%MGPOJGmmIh%&$F%FWK59_+IcQ&v$CQYSnw$KqJE&{bwwhU0OY>K&FE>G#hu z+3l@nja&ll(5}SCtbha%Ty-7>gTxQ!$iG+sm{((%=-Co6y2T(d9`mm-QS3Sifd8fO zOQZ1L?)AUI7vLc|CTQgv0cRM>0n}=UkwYa$553)wu<;uJfa|-Y695fU^aFhQpabk& z0u9x^Uj=UlNM1kZejG35kI;Ku@M!&gmS$PZ{lMUL$)@wT$RDY;0o?g_J~7!y;e03s zfb%OIy)lj_n*-=xB7l?pcfRd_WBzRRE{9~R|K$7n7O-1`at@V_ehvjNzUrb4DoI*5 zjPUxxAh=hFv44sLZdxG2H=DczfUlp(@ND^g(I7GA=>}0eI?2265y0H#O*qU{+*-MFK4g}etrWy z!J3>?l=Q@|{Ng(A?bC(=pT%9@E+V}I;vYEftxxx7M7#Y5!!*nVG2oK-YRWFL>!g7< z*b8vm#<634%Z0QSQa`a;{gE%YCoqQUH&|sQ!okMuuJ64TsXO<&hva!@CF&6W1^XAfKH6W{xj2%QFB=cP^8S zJBE@>T~={kf~C5DvG-eiu=7R5m?du`teYAvey@MO+=*3Y!ma;+TV8u zW8>@Z*W1bZE@d3)q2xYhet9hHIQUnWD0hz~SmeDGJ07|vS{3P!n(ZwYwHZ6`9)4QO zd|4g#dHw?5U8#kyDN(*$&Y<5}*fj(Zaq9;RuX*BrwWh<57)eOavtubGP0VCG; zzA(NUZH=4EWBWE*De*+H2G=g;MNS!5uuhh0g!A?Gxuap?>(%b@a|#-Y|F*2x{Y;k-H7_C~ zXgQzMYMeUT`XX(%TfTWsA4cr@&jFc#f`e?rBbi#V%g-;D03NA-0cB4f&doQty0e{h zKtS1Ui&(^?x#uM~kL58%&3Tog424RIU$?`;815nJO7203fYxIq5x?#Q_o4U%telC## zWrFzX<>yEZy&4#=P){#%52hx(bIVZ*E6e6FBBOm9To1?yDo>NkAVxu7&%B_EVVs`f z$wH{_ho=_Sv^k0{>GeT5i$b8)w}<{2_?Rzzh>Umq9@(0cQKgU`*dTM>qX*WM)+W`shf7FN?Y`ylIZ88v2RW~i_IY7~H#Rc}JOh{KnOz@wO18{*We zX!0bik3>mKPR#k$$|As~&!4`^!pzY5!*=|;DqLXjx*(RWBAzdWdZ-<8aV>5If~lmU ztdm&-nr5BDk1x`p_{xJz+i`H3KLIiq3TKRODIT?qX`3ZUX+&jGWydBsj)Xy?x{+vU z$*}~Fs!lnYps7mfmq$=rtG5U(|7$3jotI`-ZrMh1coP?;Pt$L2cGNO$yW!W#B-)q) z=ZIW$@X>r%@+Xxp^M52!Qs?c`17I&}_jeTrgd>DsVI~OmJM@QrPkWR%b^m{clvo^d zA-%=_g_QSzkP@vp0Q0Zx^?iy+UD~iOAVn7M7O~NOBx~a6fiLApT0$Y|-c2#l()WDB zCZdPnVfc#INLp$1N+dmR7GL4&>q+P2N+Ml>2b|xhbkOv=SaiB`^GjP-Q}Yk@xQ^n? z>aN^_z{ng``D9Kf$Vhz=+KfZm}Wxz>cgy zUxH+mzDV(2SWPzw+U=(-Q&=iKUU<^)&NIbL^aU@gc(q5(V%@| zsR|v&D|ie-#-UD*8^uXf^WqFuk;8<9ny|eSE$#ZDW6LuU9&vMvzRn^J$SDb1#A>#Z zuNkTBO6Qwn`XTCJQWBy4aEa?rY2 zk?$W}EQP}ZLkj#90`0=!9LaI2lY+|$wnFK#3tWRtGcSZvBv=oZaX_hetlJfo)bzSl zO&T9E7Wu|v1lfA*o4Xa+x+!d5xx&V*G7UUSGQrPwajgI7?8-Z-Rw3!tQLj*;ZA8c$ zV9V^ls|J6lz|ftmfH%rt?kv2z@xZUH3t|BG?Qf&RwR;u!OnM-l1D;=Z)x3HbgEti8AqP8AYLneM1MOwGZ<|vC`bA>jjW4Coq@x4 zyr=`^)SH`C6J1C4uc|E4&uzTS$n8pHV|zst(U>7?N`3c1y!Mx_t7A~D$-u?5)HNkM~ z6ekaxEO#j3eVl?Zk|c5lysAIzTdKxhn3%y&h6|Ua&{5IcQN|Toh_@_VimSG{gb zyT5#pi2I*vsM-nqm!O#^ya7g?54As{l zXGvvHY97CJw!orm_dX01I)^v*|d~IKCfJw)V$7uNap11*OFH9h##kB zX@0*J;c5T`8E`M<Q*{{vkcyk6O_Wj-kbV&`?lVeEsd7R1`~ z3bC3nE-gOlaGg65Okc##Q|4+@5J;p_u=PhKR4AHU^ssjP<=&_(|5cF{0;r7VUNHAE zB%HG?N>}G`kF?&|$ktepvl<4A+UO^Q*ncVIZ4jEA4Bz4*B=_K$3^3B#ZdR}N5P7^@ z*AKtJpxS7%2_KlV zYIQ-3OU739bd0ysUC){T(bv|o1e$i@O6*Sk;B4@k=2!J*#b5sq+)H(r*DHbIRtlQ= zeztbA>i%CZw*<|_PTi+~NHkLUMFi^{+nwkB8gWSNPJ`8{ALW=Fg8QCV@!Wh!XL)11 zT7x-uJ=K1+Oq!fZaWFr@Z!Y$6#+}Cf=XVuho=cScU)-zC^DpkT9pXTX&5ky8u&WB4 zuGj`NKy5xm_80du&_be-m8YM29J2^h+<*0&8sA_0=@RfQ(_JSrk_}Ag4hs^Nmzv?2 zw8;Z)qDmg5JZ9-yTV^t7(&P0cZ{r+@B6_`Lx_o6=GRCCcf&MrL23)cnZcG6_5*9v- ztfd4*qG^)j4XXe1+1Sl`^e3Zm%6RQt93^da{!Y8hnmr1yxEW+lE_Z>H-b&2$fn(r_ zBQX9D8vj|Lk zSddndjd0DPe+@!JQ5#x$)*5$+vD6lrP9tOy);X4~V$a*k)SSYkuE4bXRV$sskl}-+ zfh-1@+-T=GA3e>V^vwql+8~9mss-EeD~AG^6C6`Zr%G_$ih4Jbq+jhNIs*Tm!J$2zOqqwDf-Ot7U| z+*seTxAtJLk91vZDgpZX8t&K(tsUD0f{rBy#PIz}Z9H)`zW3T=-6S-+mjfnO;ydu$& z(F5f!Ht1>P^niTm@qN7F0it9#`UCH`VF~pMS~6-$xhuPna-CT?L!!}g1?gcVIl_ba zgsfa{yJ!o7$ew9*vmXC4$jvp!SE(jY zCb3R+{2S5jP0hDwGp>^K!Da!0F1$<^=M9+Uu@w!>4aFL>pp47Q#eUV5!UH4iG_!~%YC zO#aSF)U)Im|4|gGzQXy}_ZkoT{F~6}pR`|BxusxpOM~xOW+XWVR!uBZv<&bGtCrXu zx2}<{)iScDs`afa{qwyfX%c2yh5!0qfi^5oZs}Ctm&_zN6m3*^qXrTtT{iQvkg9UA z9J3u_eo7kWB$9C)ajFuj#XeW5fOse4`2VKBA8HaVtW2b9bx7)%MYE4pbXY@?qv}a{>vl zEc|f&S@2sU@a%VpQ?>&mZDhsy!5oF_rEA@VCEbBhZC_u7jisp%tV;Z4Db@cabhG0F zp39~c4wWjsf$29MnV`^&HB;(|KjoN}JSyc!*L7GrtOvn>4=-UDqlQZ}5goW()mYl5*ic$GDzIsVsZIJEs_Ba3ZB=+Nk~E~HK;n97GHqS94MOzFwj&OE zqqJ7W6RDxI0K%8`^wn%uBFQa4_!3YH22vOTf*IC;Ol#4ud^6_R*VRV`&Bc=w!CO+b#p%E2zD=B$*q z801842_x8Wp9sQ;biT5%R3&xXznj78$(vf8J|Y1-r|?03eqzbH9+-}4T$^+WmiCly zyS|jSp5E+G_y|e;Nkk;HOhmdNvL$j5azbbkiP5rg zq-fVxmUt=wVP$%eRE2{(2-J98K+{C4v3R*Vz3jOy!~a?S%CiI@z8=R^dGD|0Lg2I4 zJISs`sJ>z4r0E@eB`C=V3}cg=^;I|8IS{PNkF`FGO?>vr86|a9u_nBR=pQ__F&N0T ztK^#Zo&c@R!3u!h29wf%2bz zc%){VvB8vv2=6#U29&uD+JqFBi* zy7p)XdTqY@h2OqtdyjwYv=!ZqBE+>3<&c7@0$JABCrLuJmbiwXsQ$Pc(j<3y-lT~G zrcHUj((cp&om&3k!P>MdMxjx54W7wCLeIDo{oCrz&_@Lfctx1rfo@=dA!EjqcD8GAURWz{3WUW|nnH_U z9q5l@vzBsq%GgxKjr*j#PGsJ79t0dHbl}^s7OLDFMV@83r*wtkW}Or?);8|pc2jq> zX5s8u=;y%JZ znKOj1nnJ=rm^*#w3W%Gjt2-n(Z<}<}?l6^vrryiK!T`&>7J8Mch60}|Si!v=URXfJ z7u0LiCdXy^A3LVIuEW3Q@}LF)lRnmF{`z)XrTvD}y>vuNX4d6sNmSiekbt0Or6I~w?WR^vdLKoT_bV0KDC$QN2Y4HGUg zWg)8xk!>pBMwLX>P)%(Np+0WmK1hvU7pSTHeQjoI$jV&f7pp{>l9+GXF*q_Fc=Pej$ z0zxYDd!YrA&=()W!v^eS=OKEf-U4oZEFU=xlUY8Ph7B+k2zhSa2{R79No2Prn6J!> zJz8DBx#6YCKtQl{00&k&xO1dVZ%HnNxEjZ;xVpoJ4_PIBXkRjehTR%ZDzJ)Gpgz|O z#R(|NEdgl4Z94L&KlHO>$QH~{|20U3MO0y@M?+}gn`X6v8maD*6TJIIt?@LGgN7ol z9ibKEk%z$flHm(#^yxA(Ydsnb4ynE{q!0k_~6ITGqb@NfXFd4O7>4w4Fxo&GGL|8cBk0Zn!A z@}fXNM0{`(X+{WvC5dHfa5twpmxA7_Bo!z2cTQ?fZ2-pA{7;O^0(|8Oho6*Lda(NV zLc{3~dZ7-iwpJK0W$de}HbB>*0S|JeEmUto=m^WGZ4=->h+?E8ElcpzDAoj_()7+`s3((X(?#)&)>hWT-o z3?+X^iZfZX%A439(r2(_?`(Wk(z0k`>W zgz2yW#WD8?sp-I15wDUX-EyCe@l(UDo|gDk{7np6 zyeuW<+D3{3h{|Q&?@6^~bhz@WX6vAZw;LK#_0udh$oID+4hoVe5C_i3|X5b7&1RuH-Do(?kP9_>*x(0 zU*=4#iUEE;v9OfzP=%2M(4#2FXV|i@mKCq|UI)zErq`fd5IS~wMBN#4V~t2J)n?u( zjB(iUvK@a=2FmoB9LsDE`&LS{2?Ay&y>eM7E|WK(VW8T?dCurl@#Rz$)^v{7ho71J zvb{u5BLtW6x#sP~BpKFN!Cxo8cM%^4N>se67%Cq=@<7v)HS6G8%bf=Gt}l;j9lCJe zyvpmvH)Vac-%&v@)DkY3vNDehhqqqX?!&KNZr;J4tM;~O9D=`eoWQek7xru@;%=7j zd*hY09|b6eGHbP?ya$$%b;EgqmBG!biVPsUk=_Wr%~92^ARczM1IuA`;u-z38jhIj zF}x#bL$j0%m@sTHdG_Q?EYmU}VoIPa8LmjCs6vtU&Y`XpIGtB-Vd%%YICg&gfawM< zn=_@ojR&_vd2~xxuIqybPAD8+z|IIhl_%I{?TP5qQ>K;eN=#VK{(9Z zfo!{NBTX9(44~Yrnj-MjPqGw>Wz$3wor6r%dN#8Db|`LYspT1&@$Ktz^q;gCE!9>1 zHWmF0;Z&{Hyo6II%}n-V)Y*!+)kkM#0fQdTp zL21g5$Y`Y~OEA}wTNzHRwJ0;e~b~WCnlT9KKHem}9 zY#_)q3Uuv7Cd3`Cf*< z)EJYkYGn9CbU8=Kr3+71HH733&JJW)dM3fMmU~LA>gp1;N9ldr(=+6)@fNAD*;I2) z;i%*!*HUR%Sxbm8Dk~i*L8lzDh<11p$x56xciJ3@0-pje7CqcE2_50yaE`GRLl4*8 z==c>s+~oVNsB=l1Z1;QewtB@JD9X<#b^+nZXFgx-ns8%X88>gtHY6Sa$?h=^`}8J* zl&IGjdt=TtM6z?sg@tCc6k3P-BPqC|A&DyNdIsY}@PKwnx>k**1Ka z=;%Yv9P38?b|O_An0|w&@#PkBF#^3=)-fx(z0{mcOmHu4SnLZ=0y+zg_fSiAZLJA| zFFLKM>#Y6fm;sNe9VAQXb*Au#+vV3uBymVg(tw15VL^&5Go?jdauHsbVZ)Y+srDHV z);&S?3{;QL=_#a)5zu}pUg(zf;|P+)BQczPC7v+YOXdI+4}p|5;noR09F9D3yBJ;z zgSIHfz(wS`eUeQS-p~z+LmI7|jKS zbnyoV<%@?q`(|=Hy+zvl-hkypO5%GohCKo;k>A|Fa!)=*8W1FrvPkjp={U@qeJ2tp z1s5fH*%7)`kQ6{n0zwr%^vQQn$)EA3J$#DWxvL%Hg_OT=e=f`pq__ttPJp5$I2)Z8 z763T$!t&91pd&E3-P7j&HJtwHPJoS5=*fi4A=mgMj7LNXMhIC*cjjXZ@&lvDsqai7 zBspU90K?DC{lGZohedyAW1&tn!#F8%FxO^U6D>RzBRCJm}+7=!_ z+p=y7`)c0Q9`wEYt8>{Mgngm^+2+BIezv{(f&5kVm+Jy-qPcqqu@oQdN7lQfLW>Sd zayJ?a10Y=uvDI}vM@|BhWn2VhD7R36~jXajgAUZVefwg%>#k$ad5 z;YVj)**m{da&mrkRAA$%WC57oLf`pdO)r zW&*Az;B^IE2tV@gW;=4szgL&x?6^*B#^%>QAMEOpWnMp9=uEnD?ruhXh1=b5I6;pFusHv52*X^*YehWtT!nR|ix4h41G;Ltav`Gfm;`|C5uMmGE) z|F=M~FviI1Dz{zR3EI{!SNZW4R9vqB?g)|qU-&#xbpk9vaw8PU+6& zU?byeQX;A`6w12a3v)mddzd^WcS0f~u4E6Y`2 zSAyw|f_7&lX;#T2hakH0C4f=$1)(RY<8gb^6_Fm1FXJj^%dvxqF}#)3+m&&|J9OCo z8pAgo`I2=`X5HQrZ&0^zz^Jks$2HmpJi1SjPmLV1-Y;0`bhF=U^<6cHx9!*9fOUjt zbWa=wV!bY9!AZ6y{{hBD%4?G(!)Vt+01l*oid$KM4 zmr0hvN7|+qL$u~UMu41z5qwf>%PeF|T`$*!U8H-?H>=0zZuji{{Ej_kU|hkE8Vu&g zPKEpF(e~++h=QHexNLMc&*#;}Z4X~&m#-s8K&ThBUAD)PRe7rhR#2BL%ol_#PHQ>?|5iP^X}tDMj6QTO=8L#iYg>E%K&*t(-qXzDSL6bms9(jQxN z(1|`O$;98oiE-*4FEZWTG4v|z5Rodx@oP}qm3!#Z#5Wsj>G5e6W$g|?e1fdji-`y>hoS7nQ)0!w zr!8}w-|yl+-?B%VfW3*n2Xi*P<7xF}mw6jj`*{yTvt8q9NDCbL&f(M_+}eJ7vd@AKdkTzM2mdwl+A*!I0U;{SZU2(^0R<{(uO@Vf(@DRXeonbefx z>!sb1uZqhegRXGM>p{{`@oF~K$<$xvhfTKmI>hopqTf6J;B)voE!kA+qk;SS(5jvX zM;|zSaW25!Oj3b@%3s<+`pL&ASSm%M*#iX>i%%4HWV%NpNld_cuTZHKilY2Q4QxIE zsb)Mh9`%ucDqSD{lt_h9IS9*C7g#!Sp?}sl%;J)xroL53U9^>89Xb2( zz#9rnA>E9)kJf3noS45TGO=^Zhg^%X0+`?xBwyK`U!C=$wI%r6;0a%wYc(zma%k86 zvYfCG=kN`j(C(5C0~2^LzgzK=-0*Kp0zBwd`{S&5;({3=#p;*uJO_s!uDh#-0g*%+ z;C15qncw#z=5$PbWMmuQd~6{0aDC2Ty&r#NdO6=B-i_4!TOjW1=wqYe7d!uKg0EMO zdWH7G3V(DDg{{xc#lgWr#rLj~Rir2u3}rRBC8bW0{7NrjCAhlbtMAGS?gi&AgtMys(m1wfDv6A*jV(t_$pHQ{E+cxUH6(1nT$xm>0_W4$%Q6mGYpdsrSEz zB&h+;2pQ0je6!>&G5yhg3TQ|UxA`zA``X&;&pQp>Pb&r{LlBf_D3^!R_1mrXU!gVS zR4PMrkWT}Oke269W(J}$i)UXdnD!SjV+rhr1$#>l?Z$TK1q-jZtah!xqzf-z0QE?- zDvO&?J#Xy*%yxRJvgbw}uy;17VlTMBs(d>K3f!FPJEBz#C|q#X{3r5q2i3tXN6$m= z)J?jxddRC~FLU9fnXocuiut}p26WRH*t$`6t@{u82C>pq_Y%0;vpO8>P_6$v9?2Wp z7!PnYaNVJk3WiaEVLwm_4w1X8U3k6Wd{__3j-cO-+x_Ci{8XxWWSdyY119?GBWMB+4o7)~;=1a^R_8yF#nXip5j7fY{f6QBNcylag+N;)@1@(EEoH zP+ac+7me)94-2n@$^DB)AgI*O0*L>wXhdMibGJ_2PepmnJhmUKQTx{=A199B$}2D@ zijA8WuJV3f)GvJT_z@Sl7TX8gy38U_LTMt3w;k?R#&Jk9CGD{9)U7L+Y=_9^KlouG z`cNII&kp+OhhJCcbJ|79kF)IqJ)4)_)FiQ;0qkAl3bY?*$uBRhS|{oe^ORRm9p!KC zQbq*3FL_#B7h8FF)Pbg<-e*UL7+6X)+miBPVsEdkrGBPv;1pTztSY>9aoJ(FUTKvk~J zWIoO1=RbZC(4rZ*%d=0@*z^Iph%zY%04Nmr*!lzdVhB+N4f$Nw|E66Yp2JqS^jQ|( zsA$wspmI^16@|+Ww(FpiECX1}vX=lp2R!aGA$@5wynw;)a}%>oot;G;MR6d#DL8J5 zx)isokIHRs6%vakXm%SSS5K2L-bbi8Pn$DV&DN*VZaMMgtl-nSh-($tw5>oheMd=` zAn8CL)1m|{tjf4I*y2EKidIKd615eTrHo03xGe#r^5Ws$lTLrCjQ}u#dU2bCwKiIP z1Fr)Xh618+IABj!-PjWckNv)UD{l2S6cY_6`BhQ-DTAVU9mVvi!P7n5hs6(@=Z_T^ zY8em&ihfeJH24zr8gw*AHKG1R`*D@|>2&fvG4@iCz!qlJu>fTv`zURnn6 znYp_1261(ocqLkiW=_TE@A)(j4}Zdyf$v;<@D56d5>^aCen6pkn>l1z8kOId(Am^I zV}nw%XJJ|Ahwci$_Y;`{|ZGE@yk%eNPaX8E_W5jeCGL1egH(w+Tl|yAPMXS$_QEMnEC_Xhlb#X%I5lty zJ;zt|AG{uyQ_`VlTneGQs1_%yD-&4iIEBsw$qzF%*?ZtN9}DBx6+-;!vCkTH~^ zJC@005Ppa~VG9`y_DsNpzuwK2=w?1if0Bel-YV@RjxIAVo zUxn7te6|keNem{Fc^;fIJl-Jf{5Dt=Mv|KNK?EK%0Pz@=eFGKnApCA^@QlE{-&uFw z*=5zu(Vgd0?m2YUMc|}ooBl#{6QXn>sNh0?ss6MZ>jYZs$UD#ug1cyVxc3%H`O^a=a}*40~8H*eMl?grpUW<@l4Hest& z??QAK1?0Ba^~J`A*;9L5NJjmVn|L^&a7jtHJzmH;tM+MDkBjE}3RIO67~j8H2bkId zO(b_(%yC{zS{O#9xnp$Y?frX^73P~VkIM~;sBY3jITaa?Eti`OyfS(Ie<0{Lum`JP z?G(#`IYO05M%c$IR*q`t7|*mzy#}5xe2TvJjeYY2>J{xl?C7?<4=UYf5+aK`kPU)1 z2yEluw{)t_517*G80`=a15fl)n$X=R>`4A?YM4CzZ0W2Hnp@URFs`dECi^q2OHgMN z=R@Bx-;VpDUGXe~OI~BQ&@=xBleXWF7vti`6ui|jXw?bYviUjgR5Srhdd+05h%_eC zjzz4#yHWS2E{=Rtb()dCfzevBq?ievJx)*c*w&o2B)W={hPoQ_PI7w1`nK!y5va)5 z{{o{k`;ixdZ9rh8vP+JBk9x6#G;Ku-;+k4c>C-)iLUnAY)};=S^5Pq%#!_?86+0c( z)c&T)&s`gXhAB1cEqr&6HlYgPGwQagz_13dNt}RMRViLuH z>X3k?K$z@4QrhVX8yGe8>DbrL7Og{wfF9X<@|vTu+q`w=dfhc1_qHKAYm*5ewuW>(EE^k0fqLhel2A#Q)+VH>rN~ZxI-1)~?*}ok`xUDFYzk&sBu9SSIPAIWGzU<>x=Ws@S9Z@cS8OOTLJ+?qh$+&1TE}UsbesFM1q1(fp@y zwi8el%`p6}iXsdUT;6fXQfcZWh~dBv~z%~<|99$x8%csqS|i5jEZ# zh>6}lDCD4*{@J3~ACGGx)0bqb%o}reB!f~;PK6|l{>QR44yHCU!baUIddXw((j2}C zB}ngUh%Jq1zk1$I(9fdNkG4DNTzO12zGcqGDR=(#bg_!A|C-`c#zh*i+~}U`a3LUi zubxW)OcIk{B6pJ2R=8fhn93dv*J8?$0^J}sJIHpSvV5 z;|0XM!@^K9>p!aF+Uhua-uvuTeww|*Q$$6nmn$>Y;j-OiO@ELDpfy=8Xp#QkEfEqI zEjWci3cfMo3Dn*@Q+$4gR4#R>kEEqWu$jza-!=6~6rd%-VyMo5n+BN9AjG(r%emDyW~YEVWSo2u&Q>( zuYPbxgp6N}gZT-#C<6=Ok48^7t0UN_;j(<1@OIt7Bg2IHQwtiVexPCb1*`S7osEv2 z5OfGr^6$sUysUO^A)f?eZ-`DHOE7aZy+uEsR&rLEop}V+Y+6B&-{_D<5w}QQ5QWHx zVo7XVaEd=&>5ggUs3Tb~{a!qzu^&S*dJV_Q#tVTO@tkYV9Os}0`2MiC&EjkDJdAM4 z=pNR*VKi;c|H&8*UwFyTs)T<(5LS=4cXDNS{+zz;Pn8~q@vVP!vA3Wbef!M@sEI5% zmdpjKj^196b)(tB{;ZTMX*%a>ZB+JR@Uon`=vIbNTI>l2J)Nag`|np9j#l(+Z}i(c zYBUTBuQ5f$SA}WBN8niAdl0YFVn@?~a!8=4#?*$+Vy@zfjvcX(n0#OQp!Au$C`Wb$ zx^Hwc!;aTT3;p7M+;W+)#u+2nn(2n&$w%6D-vAE+yYL1)90U zJo+V{EL47+!~gMqYQOM?gHb4(qrsT&!AQMIl#*N@Ro}9-`jb07{S>jDTuS}Pwx-l| zlu{d2b5BdryioJlI$@L?VRx~bfq*OwiXN5yN7i>x1gf^y8;tNt8W?Uuj zFY|S%WC38lR?zfz;-AWU*#0qJ!U$L6~u}xCJG$ZNVe6QK4hfo@X?Nd)f2hQ z`#GMpxgo}RykSvcH4*Rg*buM|s`CD5{T4K6OL`)cT0fj38b_ICC$lE*)P7@H+fO@o-BT-dVzWp0k84VG zlvw9w^X8Qy7`Z;-XSX0HKFLjr->q3NjZOHkomWz!9LngR^UK(*S(Eg+32XY;-nRZV z+2QYmH9qtXPiO5j!z&?Ql0w?b*j(G%h$|0U)`Fr{)Y_gJlsU|0(~OxW67)wImKb(M zMt_yB>3K|IKb-?VJQVpmA?mt4eimT%OFmW-XOgs4{J4=Yux@|bF7vd_>IXF+->HRF zv0EGe0_ybdsZ358EC)h&obLJoI9)YCCf}+%kwz2%kU|&86I6*f!yH z$quNI)gd+k)73{*6q6QC(hr%Z7rn@Dha_q96NYmk|nN&Md?-tmbDWAdLTOAMuYhZrmk<^yIAgUa% zcs+{|4*_LY^FH=}%!d5-qc@-hMwc0xD&oy-w>LQtb-I>SzFQ|hK(jP9DrG>Ov7`eI z=)2KagFMn4+0eC=5-Mt+w1_xrmfrd)i!hvApp;~eV8a{cP*95rN-a7Lw_>0K-5Qf# zbhpd~E?nl4{gCZNhJ?O6eHyUslhMQBq60!GAbuh#Lv<| zQG?Kuc6i~@7#s6!CUV*e>thatBlx2R^R^8_jZpZN7QZZYW%2Fm&7w)`DXir)=_dzY z5gWjL^v@|ljp^jU(HeFJ^McstxhW~vQ<}>u57nyaF&N4c0faA_we-U%^$ELMy;Pq{ zw?WHWbR9aW(!|mx9Ox&66yk4n;6sMwiyG#a!a2)u2{b&U3Bz-SchV+zgPHF~<+;=T z0wk*WB8{i-DGKX@orv>qQ|uTi%Y;y`;G=jvJ)bw=vgv7sp5T^plMt^NclET={ukVJ z_H!xjedJ)p%tYITgoh9_us(pOXTx|>V`YES8@$Qt!3C8$K>-5V82If9UY6bX$Ro?& zY8e#$uD{wM5tfQ33AP4{vuX9o9JRv;nU0i%rDu=21BX1%~O zRJGd1*><~fn`RHg?51To2KUs>SkKo=yn;@N_8QBmg!>3kmq|3#yiQY0haMjYGJd}E zJapkSFwumdp{NIoir1UvnM+nT8k0HM9^fxQ$GFR~6{o8H4>D;@<#$z+e*J461rQ!e zax~3E{ncqJ@}D4v?~y5&IgMsStojR9FAm4TnQ4%!Hs!&uIjHK~hwhQBGqF;b*Q&FX6TxSYb4(1-g0`qn;UAZ?q$xttFbXZg{txUDz+j)#c0))an?qM zpyeN6Wk|S|#_t?&4@L;aF7S>TrpHkya(uYL&4)|aR9((+mTTJ$C0_u;W)0_i5ov>j zh)74An*3S3Z$CrG*T|&RnA>>jMAA%&cjt~c+e~RaMc`mFKm-k1)M69#HrZ~K!_Ob%XHtICg)*-qBYOe5x*W2N1;4s zc51xuB3}J)B)M;alIxJN-Yy@b!C=Q=n6G#8c^Hc%AffAJZ33MBronR`I{$j{K+I(%ttGD)0t8V`+*HaGK{VtTB$9=@S)7{~{Me|T(cy6bo znCOPWw2NOfT~O0;0)zO+>FLW_OHWs+S0|q9R&Ao%`F`qI7QS8A1x)map>EcoVz zGsp+qQSN<}gz1px&-3;Hs&U?(vH8XLbYa7{cR}sC2G&$ODEw8?abG*{4i;+1cVPJ< zmb$Q3e`A=CQe}Y=^7X^2lsCctkQC%`Z5;y zbZtgJLazD2sGSlpI_%m*Jr0mMQ^@UrQ6hGEwb%eS{zOG8EKA?h`W z;dwNIiRsJY$_XWo3Q?^oSJN`fK^RfRh)$G?yPXXk2#M1$zGigE{@QvpUDOWc7)0hx zUPDH2BOM{yjv;Kc)(iAKqZ%q}9_S{$>oP5ri;ME5CM}6uCc%;E6OQH}W}~8yjW(k` zxp>;;HeI?iRd!4>TP`L+^5CVAeIR;fVrVK(Ez2i$s{kC(>=I>RAZkl1Q@= zC9)0D8{jv&JJI{g>gNdyh>t6A(T;@_M#^n(exHmjNGgCDnOfFxcaVzC zYcousOvC$yH2LekPKC)ya;{$FF*1;vf1kH1&=h`$(GBx6Q1D6kTdUcbc?1AGCX26F znNE+(0b~m&h{8>-`x|iPyQ>KDx(&~qr=Q)uXn%HA#JQWeywrEj>v{Gl)mE+4=(~l& zudlG_;yr6^gQHf-&BiNMEo1qaq_0WDt#o>Fe;>NqNrvUz!Np#2!^j|t4f30qG*&lv z#M$~6Ip$rfG_GFy{V73ZWm3G-&I0i}`;P%y2-~iDYnI`kb_t#e0}IlG0YyKSLzuCe zzf2sot80ag6MQ)Y;fsegb3{@+T&sRb6xy`O+n#i`)`O%_jJ&&AnR2FwzI0cH@TAl; zc*A$!6nRRru5pF|3#+ya)l8aS4~(g{bcLthw1k};@GZNWsY%i}D!eQUn8ZWg-YE^n zVUMVw4>4rX?_)|om`E)5{~}`tKv>7^gI@DSu0LDLRY6|Y^(<2mdijH?3;es=6?f5_i!M>AJ_v6zOmPOCmND{_WXQOd-0u}E1V{VYSb^Jy_3XjD3X* zTkDg}$1wc5Es9ogx2AF&M|L~;M}G1aPgHh?%a{FLp@lusOg~oHE_mYbTz9KWDu(?v zRN5`5Jj$!eD71soJJzf{He}+$Md{c-0?2kr^o*BKCD-E{9m(HAP7SueREHX<<{dk`$cvzw7-6*a&ND zj04L{w)NhaHtm)Th!1<6;7Cc~ZquqgvV)#RFL?@NsPm#<@)_NfoKhgICFU^N zEh+b*;=alHo}MR3I~D5(m&y)G+_bWY7*CK_+8R>sq)I*IeuGI-B~>U$p3l@ghT)(u z5LoN%m+38mgluF3hX>o~2tBO*`3C)Ky26PW6Bb-I+7L4#@<2r{a3)YamWv}cOxtr@ z@mpyD$f*A!7S6H5J>N*uJUsCJ{bzkW{$&8bup5~5xiGBnf?wbCXSV4r8eZeH zkFto$6!~X;1sZ_WB6MF942I1Lr}4q(4p{qyvINBQA>L+v<9 z#yp>m7rvaG5}q%|y3148CRsS2<`9;Sx7#FRBq2KuwfWiL`daG++j)e*{}5fS6#5Fg z+w%w7a7XBFSBZpvZ(wNcRRS!B_YnIlxc}YZ0Y_5Y9|RChDm43(yA(|V*|U;iqu?dl z?7Kzp8f>MzbpKEJ)-}Rv5B`B!R=h;D-XZ5WEtmS#BEHZAb8>ZdA`ru9wvmi3Cb3Gj zH~ce~)7zO9K|s$#6v`z`(mvnD7i9-zf*wp&VyRMN*4!;h)kjyD z88cL4Xm?upv#QsIrUL0G+iXg*M974@J4Gzuz5~e{(x!P06-#tZr8YPy$7IBdibqrXA4~+-#5X69bb$EAzZY*ND6Z2Cxej2LygkHaGrrH=N)%y7GP}q5 z_x0ntGY^M<>$SjjAp2DW+(j}CEM^TkJkEVq2|I2)TvJ@YK0SaBU9Z(8R^z3)?a^^p zeOmU$MR}wBB$0*gRx%g~VEG*|W5#HQ8JuO0XeRxH9ceR`tK+@+NZCwOqqjy!qoQ&b zkwmS|%vG;`Vb~Q=rntzcGE{QF_=A`Sdmle7K)lmgB?Z}Mg=vW-3v z`nkeAuJ}6&df6z>DHk3u+RSg8W&&UX|JA-2GE#JfF_!GvI4w!ps$t(@9_AfMZ6rXg z+dLb(Gp;eLgnj3J^taEEqi}d5r3h&k_ONr^Q{lfY_zhSx{$AA8zAPrlY2pznn@$=# z&&|O)wn)PFSBUyuVT>22VN2w`_zU%lM04O6lBuc%u}}K9UJ5+8=+sP;9(jZ*g=o+q zhRjSY3rAa@+D@UVXo2yJoi-2FF!%}#3>E(2WPl?SiCWbV6k6Of7*P9~OGJOz6C&rD zYnQ5LjzhyR*Hy9rg%a{SPuF_)?OUd!zt16a_p+)XSpWWG8~XLwBTqt6@2~a+i(e!T z)V@mC-|Dn^;P9b2n&ieGFnbop`X7XBS*CmcX6ZBP>@gRtHP8Yp25z5qy!&;7j{x+(rb-@DI9(s599t5YT&G7JkbvIT zS1ub)B7wrf)=;4LMf|_s7vOx0W3tS4cfAT26rn*&rSS<<_WzK-nG56If;)vtm&I?# z)`O%77G#(wVPf1ynE&~15cgpDKTGWo*TCZz!34%=R1IOubL3#kfy$Sr zmqjJv3ed=P@T??!azx!Uyzf==i&+F)U)SWb1Mb=ccG78JU*!h&T{w$^5gVWZ*7&cp zTH*1z6pS#`{_DIN&A@H{P72^DO#UnxX=8XVNInoKl}wIA@iQK%hXKzVxTz;<5v;;G z=hQ!`vL~h|NdI#g=L~v{9f)zAK}S1-k8lTcSXYv9=J&ZYqae8ab-&1PttOv9rxFcxz@~qty=c4RTo%aj=6C8B>0Gk_$2O;qO%Jw zfOi0}?KLH8%l=l%9q_kO&LxyeYhXpE(?~!_?AY`$$i%&(w9IO2`SAQJ(f!kwRagq0 z%%C{Y1$`H!WUG(EUU1f|*f43s;tZm4x)HRFO7=_z_&2V>^aHM#G+MA_<^WIA_k2~? zjzi{gsdGTeZ{bTSsVQ}*zU@@bNvyeSzv{rx_sh?dxfjjy8-#t1rpo|3Pqaxa5Q#Cx z$uelDkFz`s?M%gpLan9@t(M54#N~h^B=IV=_d;)MNz?s-aFfp9z z#Ew8vf{HeM4r1IJP(QbM9`JZ%;?ThHq&=BJf~aH%#&EKR-Y{=i8#Y82l`Hzwg0~T1 zcS+kRFyH7wbYq}r*8M4{q18{h-^DSxIz$;Yr8On?251A~UlS^2*ii%1zZ~Xgyo3M> zB@PMV^AmTIN5^gpmd3hYjdrJs+R#1t?mwzzKjH4Sy`?Y`E`Q>6=g3EC+qU~DbcCLe z^pn+npJm-8)_2hnoHauykDmpJ4m}8q3 zgUxr5bF8Ll3-5-`i&;&J?uH^)Gj6Y$yKiZ^l_B^)v^zpH@ll$ zGP%ZGwP(=GyyU``@i&>NGPxyYC|)}VV;^b-eDx@-ansx6RCt$I(GRq~fs0YOlmlVSno-T-AZL9!5K zJdt;n`y#y|BLOc?@79UAYsZ31j6gfv@BMsVYup%=0{+7o+@_gFG`(5@Xxf6<|}#TyNwN0sHX zbd6Ik3iP?~kz8(uVyC`sCT#iMp9*|F?b}|yUvAIz_hMZ_by3pY>+oSPd%`*T3q(b` zYsN3gT-0?2L!GvKGDqZh!&ybUPE$kS-J$2Y68Ir&^)PPTFlH@ zlj>F!H&L$%#xl)wEj?wbq$P0d_98om7mQxD-+=np>;y7K+tO`(6d&@7m<~KfT6C=K zBT)b11jDA8v~j!xth^w$U`o{)IPBiBbe@)2dS@gkTu7e|c}*IBZmXx;bYC>dK(~MM zED*Wi=ll9mEuMBTEJg*JgfZ5u^PpiIb#N_0NuJ7sPnyj4+rzaCsoONhlRsIhNHd$C z>htj!n4q3Mxz34>?)KzNM~f&%xWYyTJ(I z1a!srQocs(axST$$gPVNeABWVs>J21JPda4!<4gum2UWhYos#Ojy#Z;ndeX z3a05!TR8wwWP&}&3Z{c@(hSTcIh^A>mJO52_B$ zq2Ikx=rmN|dUzm@7M6HOx(TX(%qEwz*{@L{EOZXTr9z%hoo)wz7}R~3LQ?s2Ot2>P z4c4{uc6s`7_*df3AdT9YLuxK8X7DyO4}@kfBqje>8td1uR>T$Cg(1DpEfRN__WN^2 zzeRZ~Rta_l4_2H$k4V|CU&{MMJodi4RvtG+<+`@0U`cOSaw0;r1wF+51Q@+q8hbCs zY>TA8&+@$d1HjDK4!E(w%172&^9m~iyeiBZ5&i*ST~!A`;T-j+nnvi$&uw>@|kUuIMPmR2U3LaK}bg@7v zN9b8>(%K)U>_#4ncg&B9>!5UxtGO~#3hbo@BWQ;VW{|s7JcL`zTZe$OlcOqJEBQoW zIC;jLHhy_UAjwgPAqjapYWEn^KLAV@TDCVgqb9u0n22=PfTbuWuMzsgKD8b#7yWLm z-crM~H^NSr90s@crDRPAid^Ks0NB0G1rPvh3NyQ5L%z!TweJ%9g$`rL0OmZU=4!44 zTq>0mPYGEz4WU)Ky+YM$Y3y`)j1roQu`jRw7&28apb(%)cJG~DWIKXP;FSpZD>%<( zD)vuS1Sd3VT@NIhWGH{-!&1gM<}fZLuO?a>KR_qZlM)DkO{t|-1E$ik*t&L|33Gf% z=?_nqu(ge$udV(N+SW8gN{?clu%cb7#w@t_K-mA7Y9tgKfOuawa2|5#dN!o&n}KQS zknX@+;xcki8DSDH-3S<`Xfrqssar6o*oR7n1FuFd=M^+zxXjPOf^c7I1{Y`cl+Sii zu95lce<4uruWrnD@@mvgYUi(*9-;F*WTJ-mVI%786_>etH_bk7kK7h*I;M{>Y?AwJ zCgyt}2`_Q`6kO(?gd8_$?_{%W#u-@+gkU1 zzgC3ei1xsfc%(f}yJ9_z6NwZ3zLT3Ce-*(3=I&3-EKW)(buc0X%bN&$k3FUdEB%F1 z9004bmMr(1%MAU1iWmw2OXq+W+q|^rf`?8sn=`DJRGTbGC%ItnCq@D0Su0jG2>ghG zSQ-yo0IUM0O*0{0?vHyokpKFrLsvnYz3XIW*YUyBtwT2PhL|ZCg8@A^bLhNaveU%5Pko+R{mnaQG#|52o8{bN~-ZC`_L8Aw~G-&nKVF-eKu)a zR_D|v`o`k7?}rxgXKVK3 zz>204-vDuLzEJ?RF$=}Q?d)PSW0{^@U9S(RQ3Rs|Q`cq=i!O7bHixQ7A^jzQ9-F`u zfzEc+`AS-@5m5=0tZKfyX(?B~t1D1PPt}8BWBx{J>MmVk?8S3iE=MvG246526?z(tM0}%g`Eu8x={?&qrOcAU~mop}5 zr2Aj|>lz*;Y~xCIo4-E1Smg|xn3<%~kUD-vX->U=wMb*#1Yxb10yy|AbYNn)G%H40 zZ6-`(0*j_e4HVe4(h)tM0?yQ!#60OPl6HpJErI|Q`f&{G=1!v;vglcl72T$Nzp6fF z*-w!d1rNS#@dVxX7VlyM$T-XkYZ93Tz96h`N$134D8N<8U$v>hw0j&oPJ|HED?**n zW)CxpMvQ7J9lcwmHZ)H6ZMkCfRJ#8{<;8iRrFik|s4im(7khx|x_d#&zN&qZe~{;W zq?O#RhJm38q-DQHqU}|(U02K&+biD==kJ6aLaWBg)rO!iG_m^PqtXv;uyA)bXO)wg zj7?EJjYTSuK4~&So-frq^xHy&m^DYTb|wM%8eveP5x($Dp8KNt+`T#||GU~WjIg~6 z(QbFU`(C|^RUVRVzQ~p9GnRy$8aF-OcB|&pI9Ick zF8#2fB;&b6YM%1^qtx?lLkB~((Z_=VmiHf2FF%lCOv#t%1WKr5JVpVofWYjNh-s-} zfp~G0i$eHq9wCiQhQ}G?m)w>dPi)_o9k-Kg6C&zkGE`i(cEqkZ@NSQ<$q(vbJPpq9 zlZo}Pt;dMcJWFU=1wJh`86|lu9e&w40DJA+h|N>Ak#q(J+&cHTA9Qf{${UTKba#0l zDY`v%tx{Fre%hqgE!JUrMHye;kjl}^R;rScX~=FpdCO(bNMf-1H`=M~`#B=@SeG0Y z5i_UEw0LWiPBv1?W8Yw8bg?#Ydw6Ut8j@IgfSH$UDetVe1I*1mYHj&RtR4=mEH_RX zqWx2x3oPP%CL1O)JL9L)=2-JlVNHw3^HE{an9Bd!U+FI}^ILXOsI$6bl#*(C-_jfR zBvm<&8Lw`Y|Jh#`XUc!=ugJ~pquq%2w32Ic{3BTx8cXlRnx2JdgSO9`p*BpQ{nb$F zSz|*_TAB?(aJy|MgOzNNM%c!ayFGz}3SYqQ^O72t$?H@3S=%xEP-S}ZNaXSap86A& z9y~R%W)AzUnj{rM+n=X{K(;)UhVz=J9d#n`D3b;Ewu|z;x;nH<>r9C~G~H>&-;Z=R zDGoW58&Oxoqv=)uOl9L#{J-`WgvHH5&zl*C>MEWX5S4lR{_&W6H>MYp!)7c+;Ob zjRgI(zZ9mlH6!YQ_Sewh??ROZb`&{7!oa`w7sA0NNwQP*o%idQw8kkt#i-VpjhS$S z>UEG}(F)A~1zM0evIEX<`56Mv5md~C3gI}?V1SmDmJFqEQXS(l+^%J^Reg}G+T?I#1v{B-B%cSl6Z^9|wwnH6>D_YoL zmR9Njgl0NzA|2OP_&WKWDf@=-cpF0-+wb>F$sRMXpq>?t_0N$!tgm6e7f-~=LQ8Nw z%J`-G%e(^bSrHY!Ejve<^hO4lOu8QvuEzf+p_Z|mkcs|Fe?`&wbB$LC+Mq@I)AZBB zj>O)@meoADyjL%befQPkBI5DUf?dfa>b9OXO1rpNjn?C_S$jNf&L_%j0X_ixKlImv ztL>xTBA6wC)WP)nU;4{Pb-2?k_|*wyW}5qC>A*mnIqCLmrlRfDWB17^&<~;S5h(q0 zdinsb?rK>y=1^x~F$!yLjI%NAEY^RIPSoF1Tzk{R5HDmsnJpO zm;Ty>g$W!En}Xsa;GlvANfV0Ks7F`k`+Pe&QixeEGt9hYr?eb0`<^Voyy;+Gwq>u| z$jxfys&Y%?xt>=P%?9qu+X|PFM#*f5Sr_ymHaMP|ftA@v)uwyu z9u5~pcdnT2%MwVUna@RwC*zs1M$K1!qPq{vCWv`X|cNEOF9?%!|OQ{DY}3 z`2e2OUxRh?yt^;5vv;f9cqD3VVQhg0CI={gIn&tuj!Gtb0m@&LK=~`wpVw15IsZ3s zo>*ZPGcl)LF2drp30=&c{Vh^8`hvDl6?ipv87lJQY1`b|R8-1Bey zy;}l%Cm}lY!Dd~R8qoI|Z{7(t(rbuFKD!ch8jS9y211wEjOR-_dTxlLff?Vv4|Wyt zOKTy55WQgLQw<*3$-tK$us`N^AOy?$Vwc7pD@0Tp<{}Ty5izdPc#huY$X9>L$xrI5 zoZk+Xf~jnl40;?-7C7VaM!5q?Tf=-*u7<8-Ux~JKzsM%>g+Lwioqhhs9A(L)gyr|Z ztU+o|ZOh{OsM_C`EXIAAvSotni|3#~_^W7OOZEks679JU#*x860(;Y!OljLUe#UR% zTE6^PXrOeCfE7Ep(dDi1{>;WByZvh}Dxy#_N!SZAgUGbuB~|nsdq8oqqvNBX>(&I4 z)NPeFcHFr%#5xfEVqDHEzI6Bx{Ds+`XnPk@?4=viJRj;*jpvl2sR~sEgue=?wUSl| zl{7APBAO6y?@uccr0I~~o9H%ez>1}Nbfv6YXQ|^dJpGLTVKOvPWRG31wd|0W4krS| zi^41ds)WHln|Ns0V-D}pcBQyf=;erb=VbrEHYK?#;_yEw+~sZ*|-DJ zAW`i-88GH9Sn^DOLy5z(<2FO?#F7)S)-U~@fCxfE!cYY8UtgX-*U_1#iDMS$yT}up z=u?cvtS_RQs=0K7|HO)038VTsj|=F{w#Om18+c z^-#e)QU}M)5s;>(X+9Zv5}rJDUP?}@BnmM2T3!HZ{_A0)Bx}lQB2ui}Z!K;!b+O&wV(I#%AEVEv@M5i~67$Xki z_Z8kSmJ9_I$$ep-CI&ETk_gP2d_lZFgZ(}%Y992MUeL?UIvmDnUvHJMXpv$roEl-0 z70!m)71zJ6XAQm3!9MH9B{lwzqpYkOp)o_|5c>((;@+yCUdrXMyPksTMo8_np=hU;Z9Sm z&g2q$R^P82BuP{$dp9q)`0D4~s< z{Bfa)7Rl}L%w8Xo-ueJkELih3xIAB?)R#ZO4*&-^^%@IAp~4s#;X_$Pzaqrg{1I?? zbno5%g34Je3FwhTB6XAsSH8+D3(eYEHDoH823-O)qN}py1Tb3s-~!rb>mF3~%l5wH zubOs4og85L6+rY$hHAe`@x>RD@}Nlnrb_YZDAKDeHdybmvY0LQ=E=lW>Tw?Zr#h>S zeS31Jv*tHbWUff`Gp^VMFd3HI+tV;7*b%2cVUVlR`$@rEE8CM`z@SQQO%hb*d`n~+ z2YO+r3aNX$WM;i7N@}GXWdCSGCQb*uT-9G>rIuny9M!~1J*j&0PZ4WDgobWg#B{{O6dy(D=sp=B@m0l6!v)N! zOqK4lHY<&;8eS=l;w0fO^ZQVg9DR9J^ApQZwPjh=o3&^)#-bJK6_JrtM=WbU6Xp3de+*s((z`O}gEslp4-L7zxgl8sS+Tha=v^O3074Q<#$Y1;eeH7hdL zMLsk_rJ#=soXVR9U5i=F46DqGmQ|1W$eT{2vZY*A^R9mC8wQvuk&ss$48t*@+YOUr^O4!LxT zH6DcZROzq!^%&gaV+t3{1~^N+U=uYlGbZwZ&wRM=h&?szJ32zXpK4VXwaMh|xK!Kw zA@pbxOab<*teiq*dFf<5B`<0DPBVoREnL&;&3JIaUgNL&HI$_E#wOCW`TcR0YHmr~ zvCoVF+NPkb*Rr53w>s)DVD<-7I$W*y8*qv08x2=MJlcXdg{i8;zhZ5zbe~t0;z-_` zG*1PNL9NI70KOKm^71?fT14pNz28pf_UW zkWrZLsgko1*&*09X<;$@_A-&rsTC}Tr;%;ku89>5g{WMM=*L#Fo7doR$r(gahf@^# z9$&PzjJ^)w(}MX10~|4PG`4DP_51PI3~&dTe@PABP=6~RcC=BBudrQSEz8p!x%4R7 zQq`+y37mL5RhvrqW0Xm(HelbcL$TL;zmokJ2>*?bfv4n<{lmNO1_8w~Ib~TYw4U8w zttZ#+7r=8z`g#>Vp?i*0igINfbE};ok{CkRmx#9)nQT~bnQ-+l`(^e;x)pxWpf0>k zEBO2TYPCYM#u1-){R-rU!9%A_i=sYK1MXYv(O>q9EO64&C@eh6YJO{g&|#?=z!$Ic zx}pCIZ}ljdXW>Tt!9>RQJT~CbGksUGlnXJn-XN}Hd=c9qiVR8%&ah%vAG{s!6~E0E zPv;DLV!JP-3d9hJJvc7!kg1-?6OrXtoKP|I+&Zs#NZRk;Oe{D!k_aDGiCeWPp~dis3)GDHgHwL$8YoWXF4SA+wuF_!%h zP-Pi`e|owISEtKmXfkgw*5MtKAGaqtl4dJ0;oPFYcu2lODNgoJ2tN3 z=v^k;S}2+vTqed%WGZi3j5b=@Vn49bj8V1i1l$C(#SM)2;+eCRZmV}rsf7)8kHS8y z6i5;%uRfZ5#e5V>$uEWWC!-jGEN}N2ju2xVxKE4vya|0oeWSIC-&n-|eXQu{)OS`CvEvluVbu63Y*k#C!X4DYx z;z~5R$8E#VP@7zk<7PHSfIwsBbIf02dg3?@hmVDC?KrK>y1=wJFDg6jirvFRd|K8K zkB_AqxH`*n%knUhxSX)wJ^z9wiM9bRU7H^vVN6*_OAPwioyOTBsNai*8#S_#c( z+Y;rf<+{F!vqQYR5o)@i1o^sOaiu+^Sl!k5jBI>BoI;0^KxPTUw^We;tM>j)&FlL| ze&rCQ!3l9k|A~byf06S{p;@b{e>`&|r?I3 zOJT@MsMWHA8#kdt^al<(g#2j9sO#^(0q@`neSd)Pm#ZyWcb;ya_zjiC>G&)#gR+y~ zP1W!?J6!y62kNtR_Jj>BfYoYm1Dut*#)8<-fKJ3FsZ)aZBT3*ozkaW(rT?(x{ z%SZjPwn=J4K;o-opyR4t-7SeeJ(g$^PMeUs`qSpyIq>8C>0oi4#h=YC_>qt>bEs3O z6QW=VeEqXpp5T->*PdmpcXQ}@w|wXE_$QA1tJpnGV&&@SK~opAOD!hqM7mdOGBWhL zl7vLsf8npwzwlR?_S@s4O><-N)Q4qb`j+R&HBrZX`V@(sO#8R+gPY_RSuBZ1CdoVb zXk5rFw+tzzmQ-YCM(ohZYW5@kvoaLd_SME2I9Hp8I`<8d$eBR93hzozVP~605{99` z)){_M&O9Ecw9Vj-^8$agcBsddKuFAX`j(Zj^}VJTq88KG4od-zWj{6o8r+N7F6Wr) zs#h1wd!sd;;OJ8#2!Wu-3!1uP`2hftu<&fxVEdLr=BxE^>y|s{Y!*4vrnaaj(qi$^ z&hjPG7E6G)V*Cv8wVUgx5K&hUek?jG>?jXbe5f>Ndj)u|lIjH&4HU%-{%>U;JQ#l0 zj19-D!R!u&Q!Y2*>0_-@^8(YnqNwa(APxo8qSlVJIDc;!nEC_NC?F(deMbjeusBO0 zW(m5y0NP&+|LiYE+fgQ@f#0(%&&JRa{E>wzp|MvE)1wTp6z%w=qeW0;p;Q7vRL%IT z1thiL3gu5e#%^x}wJN_#4(OQ-a;hO>q}0Ev5RvB+D#+v%D^F|2lt}PpkG({Rxu33s zQIE|xsv8;;t^<88L*r}znr(`hM->OE#fJT=DiO$FvZyuQdIS7yXALzlF7NmW9Q`^Pd<%p35*QJBxkk*xU@b0Ccy2ewP(lJRq!ac|n|<&x|ZS zds&>k>yVxFt`jC&(gS!%ZcYrF$JoQHMlSZa0&8=qvX4RK?EESrB;_8k zl49>WR0rVt5@AFvzUAFpz32gu2&vjsEgO8!@qxB z^>hC};ga;G_olIo8SnT0Xy3TH-&W9_MJeK-!pn(NcQpQzc6BE1Q-+6QwX6?+0CGLZ ziv-o~6Aq{ykEHc8KNv?>BN(uukLJBd{%GxS|6{;Rk6E`F2H@R! zp|@*R0u;=iSL6#YTM|W-Qn{}`}#_Fx02OF9E)88RRPhFg=)G4l%h zImPM?Xz7{2O1Bi4QA@6cale$acBzvpa7=bY>2bB8utU00r4ipl9{o|zJBhXb?nJ|3 z&N?Yu;}soE)4sU(x9A$!?6me?aGFp;9l{7l$9{d%&%X<7{T)M)KTe2o(h zoZwhx(9z$|c=hNO@mu)^=NxYwAlcg6J9gQc5jocZ;-WtmETHI2pGNa}>R+^^-v$^h zDJs3T(cUt}7WpF;GPbW7E|Eni}G!rzuB~^%ekU93CpwMF@j!S z{g$8QrWhKOzQf=p>ci*ZW^sMIfpJQ=>r6ewqf|JT>A|asc=JvBHX9sP-n@-^luBYN zyZiNZeV(HxTIi}42}f=(*F!G2G2BpVYUv01w^hy)?detVCr<|^1RN>a?)U>s!bL{> zweMxG>yA-JvJpm;yU2l5Mv&TbiFr_3d6mY?FdwYn=bZX>aonk4`F5#tzC1f%Vksft z&k)Cm=PFRD4@i_jwe2b1o4RT7DFp{gZ5HSq~l+b|VJCl1sQj)`+THn6Dhb89|hv(xtKAfw90~s)b zR;aMW5s;b%*Akz&Uw-Z8Nt+%ZqgD*O#nDAMLH`&q_nlS(jCgmPHPCh)O*a{V7CrJg zF1^mYRSm1#=*a4PL^Fv*Ni)d_pe?*=Q z3#zs8q=TF=6R^jdl`fQ6D8B!jE14|%e{&^kfd4O7f}oP^$9MQQS3>C6`aijn4CVS@ zqgztua8LbEv6QFskHhzKLhC9ppsFM-x*EFOh|p?jpB?+HR3B% z^O@D0iXVpxU#K)0srI{Gkp~ESJa1lWbl;DNa^C)QeG=fKVk2+A6Wf(5Z&9hBG_)|m zJq?e{WzDOd)N;>jf`;*VceD@%(NZuLb?Ueqq`mGn( zx8vB9UorK1Y9!MizaQ{m$zsCp{Nlk-bWt6LxPW}be{Vy~_5YhI!H+GAC-6um+9_!G zN=sRsu^Le&+HLP!Z#Am^lKm}7df%y!(gxXU;yoBiy}0g`RoA_MblF3pzD}59;c-Kc zldHaqpn99nz8GBc$Dv36}PPgF^Pd#iifh%Dvkwr zwjW%4AM>-bt_mfeA1zz>@5}HX*JpbI1fTOC*BN_z1qGMg9=8Vv&lNq_d%iv?m=%_9 zXE_pEbsD~K=lf4j3OV2kb)>lN<;A2qyUM&&G>pO`%5-%h7mV8TZ|>Ch8}_ch*7Gm9 zjHw=(VyH*+Gs{G9p=w8vE8JFr4j3WO0RsU#VB9umB=m=Env>AjwX^>mu=zc4| zMvcgah=(QfnpVN)v!a;D;RyeJcDL5r$EB~XaK~_W949g0<=1!qH%p=h%#w)h zlWt0vB4nojIytOR%bV%(E|wHk>8#J_{ONr{J226XIN$qqX)L|xc6s;_Eh6z}r9>*q z$&W$gCFK*w-slyDJU9*GkTPasf$hjZKZTK<^gizZvrT99f%Tmf$<5ogFgdG=@~a>d zPyJAgu4d+vi{?Gh7f`5OKR7|NRHtjo6$uR(fl4q$rn$>R#F$!u9Le&?v-1}l@tMku zZwnd(*(9tv&T>CB^W}1_i)-YHOXv?lGB_SsE$=W`YG%LuiqXO0S%~o2t}qZgmPRjw zp$DjA27q;V0`i$ua|JhI(clrX+JBZD>^Pz}B7kA&P)dY+8Z*7|G_0)y-%Q9Sw}eV_ zOy^9F+qaS%3?&ICbogG#L2F>ZRjo#PMN8171f|)X7^!&lxBqj%?7*K(sCO#hSzh&3 zKm#^p6q}fG`E#jy0JmLvq9@Dn{>wsZz zSR!P+Ks(jtr1|MbaA_Dj{6sU}x2sF6@&3LPMcfI4?V> z!YAIfaJikHd7=^@0zKU_bQ*Es;W#WCPzP5oocMrK={VpZ7mmGi0n3ol&r_Y+{*%u6 zi1pe302D1Sm}cm@5>?}^GCNir!d*VQc_vp&U<08RmUsl18=<8`C9pn3k(%wKy;t@@k~lRH*Q?(1^`*ml$%!SCj1VG@^tP1%IiUKGI49 z#PN>11X*+s*{G5qNG(I1CV`QfQyCGoCqbFtpS}iAs-?vcHQCah>qDg;gizUwI(G8s z?-MIy|3$z`2ZGHH)JN%13&_8v(-LC9OojtS;o@36J_3_#_BY@#!&wm@C7mnx4qQe) z0{X*2%Ib36ZZXyY;u08L<<8{HEddi!(c!*j)!eek^badM1RL4eaRRpI2tDs>Q%Q2Y zak8u6j2$}@r%Cw+3=Wd1+z}9ze=6MzqfPfevHuh}mnPEJqGzmjB6f0^elZcEaF>p* zog&n$(wrzW7(K)$(3?;_wcJCi0X;m*alTPW8LeO$s6#^Ywsg#rHZXXZ$86#Bib71x z5QlG)qL$&cLZfvgV0;&8Afw>Y?qwM4YC0m^7$={-xymdv3m>KE7@zHe)=P{@_&Y%N zg~))~rkotyC#WuR-76`4!3cANp(wAjNz=?Pon-ou{9v@O*jGgpHS{_(j5KatImYB@ z$!S7egDzU@ocpSp)y70~PjM@gIg8Mm+%`3zr7C;5cwU1Tf~mkMTczxV6!b3v2AIct z29zXV?m6O8i{jOsECI%WbMk*xXpyS}Fsx~wg|kJaNHE4rSoc(9=Bc~lsJLXXlbn%b z|CE6+cM2egw?R7J=&h|LL_GC5*j*2~i0DA*Z$ogPcbVpb?rOGG z6+%`UXqn2&p8-%`oNtm%UckL9Z{4f01`CHW_i|k7a?mV&ES9UZh2Wh_e--Zzf(uC& z6?RxOP$>W5WKm5e5Rs91AdvN@>2jaY5y5)*oRcpIQWi7t=<v_A)lIVsy$+9(a4qsudp}e$9qw0x$pWC-+DhfBzDbSy|v&*`WGxE`ak!im^2aW6O62B&ISo};LezNGS0GUx;MM~+WEg)wf1R$5)MSavTDYX)?Z+@MW z(-9}Vo#Put$)NA8^Wq(NKY)C25VlWaQ^WOuY5;{ED3UagVAdYCO5p}`%XYi$#*#=p zKiz*KMbThg{Whw<6z_C>7IKcTd1%$g7A$AX24`d5TK?hPVaqRg_e%~}=LQ2!>=zHi z+mlb-B2`ER=Zs2ipa^G86ZD2+G;nTMg828Tfy(bS@cg&F((1hQcU`g5RZZ>Bt4ut0 zVgCfMq4}p^NoFtsi#9>T`Lg!&nVpIo<4G%-KV$f*z>txA*)Qp^b2Ja?dm`Q)9g4e3 zpa6yk5<9SdE702_?VX2|62^Y`n7OC{pE#OS&x*0x412aZL)!H2yh8Y0j9hvnE zt>tfsh0a_Id|Q>Ky5N#`s;6Q?Ub0UYv-Wge`f91acfr%!~s7mCm<*#=IIiO zyZ4kZ?52;oNA`!;(6>@zrtTc+?P`UDQsOil-ZG1MVH1NcJ0&`g!T71tJ|sOJ6y`l! zngPimYuA{LNKB84_QuxpFbM+uku^#%XM$OB(Wy`uR-1mU8n_xOY*biqm(Akl!zO?28)%iL>=uI@P)FA5d3X=)QZ`9c*U1d4 zFAKKBpaKD~xTzvkoHhf;I2Jt-3RYzZIUoRr!Sxpale=pV`U`+{qfvQ0MNI0Z zKjZW9*<4h_vH=0GS=-_(1f8D7JA(C=EM)dqhi10jJFUIg@%HP+na)EklPM;tBU$qZ zMHrX2L{U}JRa9{{qQEYVd0a;QAMv8Bt5iJbvlInVXbWn=j31x^boUcgWR@r042x6# z5u`58*}rHXOtXhe>@!(#P9e?JWIvSG8xFR|v5vkQ^+`-MUv%YT)ReY5;YT71r83az zeB(38us)v9QATLs`){zwiWCTdS=V@&_)O~1;7yHZ$nMa zv;1%lBZs}V(YF@)I@lyOKTUF|UBZ5DG}la2Z%RP-RNonKxdL-VLEYwXrv&R=tEgN` z(k9yG`r7;O8}oz^h;?yY7m-R(nOWL%%+jsQ^$cGXCYK#X*XIN#afXP`%OYhKW8mT@ zf73b^ntS7vT2ySN5?d|8_V3`JGy$JXH8e+wd?q6*bEgHZ50we|fX$|bXkASW3|lZ{-Cu5COPR5Sy9K9_Y4 zLLii>*KgpU_EouXhVd7D#c$ElZ%+h)fTwhd48*IWf{9$*gcxay{6}bNm`saPPKn#fEY{lg^zVJ zni*Vzm1bxm!f5t1v)%snzmO*LYQ&tpQx9lg*I^?W`{gw?w5fKx&}aJj^hJ{`y}uY*v5$FG4z@?|=O-SPy7^(795tz@jKb5%gu9$>*_1 z*gaVu{cb>f$e$euJ5A~6G<3h_K&T2XtSTleG=(gvKmJ21o|yv+8XxJtN~iP)J!P4k zQ9aZ{-$xVx>_w6auC6M3m-vkEZAO*HP^PvTmzfamIqSn2FAVf0-|0)2y!1XgM`t0K zKg89>enF~QreHi(22)N}|H4q=iV+UGg7iJXAZREqQ}<=WwYE!q9+?4iYTL? zEi4kRpvs@h-&y_U7YMI33GE3T6+IbuU@(Q2+@j1ExqGx&O=Axws376`lQ?{qx3XmW z5M=5UXaAE*hGg+}I>+bZuJz+(Jq3zJ zB=Q_h3n~}chOG1z;roI|*U4rAH%TmA)vP{cB9+EA1|jlL01J^#Sk54tYDLq{?yP6z z1^%`rK;0C{)dw}71CGRXDsIS)-sk!+sEH`x7E{T)eoB_2$iZV&q%EFnoFhZdZ6 zM_Q!+gDVAPs!;y`?9y_nv_=86>k2P$$$Qmbn@U*VR8M1!T({UnMDkUUD4H@ToHmFz z*DSvhlB)*CxiJVf9W-H_`>h=VWuCqTiiIqP4oZaY*r;V^?FZ(tH2NEMwG^V^Qdl9v zU-6es9sy~)I>?C`v0T06Em7t@Vn(nlr*88cg6B6|2?Q8epRZZ&;{Wv|_#EynttBMq zULvERf$0gI$%+1?$U25-$9eqmlC83rJpbwB`rqW#3^T>vPRwyS)xDW4j^=UN%v?6O zo38Y=E0Ht%y#9BTs|mp21=?Br+FcjSn(g4fSY!onvuGZOl*(HV?+Yq zz_(ts%x>3uE5E22Tx4=;q%@<4=x=k8#q4}J=FTsu8SHdz0S6&F@RfQ}iJO>6v z)=!Z8fhaU3JO!KXhOQEFm53{YZs&rYW2&giX>`r<8E0xf6ZzsK7SYL4t&)>`9{ujO z|Ni;TNR3Gt0l~&~Nek|Vni_(bz*wlHi2=n>Vym@K2!_mK{U4ZT-45tdW)dpZWlmEx%3bnin{zM% z9hIuYd~oYQlpBS`7TY;7~KsI+rZnHDmK+4HC=SN&gK=9k}mdM zpi{CeRy2h;2C#jYeytqQM2VTAJduQ6LFf@6CfVidSRr!~&`p^cH}r)u=;#o5QrMGA zpKyEvxNDkU-P`GN@C9A5i(J&NZ!C5wXQ zG*t{M>ID|dJ+zd2QC6+|n&EOIWpqTeTdcXPR;?kN8K??!7 zgD2Y`zMx4nlXR~@&AHk@e{+(S#Ve3~CpLQeGB4PKz;q_$n-rwn;CaCh_T6-wj2Rnz zyt}WU!mZwpVrJ6LAk8db-@T#fhRj^AGjQN~@MB(ZHjQ#2Wu?C1H6y1MAs$PK) z*G>0TtqGG}aX^^4f>M>&3D5jujlCZe3ift8TaqH*yvb>ep=%(L* z5}~=s_S9>-Ru%t}rK~ARt1{uQcOEEVAQY2|EXprz=QR^H;WB<+%=S;(bCsGe^R;}r z^C8a612i`^Mg32TtDPb~MqHC0e|j{XP9J&Iipl!fBYh2iPA)3ApO0)_uI?i7a?efD zV5E{=*cQ#s&q+ixKJ~KWv0iB9)2RuLG~Z%q1bOn~k7V`^lVN9Ne&$a zrpEHSqL~&0YnES`&lgO={}V3pAK(VTM*xKl{)x4r;GdcMK4uA1tnctAPT+l^gqS;Q!fK80`x3F|^51a1Fj2yi8M8ZsoP)nqiw|qp1CsKNd0$HGaPcKHTki9qI=&|PAteVfE zcC`ksg1@Z-w!=Lw!uGj(%k=dfS3C+og=EGcZBpyz zo{zithk%(!S_PK{%U!u-r0E%a2p`lFBAH9RNLf7P_Lo>W z`Yo^S;R1T7RkCTk;($YhN%48TP<~S=Fkza2fEN{azfS?Euj51FZ%`E=pcFqCwj*cy=K@H|pR9`I7-mx`jH-?yI2d$r(|6MUf^}jK|*GH8#3}^2^ zVN%onvU}ZD@DSS1UOAjAN7Qwto7wf1(S(b{ikOP>=i`;_tR8${a;tm5P8t4m9vk=di+8V1 zFJGBIzBzws|Jb^G>UH#{s`YZoV}{uO@;P}cQuec5>?He}7 z-e@$S-|WBkb-g|8<*%FZFO388gRFf1(X4p>3tj0dvikmOUfhlbZs3MNmtuez|Jh%Q*X}KUW*1}gV&m2L zmvJ@jv)tq5_-A!F?z8mc_4wy`J?_T?;|2Mbvex4j`R9B^?!^h?CHWV#*5fsK$Tj(2 z#`X(pIZdM_%crWyRl?*+w4}MJ7SXhPdoo+HWQApddyVn*>C>m5fA$&t|LN1G+y8(1 zufP4*e|h%V=fC^>cfb4B&wlsYe|h@pr_Vn9^k2x+TYGD-6;jdsU!Lwg*7nPNB<)w^ zoGQg~EQpSai+MUw76H(LXmm{%OwJzt$|MpN8H8&QxnxNKg-TpX@x&DMTSE=DrS~~a z<43nZO8TmR*HjtH*;gm?ma+2_r%^uBOUi|$+iJU$96?q|6 zE0L0KUtExw=kn2P!PN=;7pMPdcJ)Jk0{^uiEEgyGKlV?#PEX2?u4r^!WMmEySHGUg zo9xlAXIJ$4(XVG}rT;B*zIgQO|L@VS$hS1-qLAe5) + type: string + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - image + type: object + status: + description: Metal3MachineStatus defines the observed state of Metal3Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the Metal3Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the metal3machine's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of metal3machines can + be added as events to the metal3machine object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the metal3machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of metal3machines can be added as + events to the metal3machine object and/or logged in the controller's + output." + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata used to deploy the BareMetalHost. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data used to deploy the BareMetalHost. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + ready: + description: 'Ready is the state of the metal3. TODO : Document the + variable : mhrivnak: " it would be good to document what this means, + how to interpret it, under what circumstances the value changes, + etc."' + type: boolean + renderedData: + description: RenderedData is a reference to a rendered Metal3Data + object containing the references to metaData and networkData secrets. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3machinetemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3MachineTemplate + listKind: Metal3MachineTemplateList + plural: metal3machinetemplates + shortNames: + - m3mt + - m3machinetemplate + - m3machinetemplates + - metal3mt + - metal3machinetemplate + singular: metal3machinetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3MachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3MachineTemplate is the Schema for the metal3machinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate. + properties: + nodeReuse: + default: false + description: When set to True, CAPM3 Machine controller will pick + the same pool of BMHs' that were released during the upgrade operation. + type: boolean + template: + description: Metal3MachineTemplateResource describes the data needed + to create a Metal3Machine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + automatedCleaningMode: + description: When set to disabled, automated cleaning of host + disks will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. + Metadata keys defined in the metadataTemplate take precedence + over keys defined in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + hostSelector: + description: HostSelector specifies matching criteria for + labels on BareMetalHosts. This is used to limit the set + of BareMetalHost objects considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true + on a chosen BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist + on a chosen BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum, sha256sum or sha512sum + value or a URL to retrieve one. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for + the image. e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: MetaData is an object storing the reference to + the secret containing the Metadata given by the user. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData is an object storing the reference + to the secret containing the network data given by the user. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + providerID: + description: ProviderID will be the Metal3 machine in ProviderID + format (metal3://) + type: string + userData: + description: UserData references the Secret that holds user + data needed by the bare metal operator. The Namespace is + optional; it will default to the metal3machine's namespace + if not specified. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - image + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3remediations.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Remediation + listKind: Metal3RemediationList + plural: metal3remediations + shortNames: + - m3r + - m3remediation + singular: metal3remediation + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: How many times remediation controller should attempt to remediate + the host + jsonPath: .spec.strategy.retryLimit + name: Retry limit + type: string + - description: How many times remediation controller has tried to remediate the + node + jsonPath: .status.retryCount + name: Retry count + type: string + - description: Timestamp of the last remediation attempt + jsonPath: .status.lastRemediated + name: Last Remediated + type: string + - description: Type of the remediation strategy + jsonPath: .spec.strategy.type + name: Strategy + type: string + - description: Phase of the remediation + jsonPath: .status.phase + name: Phase + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Remediation is the Schema for the metal3remediations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3RemediationSpec defines the desired state of Metal3Remediation. + properties: + strategy: + description: Strategy field defines remediation strategy. + properties: + retryLimit: + description: Sets maximum number of remediation retries. + type: integer + timeout: + description: Sets the timeout between remediation retries. + type: string + type: + description: Type of remediation. + type: string + type: object + type: object + status: + description: Metal3RemediationStatus defines the observed state of Metal3Remediation. + properties: + lastRemediated: + description: LastRemediated identifies when the host was last remediated + format: date-time + type: string + phase: + description: Phase represents the current phase of machine remediation. + E.g. Pending, Running, Done etc. + type: string + retryCount: + description: RetryCount can be used as a counter during the remediation. + Field can hold number of reboots etc. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3RemediationTemplate + listKind: Metal3RemediationTemplateList + plural: metal3remediationtemplates + shortNames: + - m3rt + - m3remediationtemplate + - m3remediationtemplates + - metal3rt + - metal3remediationtemplate + singular: metal3remediationtemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3RemediationTemplate is the Schema for the metal3remediationtemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3RemediationTemplateSpec defines the desired state of + Metal3RemediationTemplate. + properties: + template: + description: Metal3RemediationTemplateResource describes the data + needed to create a Metal3Remediation from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the Metal3Remediation. + properties: + strategy: + description: Strategy field defines remediation strategy. + properties: + retryLimit: + description: Sets maximum number of remediation retries. + type: integer + timeout: + description: Sets the timeout between remediation retries. + type: string + type: + description: Type of remediation. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: Metal3RemediationTemplateStatus defines the observed state + of Metal3RemediationTemplate. + properties: + status: + description: Metal3RemediationStatus defines the observed state of + Metal3Remediation + properties: + lastRemediated: + description: LastRemediated identifies when the host was last + remediated + format: date-time + type: string + phase: + description: Phase represents the current phase of machine remediation. + E.g. Pending, Running, Done etc. + type: string + retryCount: + description: RetryCount can be used as a counter during the remediation. + Field can hold number of reboots etc. + type: integer + type: object + required: + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager + namespace: capm3-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-leader-election-role + namespace: capm3-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-leader-election-role + namespace: capm3-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - cluster.x-k8s.io + resources: + - kubeadmcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3dataclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3dataclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datas/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datatemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datatemplates/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machines/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machinetemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3remediations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3remediations/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + verbs: + - get + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddresses + verbs: + - get + - list + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddresses/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + verbs: + - get + - list + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims/status + verbs: + - get + - watch + - apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ippools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ippools/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-leader-election-rolebinding + namespace: capm3-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capm3-leader-election-role + subjects: + - kind: ServiceAccount + name: capm3-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-leader-election-rolebinding + namespace: capm3-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ipam-leader-election-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capm3-manager-role + subjects: + - kind: ServiceAccount + name: capm3-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ipam-manager-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: capm3-system + --- + apiVersion: v1 + data: + CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} + kind: ConfigMap + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-capm3fasttrack-configmap + namespace: capm3-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-webhook-service + namespace: capm3-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-metal3 + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-webhook-service + namespace: capm3-system + spec: + ports: + - port: 443 + targetPort: ipam-webhook + selector: + cluster.x-k8s.io/provider: infrastructure-metal3 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: capm3-controller-manager + namespace: capm3-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --enableBMHNameBasedPreallocation=${enableBMHNameBasedPreallocation:=false} + - --diagnostics-address=${CAPM3_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPM3_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: capm3-capm3fasttrack-configmap + image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capm3-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capm3-webhook-service-cert + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: ipam-controller-manager + namespace: capm3-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/metal3-io/ip-address-manager:v1.7.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: ipam-webhook + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: ipam-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-serving-cert + namespace: capm3-system + spec: + dnsNames: + - capm3-webhook-service.capm3-system.svc + - capm3-webhook-service.capm3-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capm3-selfsigned-issuer + secretName: capm3-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-serving-cert + namespace: capm3-system + spec: + dnsNames: + - ipam-webhook-service.capm3-system.svc + - ipam-webhook-service.capm3-system.svc.cluster.local + issuerRef: + kind: Issuer + name: ipam-selfsigned-issuer + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-selfsigned-issuer + namespace: capm3-system + spec: + selfSigned: {} + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-selfsigned-issuer + namespace: capm3-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3remediation.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediations + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3remediationtemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediationtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /mutate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /mutate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /mutate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3remediation.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediations + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3remediationtemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediationtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /validate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /validate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /validate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v1.7.1 + namespace: capm3-system + labels: + provider-components: metal3 diff --git a/charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-bootstrap.yaml b/charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-bootstrap.yaml new file mode 100644 index 00000000..b1d77f24 --- /dev/null +++ b/charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-bootstrap.yaml @@ -0,0 +1,2751 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-system +--- +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2configs.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + kind: RKE2Config + listKind: RKE2ConfigList + plural: rke2configs + singular: rke2config + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2Config is the Schema for the rke2configs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ConfigSpec defines the desired state of RKE2Config. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + type: object + status: + description: RKE2ConfigStatus defines the observed state of RKE2Config. + properties: + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2Config is the Schema for the rke2configs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ConfigSpec defines the desired state of RKE2Config. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + type: object + status: + description: RKE2ConfigStatus defines the observed state of RKE2Config. + properties: + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2configtemplates.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + group: bootstrap.cluster.x-k8s.io + names: + kind: RKE2ConfigTemplate + listKind: RKE2ConfigTemplateList + plural: rke2configtemplates + singular: rke2configtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec details the RKE2ConfigTemplate specification. + properties: + template: + description: "Template references a RKE2ConfigTemplate, which is used + to include an RKE2ConfigSpec struct.\n\tThis is used to include + a desired RKE2ConfigSpec configuration when an RKE2Config resource + is generated by a MachineDeployment resource." + properties: + spec: + description: Spec is the RKE2ConfigSpec that should be used for + the template. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec details the RKE2ConfigTemplate specification. + properties: + template: + description: "Template references a RKE2ConfigTemplate, which is used + to include an RKE2ConfigSpec struct.\n\tThis is used to include + a desired RKE2ConfigSpec configuration when an RKE2Config resource + is generated by a MachineDeployment resource." + properties: + spec: + description: Spec is the RKE2ConfigSpec that should be used for + the template. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-leader-election-role + namespace: rke2-bootstrap-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + - rke2configs/finalizers + - rke2configs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes + - rke2controlplanes/status + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-leader-election-rolebinding + namespace: rke2-bootstrap-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rke2-bootstrap-leader-election-role + subjects: + - kind: ServiceAccount + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rke2-bootstrap-manager-role + subjects: + - kind: ServiceAccount + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-rke2 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-controller-manager + namespace: rke2-bootstrap-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: rke2-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: rke2-bootstrap-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-serving-cert + namespace: rke2-bootstrap-system + spec: + dnsNames: + - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc + - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: rke2-bootstrap-selfsigned-issuer + secretName: rke2-bootstrap-webhook-service-cert + subject: + organizations: + - Rancher by SUSE + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-selfsigned-issuer + namespace: rke2-bootstrap-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: mrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate + failurePolicy: Fail + name: mrke2configtemplate.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: vrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate + failurePolicy: Fail + name: vrke2configtemplate.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configtemplates + sideEffects: None + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 + - major: 0 + minor: 7 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.7.0 + namespace: rke2-bootstrap-system + labels: + provider-components: rke2-bootstrap diff --git a/charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-control-plane.yaml b/charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-control-plane.yaml new file mode 100644 index 00000000..3dc9fcbc --- /dev/null +++ b/charts/rancher-turtles-airgap-resources/0.3.2/templates/airgap-cm-rke2-control-plane.yaml @@ -0,0 +1,4508 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-system +--- +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2controlplanes.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + kind: RKE2ControlPlane + listKind: RKE2ControlPlaneList + plural: rke2controlplanes + singular: rke2controlplane + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ControlPlane is the Schema for the rke2controlplanes API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + default: internal-first + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + type: string + replicas: + description: Replicas is the number of replicas for the Control Plane. + format: int32 + type: integer + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver uses + to advertise to members of the cluster (default: node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines the + audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address (default: + 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom configuration + of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS service. + Should be in your service-cidr range (default: 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name (default: + "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components and + RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an enum field + that can take one of the following values: scheduler, + kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin Components + to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to retain + Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible Object + Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location (optional) + (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + - s3CredentialSecret + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time in cron + spec. eg. every 5 hours ''* */5 * * *'' (default: "0 + */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of etcd snapshots. + Default: etcd-snapshot- (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings for + ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component + command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to + be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for the + Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom configuration + of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to reserve + for services with NodePort visibility (default: "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a Subject + Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + required: + - infrastructureRef + type: object + status: + description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ControlPlane is the Schema for the rke2controlplanes API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + machineTemplate: + description: |- + MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + required: + - infrastructureRef + type: object + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + - control-plane-endpoint + - "" + type: string + replicas: + description: Replicas is the number of replicas for the Control Plane. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver uses + to advertise to members of the cluster (default: node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines the + audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address (default: + 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom configuration + of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS service. + Should be in your service-cidr range (default: 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name (default: + "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components and + RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an enum field + that can take one of the following values: scheduler, + kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin Components + to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to retain + Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible Object + Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location (optional) + (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + - s3CredentialSecret + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time in cron + spec. eg. every 5 hours ''* */5 * * *'' (default: "0 + */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of etcd snapshots. + Default: etcd-snapshot- (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings for + ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component + command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to + be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for the + Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom configuration + of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to reserve + for services with NodePort visibility (default: "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a Subject + Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + version: + description: |- + Version defines the desired Kubernetes version. + This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). + pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ + type: string + required: + - infrastructureRef + - rolloutStrategy + type: object + status: + description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + version: + description: |- + Version represents the minimum Kubernetes version for the control plane machines + in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: RKE2ControlPlaneTemplate + listKind: RKE2ControlPlaneTemplateList + plural: rke2controlplanetemplates + shortNames: + - rke2ct + singular: rke2controlplanetemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneTemplateSpec defines the desired state of + RKE2ControlPlaneTemplate. + type: object + status: + description: RKE2ControlPlaneTemplateStatus defines the observed state + of RKE2ControlPlaneTemplate. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the control plane specification for the template + resource. + properties: + template: + description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate. + properties: + spec: + description: Spec is the specification of the desired behavior + of the control plane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + machineTemplate: + description: |- + MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + required: + - infrastructureRef + type: object + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + - control-plane-endpoint + - "" + type: string + replicas: + description: Replicas is the number of replicas for the Control + Plane. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the + agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver + uses to advertise to members of the cluster (default: + node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines + the audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address + (default: 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom + configuration of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS + service. Should be in your service-cidr range (default: + 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name + (default: "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components + and RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an + enum field that can take one of the following + values: scheduler, kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin + Components to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration + of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to + retain Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible + Object Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: + "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location + (optional) (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + - s3CredentialSecret + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time + in cron spec. eg. every 5 hours ''* */5 * * + *'' (default: "0 */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of + etcd snapshots. Default: etcd-snapshot- + (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings + for ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a + Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment + variables to pass on to a Kubernetes Component + command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one + for the Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom + configuration of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to + reserve for services with NodePort visibility (default: + "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a + Subject Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + version: + description: |- + Version defines the desired Kubernetes version. + This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). + pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ + type: string + required: + - infrastructureRef + - rolloutStrategy + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: Status is the current state of the control plane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + version: + description: |- + Version represents the minimum Kubernetes version for the control plane machines + in the cluster. + type: string + type: object + type: object + served: true + storage: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-leader-election-role + namespace: rke2-control-plane-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + aggregationRule: + clusterRoleSelectors: + - matchLabels: + rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-aggregated-manager-role + rules: [] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: rke2-control-plane-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes/finalizers + verbs: + - update + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-leader-election-rolebinding + namespace: rke2-control-plane-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rke2-control-plane-leader-election-role + subjects: + - kind: ServiceAccount + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rke2-control-plane-aggregated-manager-role + subjects: + - kind: ServiceAccount + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-rke2 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-controller-manager + namespace: rke2-control-plane-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: rke2-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: rke2-control-plane-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-serving-cert + namespace: rke2-control-plane-system + spec: + dnsNames: + - rke2-control-plane-webhook-service.rke2-control-plane-system.svc + - rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: rke2-control-plane-selfsigned-issuer + secretName: rke2-control-plane-webhook-service-cert + subject: + organizations: + - Rancher by SUSE + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-selfsigned-issuer + namespace: rke2-control-plane-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane + failurePolicy: Fail + name: mrke2controlplane.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanes + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate + failurePolicy: Fail + name: mrke2controlplanetemplate.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanetemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane + failurePolicy: Fail + name: vrke2controlplane.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanes + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate + failurePolicy: Fail + name: vrke2controlplanetemplate.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanetemplates + sideEffects: None + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 + - major: 0 + minor: 7 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.7.0 + namespace: rke2-control-plane-system + labels: + provider-components: rke2-control-plane diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/Chart.lock b/charts/rancher-turtles/0.3.2+up0.11.0/Chart.lock new file mode 100644 index 00000000..5be7ba64 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cluster-api-operator + repository: https://kubernetes-sigs.github.io/cluster-api-operator + version: 0.12.0 +digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526 +generated: "2024-08-22T14:23:18.589443298Z" diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/Chart.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/Chart.yaml new file mode 100644 index 00000000..8249c3fd --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension + catalog.cattle.io/kube-version: '>= 1.23.0-0' + catalog.cattle.io/namespace: rancher-turtles-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.9.0-1' + catalog.cattle.io/release-name: rancher-turtles + catalog.cattle.io/scope: management + catalog.cattle.io/type: cluster-tool +apiVersion: v2 +appVersion: 0.11.0 +dependencies: +- condition: cluster-api-operator.enabled + name: cluster-api-operator + repository: file://./charts/cluster-api-operator + version: 0.12.0 +description: Rancher Turtles is an extension to Rancher that brings full Cluster API + integration to Rancher. +home: https://github.com/rancher/turtles/ +icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg +keywords: +- rancher +- cluster-api +- capi +- provisioning +name: rancher-turtles +type: application +version: 0.3.2+up0.11.0 diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/README.md b/charts/rancher-turtles/0.3.2+up0.11.0/README.md new file mode 100644 index 00000000..5d7463e4 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/README.md @@ -0,0 +1,5 @@ +# Rancher Turtles Chart + +This chart installs the Rancher Turtles operator and optionally the Cluster API Operator using Helm. + +Checkout the [documentation](https://turtles.docs.rancher.com) for further information. diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/RELEASE_NOTES.md b/charts/rancher-turtles/0.3.2+up0.11.0/RELEASE_NOTES.md new file mode 100644 index 00000000..9ac04fe3 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/RELEASE_NOTES.md @@ -0,0 +1,6 @@ +## Changes since test/v0.11.0 +--- +## :chart_with_upwards_trend: Overview + + +_Thanks to all our contributors!_ 😊 diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/app-readme.md b/charts/rancher-turtles/0.3.2+up0.11.0/app-readme.md new file mode 100644 index 00000000..cfb4b629 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/app-readme.md @@ -0,0 +1,5 @@ +# Rancher Turtles - The Cluster API Extension for Rancher + +Rancher Turtles brings enhanced integration of Cluster API with Rancher. + +For more information, including a getting started guide, see the [official documentation](https://turtles.docs.rancher.com). diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/.helmignore b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/Chart.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/Chart.yaml new file mode 100644 index 00000000..0ab286cb --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 0.12.0 +description: Cluster API Operator +name: cluster-api-operator +type: application +version: 0.12.0 diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/_helpers.tpl b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/_helpers.tpl new file mode 100644 index 00000000..a4c8b733 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "capi-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "capi-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/addon.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/addon.yaml new file mode 100644 index 00000000..9095368c --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/addon.yaml @@ -0,0 +1,56 @@ +# Addon provider +{{- if .Values.addon }} +{{- $addons := split ";" .Values.addon }} +{{- $addonNamespace := "" }} +{{- $addonName := "" }} +{{- $addonVersion := "" }} +{{- range $addon := $addons }} +{{- $addonArgs := split ":" $addon }} +{{- $addonArgsLen := len $addonArgs }} +{{- if eq $addonArgsLen 3 }} + {{- $addonNamespace = $addonArgs._0 }} + {{- $addonName = $addonArgs._1 }} + {{- $addonVersion = $addonArgs._2 }} +{{- else if eq $addonArgsLen 2 }} + {{- $addonNamespace = print $addonArgs._0 "-addon-system" }} + {{- $addonName = $addonArgs._0 }} + {{- $addonVersion = $addonArgs._1 }} +{{- else if eq $addonArgsLen 1 }} + {{- $addonNamespace = print $addonArgs._0 "-addon-system" }} + {{- $addonName = $addonArgs._0 }} +{{- else }} + {{- fail "addon provider argument should have the following format helm:v1.0.0 or mynamespace:helm:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" + name: {{ $addonNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: AddonProvider +metadata: + name: {{ $addonName }} + namespace: {{ $addonNamespace }} + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- if or $addonVersion $.Values.secretName }} +spec: +{{- end}} +{{- if $addonVersion }} + version: {{ $addonVersion }} +{{- end }} +{{- if $.Values.secretName }} + secretName: {{ $.Values.secretName }} +{{- end }} +{{- if $.Values.secretNamespace }} + secretNamespace: {{ $.Values.secretNamespace }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/bootstrap.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/bootstrap.yaml new file mode 100644 index 00000000..a1634ee8 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/bootstrap.yaml @@ -0,0 +1,55 @@ +# Bootstrap provider +{{- if .Values.bootstrap }} +{{- $bootstraps := split ";" .Values.bootstrap }} +{{- $bootstrapNamespace := "" }} +{{- $bootstrapName := "" }} +{{- $bootstrapVersion := "" }} +{{- range $bootstrap := $bootstraps }} +{{- $bootstrapArgs := split ":" $bootstrap }} +{{- $bootstrapArgsLen := len $bootstrapArgs }} +{{- if eq $bootstrapArgsLen 3 }} + {{- $bootstrapNamespace = $bootstrapArgs._0 }} + {{- $bootstrapName = $bootstrapArgs._1 }} + {{- $bootstrapVersion = $bootstrapArgs._2 }} +{{- else if eq $bootstrapArgsLen 2 }} + {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }} + {{- $bootstrapName = $bootstrapArgs._0 }} + {{- $bootstrapVersion = $bootstrapArgs._1 }} +{{- else if eq $bootstrapArgsLen 1 }} + {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }} + {{- $bootstrapName = $bootstrapArgs._0 }} +{{- else }} + {{- fail "bootstrap provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + name: {{ $bootstrapNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: BootstrapProvider +metadata: + name: {{ $bootstrapName }} + namespace: {{ $bootstrapNamespace }} + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" +{{- if or $bootstrapVersion $.Values.configSecret.name }} +spec: +{{- end}} +{{- if $bootstrapVersion }} + version: {{ $bootstrapVersion }} +{{- end }} +{{- if $.Values.configSecret.name }} + configSecret: + name: {{ $.Values.configSecret.name }} + {{- if $.Values.configSecret.namespace }} + namespace: {{ $.Values.configSecret.namespace }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/control-plane.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/control-plane.yaml new file mode 100644 index 00000000..b7cec76d --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/control-plane.yaml @@ -0,0 +1,55 @@ +# Control plane provider +{{- if .Values.controlPlane }} +{{- $controlPlanes := split ";" .Values.controlPlane }} +{{- $controlPlaneNamespace := "" }} +{{- $controlPlaneName := "" }} +{{- $controlPlaneVersion := "" }} +{{- range $controlPlane := $controlPlanes }} +{{- $controlPlaneArgs := split ":" $controlPlane }} +{{- $controlPlaneArgsLen := len $controlPlaneArgs }} +{{- if eq $controlPlaneArgsLen 3 }} + {{- $controlPlaneNamespace = $controlPlaneArgs._0 }} + {{- $controlPlaneName = $controlPlaneArgs._1 }} + {{- $controlPlaneVersion = $controlPlaneArgs._2 }} +{{- else if eq $controlPlaneArgsLen 2 }} + {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }} + {{- $controlPlaneName = $controlPlaneArgs._0 }} + {{- $controlPlaneVersion = $controlPlaneArgs._1 }} +{{- else if eq $controlPlaneArgsLen 1 }} + {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }} + {{- $controlPlaneName = $controlPlaneArgs._0 }} +{{- else }} + {{- fail "controlplane provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + name: {{ $controlPlaneNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: ControlPlaneProvider +metadata: + name: {{ $controlPlaneName }} + namespace: {{ $controlPlaneNamespace }} + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" +{{- if or $controlPlaneVersion $.Values.configSecret.name }} +spec: +{{- end}} +{{- if $controlPlaneVersion }} + version: {{ $controlPlaneVersion }} +{{- end }} +{{- if $.Values.configSecret.name }} + configSecret: + name: {{ $.Values.configSecret.name }} + {{- if $.Values.configSecret.namespace }} + namespace: {{ $.Values.configSecret.namespace }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core-conditions.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core-conditions.yaml new file mode 100644 index 00000000..7bba5953 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core-conditions.yaml @@ -0,0 +1,31 @@ +{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }} +# Deploy core components if not specified +{{- if not .Values.core }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + name: capi-system +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: CoreProvider +metadata: + name: cluster-api + namespace: capi-system + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" +{{- with .Values.configSecret }} +spec: + configSecret: + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} + diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core.yaml new file mode 100644 index 00000000..013a2ef0 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/core.yaml @@ -0,0 +1,63 @@ +# Core provider +{{- if .Values.core }} +{{- $coreArgs := split ":" .Values.core }} +{{- $coreArgsLen := len $coreArgs }} +{{- $coreVersion := "" }} +{{- $coreNamespace := "" }} +{{- $coreName := "" }} +{{- $coreVersion := "" }} +{{- if eq $coreArgsLen 3 }} + {{- $coreNamespace = $coreArgs._0 }} + {{- $coreName = $coreArgs._1 }} + {{- $coreVersion = $coreArgs._2 }} +{{- else if eq $coreArgsLen 2 }} + {{- $coreNamespace = "capi-system" }} + {{- $coreName = $coreArgs._0 }} + {{- $coreVersion = $coreArgs._1 }} +{{- else if eq $coreArgsLen 1 }} + {{- $coreNamespace = "capi-system" }} + {{- $coreName = $coreArgs._0 }} +{{- else }} + {{- fail "core provider argument should have the following format cluster-api:v1.0.0 or mynamespace:cluster-api:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + name: {{ $coreNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: CoreProvider +metadata: + name: {{ $coreName }} + namespace: {{ $coreNamespace }} + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- if or $coreVersion $.Values.configSecret.name }} +spec: +{{- end}} +{{- if $coreVersion }} + version: {{ $coreVersion }} +{{- end }} +{{- if $.Values.manager }} + manager: +{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }} + featureGates: + {{- range $key, $value := $.Values.manager.featureGates.core }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- if $.Values.configSecret.name }} + configSecret: + name: {{ $.Values.configSecret.name }} + {{- if $.Values.configSecret.namespace }} + namespace: {{ $.Values.configSecret.namespace }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/deployment.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/deployment.yaml new file mode 100644 index 00000000..312693ea --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/deployment.yaml @@ -0,0 +1,146 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "capi-operator.fullname" . }} + namespace: '{{ .Release.Namespace }}' + labels: + app: {{ template "capi-operator.name" . }} + app.kubernetes.io/name: {{ template "capi-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + control-plane: controller-manager + clusterctl.cluster.x-k8s.io/core: capi-operator + {{- with .Values.deploymentLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "capi-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + control-plane: controller-manager + clusterctl.cluster.x-k8s.io/core: capi-operator + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + app: {{ template "capi-operator.name" . }} + app.kubernetes.io/name: {{ template "capi-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + control-plane: controller-manager + clusterctl.cluster.x-k8s.io/core: capi-operator + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: capi-operator-manager + automountServiceAccountToken: true + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: + {{- if .Values.logLevel }} + - --v={{ .Values.logLevel }} + {{- end }} + {{- if .Values.healthAddr }} + - --health-addr={{ .Values.healthAddr }} + {{- end }} + {{- if .Values.metricsBindAddr }} + - --metrics-bind-addr={{ .Values.metricsBindAddr }} + {{- end }} + {{- if .Values.diagnosticsAddress }} + - --diagnostics-address={{ .Values.diagnosticsAddress }} + {{- end }} + {{- if .Values.insecureDiagnostics }} + - --insecure-diagnostics={{ .Values.insecureDiagnostics }} + {{- end }} + {{- with .Values.leaderElection }} + - --leader-elect={{ .enabled }} + {{- if .leaseDuration }} + - --leader-elect-lease-duration={{ .leaseDuration }} + {{- end }} + {{- if .renewDeadline }} + - --leader-elect-renew-deadline={{ .renewDeadline }} + {{- end }} + {{- if .retryPeriod }} + - --leader-elect-retry-period={{ .retryPeriod }} + {{- end }} + {{- end }} + command: + - /manager + {{- with .Values.image.manager }} + image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.image.manager.pullPolicy }} + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }} + name: metrics + protocol: TCP + {{- with .Values.resources.manager }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.env.manager }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.containerSecurityContext.manager }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumeMounts.manager }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + terminationGracePeriodSeconds: 10 + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podDnsPolicy }} + dnsPolicy: {{ . }} + {{- end }} + {{- with .Values.podDnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra-conditions.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra-conditions.yaml new file mode 100644 index 00000000..3c3a8a75 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra-conditions.yaml @@ -0,0 +1,64 @@ +{{- if .Values.infrastructure }} + +# Deploy bootstrap, and infrastructure components if not specified +{{- if not .Values.bootstrap }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" + name: capi-kubeadm-bootstrap-system +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: BootstrapProvider +metadata: + name: kubeadm + namespace: capi-kubeadm-bootstrap-system + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- with .Values.configSecret }} +spec: + configSecret: + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} +{{- end }} +{{- end }} + +{{- if not .Values.controlPlane }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" + name: capi-kubeadm-control-plane-system +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: ControlPlaneProvider +metadata: + name: kubeadm + namespace: capi-kubeadm-control-plane-system + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- with .Values.configSecret }} +spec: + configSecret: + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra.yaml new file mode 100644 index 00000000..842123f5 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/infra.yaml @@ -0,0 +1,84 @@ +{{- define "recursivePrinter" }} +{{- range $key, $value := . }} +{{- if kindIs "map" $value }} + {{ $key }}: + {{- include "recursivePrinter" $value | indent 2 }} +{{- else }} + {{ $key }}: {{ $value }} +{{- end }} +{{- end }} +{{- end }} +# Infrastructure providers +{{- if .Values.infrastructure }} +{{- $infrastructures := split ";" .Values.infrastructure }} +{{- $infrastructureNamespace := "" }} +{{- $infrastructureName := "" }} +{{- $infrastructureVersion := "" }} +{{- range $infrastructure := $infrastructures }} +{{- $infrastructureArgs := split ":" $infrastructure }} +{{- $infrastructureArgsLen := len $infrastructureArgs }} +{{- if eq $infrastructureArgsLen 3 }} + {{- $infrastructureNamespace = $infrastructureArgs._0 }} + {{- $infrastructureName = $infrastructureArgs._1 }} + {{- $infrastructureVersion = $infrastructureArgs._2 }} +{{- else if eq $infrastructureArgsLen 2 }} + {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }} + {{- $infrastructureName = $infrastructureArgs._0 }} + {{- $infrastructureVersion = $infrastructureArgs._1 }} +{{- else if eq $infrastructureArgsLen 1 }} + {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }} + {{- $infrastructureName = $infrastructureArgs._0 }} +{{- else }} + {{- fail "infrastructure provider argument should have the following format aws:v1.0.0 or mynamespace:aws:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" + name: {{ $infrastructureNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: InfrastructureProvider +metadata: + name: {{ $infrastructureName }} + namespace: {{ $infrastructureNamespace }} + annotations: + "helm.sh/hook": "post-install" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} +spec: +{{- end }} +{{- if $infrastructureVersion }} + version: {{ $infrastructureVersion }} +{{- end }} +{{- if $.Values.manager }} + manager: +{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }} +{{- range $key, $value := $.Values.manager.featureGates }} + {{- if eq $key $infrastructureName }} + featureGates: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- if $.Values.configSecret.name }} + configSecret: + name: {{ $.Values.configSecret.name }} + {{- if $.Values.configSecret.namespace }} + namespace: {{ $.Values.configSecret.namespace }} + {{- end }} +{{- end }} +{{- if $.Values.additionalDeployments }} + additionalDeployments: + {{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/operator-components.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/operator-components.yaml new file mode 100644 index 00000000..c5ccd2e7 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/templates/operator-components.yaml @@ -0,0 +1,27887 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: addonproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: AddonProvider + listKind: AddonProviderList + plural: addonproviders + shortNames: + - caap + singular: addonprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: AddonProvider is the Schema for the addonproviders API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AddonProviderSpec defines the desired state of AddonProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: AddonProviderStatus defines the observed state of AddonProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: bootstrapproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: BootstrapProvider + listKind: BootstrapProviderList + plural: bootstrapproviders + shortNames: + - cabp + singular: bootstrapprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + BootstrapProvider is the Schema for the bootstrapproviders API. + + + Deprecated: This type will be removed in one of the next releases. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BootstrapProviderSpec defines the desired state of BootstrapProvider. + properties: + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains the controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: |- + SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. + type: string + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: BootstrapProviderStatus defines the observed state of BootstrapProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: BootstrapProvider is the Schema for the bootstrapproviders API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BootstrapProviderSpec defines the desired state of BootstrapProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: BootstrapProviderStatus defines the observed state of BootstrapProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: controlplaneproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: ControlPlaneProvider + listKind: ControlPlaneProviderList + plural: controlplaneproviders + shortNames: + - cacpp + singular: controlplaneprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ControlPlaneProvider is the Schema for the controlplaneproviders API. + + + Deprecated: This type will be removed in one of the next releases. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. + properties: + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains the controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: |- + SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. + type: string + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: ControlPlaneProviderStatus defines the observed state of + ControlPlaneProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: ControlPlaneProvider is the Schema for the controlplaneproviders + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: ControlPlaneProviderStatus defines the observed state of + ControlPlaneProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: coreproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: CoreProvider + listKind: CoreProviderList + plural: coreproviders + shortNames: + - cacp + singular: coreprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + CoreProvider is the Schema for the coreproviders API. + + + Deprecated: This type will be removed in one of the next releases. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CoreProviderSpec defines the desired state of CoreProvider. + properties: + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains the controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: |- + SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. + type: string + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: CoreProviderStatus defines the observed state of CoreProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: CoreProvider is the Schema for the coreproviders API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CoreProviderSpec defines the desired state of CoreProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: CoreProviderStatus defines the observed state of CoreProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: infrastructureproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: InfrastructureProvider + listKind: InfrastructureProviderList + plural: infrastructureproviders + shortNames: + - caip + singular: infrastructureprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + InfrastructureProvider is the Schema for the infrastructureproviders API. + + + Deprecated: This type will be removed in one of the next releases. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. + properties: + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains the controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: |- + SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. + type: string + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: InfrastructureProviderStatus defines the observed state of + InfrastructureProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: InfrastructureProvider is the Schema for the infrastructureproviders + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: InfrastructureProviderStatus defines the observed state of + InfrastructureProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: ipamproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: IPAMProvider + listKind: IPAMProviderList + plural: ipamproviders + shortNames: + - caipamp + singular: ipamprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: IPAMProvider is the Schema for the IPAMProviders API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPAMProviderSpec defines the desired state of IPAMProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: IPAMProviderStatus defines the observed state of IPAMProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: runtimeextensionproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: RuntimeExtensionProvider + listKind: RuntimeExtensionProviderList + plural: runtimeextensionproviders + shortNames: + - carep + singular: runtimeextensionprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: RuntimeExtensionProvider is the Schema for the RuntimeExtensionProviders + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RuntimeExtensionProviderSpec defines the desired state of + RuntimeExtensionProvider. + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: RuntimeExtensionProviderStatus defines the observed state + of RuntimeExtensionProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-manager + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-leader-election-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-leader-election-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-operator-manager + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-operator-manager-role +subjects: +- kind: ServiceAccount + name: capi-operator-manager + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + clusterctl.cluster.x-k8s.io/core: capi-operator + control-plane: controller-manager +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-serving-cert + namespace: '{{ .Release.Namespace }}' +spec: + dnsNames: + - capi-operator-webhook-service.{{ .Release.Namespace }}.svc + - capi-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-operator-selfsigned-issuer + secretName: capi-operator-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-selfsigned-issuer + namespace: '{{ .Release.Namespace }}' +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-addonprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vaddonprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - addonproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vbootstrapprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - bootstrapproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vcontrolplaneprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - controlplaneproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-coreprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vcoreprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - coreproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vinfrastructureprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - infrastructureproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vipamprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - ipamproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vruntimeextensionprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - runtimeextensionproviders + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-addonprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vaddonprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - addonproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vbootstrapprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - bootstrapproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vcontrolplaneprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - controlplaneproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-coreprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vcoreprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - coreproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vinfrastructureprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - infrastructureproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vipamprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - ipamproviders + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vruntimeextensionprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - runtimeextensionproviders + sideEffects: None diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/values.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/values.yaml new file mode 100644 index 00000000..b5f58efd --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/charts/cluster-api-operator/values.yaml @@ -0,0 +1,69 @@ +--- +# --- +# Cluster API provider options +core: "" +bootstrap: "" +controlPlane: "" +infrastructure: "" +addon: "" +manager.featureGates: {} +# --- +# Common configuration secret options +configSecret: {} +# --- +# CAPI operator deployment options +logLevel: 2 +replicaCount: 1 +leaderElection: + enabled: true +image: + manager: + repository: registry.k8s.io/capi-operator/cluster-api-operator + tag: v0.12.0 + pullPolicy: IfNotPresent +env: + manager: [] +healthAddr: ":8081" +metricsBindAddr: "127.0.0.1:8080" +diagnosticsAddress: "8443" +insecureDiagnostics: false +imagePullSecrets: {} +resources: + manager: + limits: + cpu: 100m + memory: 150Mi + requests: + cpu: 100m + memory: 100Mi +containerSecurityContext: {} +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - key: kubernetes.io/os + operator: In + values: + - linux +tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane +volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capi-operator-webhook-service-cert +volumeMounts: + manager: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/questions.yml b/charts/rancher-turtles/0.3.2+up0.11.0/questions.yml new file mode 100644 index 00000000..eaa73f83 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/questions.yml @@ -0,0 +1,78 @@ +namespace: rancher-turtles-system +questions: +- variable: rancherTurtles.features.default + default: "false" + description: "Customize install settings" + label: Customize install settings + type: boolean + show_subquestion_if: true + group: "Rancher Turtles Extra Settings" + subquestions: + - variable: cluster-api-operator.cert-manager.enabled + default: false + type: boolean + description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually" + label: "Enable Cert Manager" + - variable: rancherTurtles.features.cluster-api-operator.cleanup + default: true + description: "Specify that the CAPI Operator post-delete cleanup job will be performed" + type: boolean + label: Cleanup CAPI Operator installation + group: "CAPI Operator cleanup settings" + show_subquestion_if: true + subquestions: + - variable: rancherTurtles.features.cluster-api-operator.kubectlImage + default: "rancher/kubectl:v1.30.3" + description: "Specify the image to use when cleaning up the Cluster API Operator manifests" + type: string + label: Cleanup Image + group: "CAPI Operator cleanup settings" + - variable: rancherTurtles.features.rancher-webhook.cleanup + default: true + description: "Specify that the Rancher embedded cluster api webhooks should be removed" + type: boolean + label: Cleanup Rancher Embedded CAPI Webhooks + group: "Rancher webhook cleanup settings" + show_subquestion_if: true + subquestions: + - variable: rancherTurtles.features.rancher-webhook.kubectlImage + default: "rancher/kubectl:v1.30.3" + description: "Specify the image to use when cleaning up the webhooks" + type: string + label: Webhook Cleanup Image + group: "Rancher webhook cleanup settings" + - variable: rancherTurtles.features.rancher-kubeconfigs.label + default: false + description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels" + type: boolean + label: Label Rancher Kubeconfigs + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.managementv3-cluster.enabled + default: true + description: "Use v3/management cluster manifest for import, instead of v1/provisioning" + type: boolean + label: Use management v3 cluster manifest + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.managementv3-cluster-migration.enabled + default: false + description: "Automatically migrate between provisioning and management clusters on upgrade" + type: boolean + label: All imported clusters will use new cluster manifest, replacing old cluster manifest. + group: "Rancher Turtles Features Settings" + - variable: cluster-api-operator.cluster-api.rke2.enabled + default: "true" + description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled." + label: "Enable RKE2 Provider" + type: boolean + - variable: rancherTurtles.features.propagate-labels.enabled + default: false + description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher" + type: boolean + label: Propagate CAPI Labels + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.addon-provider-fleet.enabled + default: false + description: "Enable Fleet Addon Provider functionality in Rancher Turtles" + type: boolean + label: Seamless integration with Fleet and CAPI + group: "Rancher Turtles Features Settings" diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/addon-provider-fleet.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/addon-provider-fleet.yaml new file mode 100644 index 00000000..211fcd7e --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/addon-provider-fleet.yaml @@ -0,0 +1,44 @@ +{{- if index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled" }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: fleet + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + type: addon + additionalManifests: + name: fleet-addon-config + namespace: '{{ .Values.rancherTurtles.namespace }}' +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-addon-config + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +data: + manifests: |- + apiVersion: addons.cluster.x-k8s.io/v1alpha1 + kind: FleetAddonConfig + metadata: + name: fleet-addon-config + spec: + clusterClass: + patchResource: true + setOwnerReferences: true + cluster: + patchResource: true + setOwnerReferences: true + selector: + matchLabels: + cluster-api.cattle.io/rancher-auto-import: "true" + namespaceSelector: + matchLabels: + cluster-api.cattle.io/rancher-auto-import: "true" +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/azure-rbac.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/azure-rbac.yaml new file mode 100644 index 00000000..4cd993c7 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/azure-rbac.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: caprke2-azure-aggregated-role + labels: + cluster.x-k8s.io/aggregate-to-capz-manager: "true" +rules: +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + verbs: + - create + - update + - delete + - get + - list + - patch + - watch \ No newline at end of file diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/clusterctl-config.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/clusterctl-config.yaml new file mode 100644 index 00000000..616c4626 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/clusterctl-config.yaml @@ -0,0 +1,34 @@ +{{- if index .Values "cluster-api-operator" "enabled" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: clusterctl-config + namespace: '{{ .Values.rancherTurtles.namespace }}' +data: + clusterctl.yaml: | + providers: + # Cluster API core provider + - name: "cluster-api" + url: "https://github.com/kubernetes-sigs/cluster-api/releases/v1.7.5/core-components.yaml" + type: "CoreProvider" + + # Infrastructure providers + - name: "metal3" + url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.1/infrastructure-components.yaml" + type: "InfrastructureProvider" + + # Bootstrap providers + - name: "rke2" + url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/bootstrap-components.yaml" + type: "BootstrapProvider" + + # ControlPlane providers + - name: "rke2" + url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/control-plane-components.yaml" + type: "ControlPlaneProvider" + + # Addon providers +# - name: "fleet" +# url: "https://github.com/rancher-sandbox/cluster-api-addon-provider-fleet/releases/v0.3.1/addon-components.yaml" +# type: "AddonProvider" +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/core-provider.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/core-provider.yaml new file mode 100644 index 00000000..07337658 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/core-provider.yaml @@ -0,0 +1,82 @@ +{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: cluster-api + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: cluster-api + type: core + version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }} + additionalManifests: + name: capi-additional-rbac-roles + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: capi-additional-rbac-roles + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +data: + manifests: |- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: provisioning-rke-cattle-io + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + rules: + - apiGroups: ["rke.cattle.io"] + resources: ["*"] + verbs: ["*"] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: provisioning-rke-machine-cattle-io + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + rules: + - apiGroups: ["rke-machine.cattle.io"] + resources: ["*"] + verbs: ["*"] +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/deployment.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/deployment.yaml new file mode 100644 index 00000000..c184f54c --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: rancher-turtles-controller-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + {{- if .Values.rancherTurtles.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.rancherTurtles.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - args: + - --leader-elect + - --feature-gates=etcd-snapshot-restore={{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled"}},propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}} + {{- range .Values.rancherTurtles.managerArguments }} + - {{ . }} + {{- end }} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- if (contains "sha256:" .Values.rancherTurtles.imageVersion) }} + image: '{{ .Values.rancherTurtles.image }}@{{ .Values.rancherTurtles.imageVersion }}' + {{- else }} + image: '{{ .Values.rancherTurtles.image }}:{{ .Values.rancherTurtles.imageVersion }}' + {{- end}} + imagePullPolicy: '{{ .Values.rancherTurtles.imagePullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9440 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 9440 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: rancher-turtles-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/metal3-infrastructure.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/metal3-infrastructure.yaml new file mode 100644 index 00000000..e8366d54 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/metal3-infrastructure.yaml @@ -0,0 +1,55 @@ +{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "metal3" "enabled") }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: metal3 + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: metal3 + type: infrastructure +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }} + additionalDeployments: + ipam-controller-manager: + deployment: + containers: + - imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} + name: manager +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/post-delete-job.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/post-delete-job.yaml new file mode 100644 index 00000000..9eedb993 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/post-delete-job.yaml @@ -0,0 +1,166 @@ +{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: post-delete-job + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: post-delete-job-delete-webhooks + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: post-delete-job-webhook-cleanup + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" +subjects: + - kind: ServiceAccount + name: post-delete-job + namespace: rancher-turtles-system +roleRef: + kind: ClusterRole + name: post-delete-job-delete-webhooks + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-mutatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-delete-job + containers: + - name: cluster-api-operator-mutatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - mutatingwebhookconfigurations.admissionregistration.k8s.io + - capi-mutating-webhook-configuration + - capi-kubeadm-bootstrap-mutating-webhook-configuration + - capi-kubeadm-control-plane-mutating-webhook-configuration + - rke2-bootstrap-mutating-webhook-configuration + - rke2-control-plane-mutating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-validatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-delete-job + containers: + - name: cluster-api-operator-validatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - validatingwebhookconfigurations.admissionregistration.k8s.io + - capi-validating-webhook-configuration + - capi-kubeadm-bootstrap-validating-webhook-configuration + - capi-kubeadm-control-plane-validating-webhook-configuration + - rke2-bootstrap-validating-webhook-configuration + - rke2-control-plane-validating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-deployment-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-delete-job + restartPolicy: Never + containers: + - name: delete-capi-controller-manager + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/capi-controller-manager + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + - --ignore-not-found=true + - name: delete-capi-kubeadm-bootstrap-controller-manager + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/capi-kubeadm-bootstrap-controller-manager + - -n + - capi-kubeadm-bootstrap-system + - --ignore-not-found=true + - name: delete-capi-kubeadm-control-plane-controller-manager + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/capi-kubeadm-control-plane-controller-manager + - -n + - capi-kubeadm-control-plane-system + - --ignore-not-found=true + - name: delete-rke2-kubeadm-bootstrap-controller-manager + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/rke2-bootstrap-controller-manager + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} + - --ignore-not-found=true + - name: delete-rke2-control-plane-controller-manager + image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/rke2-control-plane-controller-manager + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} + - --ignore-not-found=true +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/post-upgrade-job.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/post-upgrade-job.yaml new file mode 100644 index 00000000..b0915bcd --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/post-upgrade-job.yaml @@ -0,0 +1,78 @@ +{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: post-upgrade-job + namespace: rancher-turtles-system + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: post-upgrade-job-delete-clusters + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +rules: +- apiGroups: + - provisioning.cattle.io + resources: + - clusters + verbs: + - list + - delete +- apiGroups: + - management.cattle.io + resources: + - clusters + verbs: + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: post-upgrade-job-delete-clusters + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +subjects: + - kind: ServiceAccount + name: post-upgrade-job + namespace: rancher-turtles-system +roleRef: + kind: ClusterRole + name: post-upgrade-job-delete-clusters + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: post-upgrade-delete-clusters + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-upgrade-job + containers: + - name: post-upgrade-delete-clusters + image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + args: + - delete + {{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }} + - clusters.provisioning.cattle.io + {{- else }} + - clusters.management.cattle.io + {{- end }} + - --selector=cluster-api.cattle.io/owned + - -A + - --ignore-not-found=true + - --wait + restartPolicy: OnFailure +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-delete-job.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-delete-job.yaml new file mode 100644 index 00000000..0ba6b5a0 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-delete-job.yaml @@ -0,0 +1,67 @@ +{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pre-delete-job + namespace: rancher-turtles-system + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-2" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pre-delete-job-delete-capiproviders + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-2" +rules: +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders + verbs: + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pre-delete-job-capiprovider-cleanup + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-2" +subjects: + - kind: ServiceAccount + name: pre-delete-job + namespace: rancher-turtles-system +roleRef: + kind: ClusterRole + name: pre-delete-job-delete-capiproviders + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-capiprovider-cleanup + namespace: rancher-turtles-system + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-1" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-delete-job + containers: + - name: rancher-capiprovider-cleanup + image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + args: + - delete + - capiproviders + - -A + - --all + - --cascade=foreground + restartPolicy: Never +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-install-job.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-install-job.yaml new file mode 100644 index 00000000..3253f4c1 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/pre-install-job.yaml @@ -0,0 +1,99 @@ +{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }} +--- +apiVersion: management.cattle.io/v3 +kind: Feature +metadata: + name: embedded-cluster-api + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +spec: + value: false +{{- end }} +{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pre-install-job + namespace: rancher-turtles-system + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pre-install-job-delete-webhooks + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pre-install-job-webhook-cleanup + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +subjects: + - kind: ServiceAccount + name: pre-install-job + namespace: rancher-turtles-system +roleRef: + kind: ClusterRole + name: pre-install-job-delete-webhooks + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-mutatingwebhook-cleanup + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-install-job + containers: + - name: rancher-mutatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + args: + - delete + - mutatingwebhookconfigurations.admissionregistration.k8s.io + - mutating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-validatingwebhook-cleanup + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-install-job + containers: + - name: rancher-validatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + args: + - delete + - validatingwebhookconfigurations.admissionregistration.k8s.io + - validating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-components.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-components.yaml new file mode 100644 index 00000000..77b8e4fc --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-components.yaml @@ -0,0 +1,3338 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + name: capiproviders.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: CAPIProvider + listKind: CAPIProviderList + plural: capiproviders + singular: capiprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .spec.name + name: ProviderName + type: string + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CAPIProvider is the Schema for the CAPI Providers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CAPIProviderSpec defines the desired state of CAPIProvider. + example: + credentials: + rancherCloudCredential: user-credential + name: aws + type: infrastructure + version: v2.3.0 + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + credentials: + description: Credentials is the structure holding the credentials + to use for the provider. Only one credential type could be set at + a time. + example: + rancherCloudCredential: user-credential + maxProperties: 1 + minProperties: 1 + properties: + rancherCloudCredential: + description: RancherCloudCredential is the Rancher Cloud Credential + name + type: string + rancherCloudCredentialNamespaceName: + description: RancherCloudCredentialNamespaceName is the Rancher + Cloud Credential namespace:name reference + type: string + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: rancherCloudCredentialNamespaceName should be in the namespace:name + format. + rule: '!has(self.rancherCloudCredentialNamespaceName) || self.rancherCloudCredentialNamespaceName.matches(''^.+:.+$'')' + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + features: + description: Features is a collection of features to enable. + example: + clusterResourceSet: true + clusterTopology: true + machinePool: true + properties: + clusterResourceSet: + description: ClusterResourceSet if set to true will enable the + cluster resource set feature. + type: boolean + clusterTopology: + description: ClusterTopology if set to true will enable the clusterclass + feature. + type: boolean + machinePool: + description: MachinePool if set to true will enable the machine + pool feature. + type: boolean + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + name: + description: Name is the name of the provider to enable + example: aws + type: string + type: + description: Type is the type of the provider to enable + enum: + - infrastructure + - core + - controlPlane + - bootstrap + - addon + - runtimeextension + - ipam + example: infrastructure + type: string + variables: + additionalProperties: + type: string + description: Variables is a map of environment variables to add to + the content of the ConfigSecret + example: + CLUSTER_TOPOLOGY: "true" + EXP_CLUSTER_RESOURCE_SET: "true" + EXP_MACHINE_POOL: "true" + type: object + version: + description: Version indicates the provider version. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: 'CAPI Provider version should be in the semver format prefixed + with ''v''. Example: v1.9.3' + rule: '!has(self.version) || self.version.matches(r"""^v([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$""")' + - message: Config secret namespace is always equal to the resource namespace + and should not be set. + rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)' + - message: One of fetchConfig url or selector should be set. + rule: '!has(self.fetchConfig) || [has(self.fetchConfig.url), has(self.fetchConfig.selector)].exists_one(e, + e)' + status: + default: {} + description: CAPIProviderStatus defines the observed state of CAPIProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + default: Pending + description: Indicates the provider status + type: string + variables: + additionalProperties: + type: string + default: + CLUSTER_TOPOLOGY: "true" + EXP_CLUSTER_RESOURCE_SET: "true" + EXP_MACHINE_POOL: "true" + description: Variables is a map of environment variables added to + the content of the ConfigSecret + type: object + type: object + type: object + x-kubernetes-validations: + - message: CAPI Provider type should always be set. + rule: has(self.spec.type) + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-leader-election-role + namespace: '{{ .Values.rancherTurtles.namespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rancher-turtles/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rancher-turtles-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + name: rancher-turtles-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - management.cattle.io + resources: + - clusterregistrationtokens + - clusterregistrationtokens/status + verbs: + - get + - list + - watch + - create +- apiGroups: + - management.cattle.io + resources: + - clusters + - clusters/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - provisioning.cattle.io + resources: + - clusters + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders + - capiproviders/status + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - operator.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - get + - list + - watch + - patch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-leader-election-rolebinding + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rancher-turtles-leader-election-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rancher-turtles-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-exp-etcdrestore-components.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-exp-etcdrestore-components.yaml new file mode 100644 index 00000000..7d450652 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rancher-turtles-exp-etcdrestore-components.yaml @@ -0,0 +1,123 @@ +{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: etcdmachinesnapshots.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: EtcdMachineSnapshot + listKind: EtcdMachineSnapshotList + plural: etcdmachinesnapshots + singular: etcdmachinesnapshot + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EtcdMachineSnapshot is the Schema for the EtcdMachineSnapshot + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EtcdMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot. + properties: + foo: + type: string + required: + - foo + type: object + status: + default: {} + description: EtcdMachineSnapshotStatus defines observed state of EtcdMachineSnapshot. + properties: + bar: + type: string + required: + - bar + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: etcdsnapshotrestores.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: EtcdSnapshotRestore + listKind: EtcdSnapshotRestoreList + plural: etcdsnapshotrestores + singular: etcdsnapshotrestore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EtcdSnapshotRestore is the schema for the EtcdSnapshotRestore + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EtcdSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. + properties: + foo: + type: string + required: + - foo + type: object + status: + default: {} + description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. + properties: + bar: + type: string + required: + - bar + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-bootstrap.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-bootstrap.yaml new file mode 100644 index 00000000..69b5f89f --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-bootstrap.yaml @@ -0,0 +1,49 @@ +{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: rke2-bootstrap + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: rke2 + type: bootstrap +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-controlplane.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-controlplane.yaml new file mode 100644 index 00000000..d9c6b0fa --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/templates/rke2-controlplane.yaml @@ -0,0 +1,49 @@ +{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: rke2-control-plane + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: rke2 + type: controlPlane +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }} +{{- end }} +{{- end }} diff --git a/charts/rancher-turtles/0.3.2+up0.11.0/values.yaml b/charts/rancher-turtles/0.3.2+up0.11.0/values.yaml new file mode 100644 index 00000000..e9488995 --- /dev/null +++ b/charts/rancher-turtles/0.3.2+up0.11.0/values.yaml @@ -0,0 +1,90 @@ +rancherTurtles: + image: registry.rancher.com/rancher/rancher/turtles + imageVersion: v0.11.0 + imagePullPolicy: IfNotPresent + namespace: rancher-turtles-system + managerArguments: [] + imagePullSecrets: [] + features: + cluster-api-operator: + cleanup: true + kubectlImage: rancher/kubectl:v1.30.3 + embedded-capi: + disabled: false + rancher-webhook: + cleanup: false + kubectlImage: rancher/kubectl:v1.30.3 + rancher-kubeconfigs: + label: false + managementv3-cluster: + enabled: true + managementv3-cluster-migration: + enabled: false + propagate-labels: + enabled: false + etcd-snapshot-restore: + enabled: false + addon-provider-fleet: + enabled: false +cluster-api-operator: + enabled: true + cert-manager: + enabled: false + image: + manager: + repository: "registry.opensuse.org/isv/suse/edge/clusterapi/containers/images/cluster-api-operator" + tag: 0.12.0 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capi-operator-webhook-service-cert + - name: clusterctl-config + configMap: + name: clusterctl-config + volumeMounts: + manager: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /config + name: clusterctl-config + readOnly: true + cluster-api: + enabled: true + configSecret: + name: "" + defaultName: capi-env-variables + core: + namespace: capi-system + imageUrl: "registry.opensuse.org/isv/suse/edge/clusterapi/containers/images/cluster-api-controller:1.7.5" + fetchConfig: + url: "" + selector: "" + rke2: + enabled: true + version: "" + bootstrap: + namespace: rke2-bootstrap-system + imageUrl: "registry.opensuse.org/isv/suse/edge/clusterapi/containers/images/cluster-api-provider-rke2-bootstrap:0.7.0" + fetchConfig: + url: "" + selector: "" + controlPlane: + namespace: rke2-control-plane-system + imageUrl: "registry.opensuse.org/isv/suse/edge/clusterapi/containers/images/cluster-api-provider-rke2-controlplane:0.7.0" + fetchConfig: + url: "" + selector: "" + metal3: + enabled: true + version: "" + infrastructure: + namespace: capm3-system + imageUrl: "registry.opensuse.org/isv/suse/edge/clusterapi/containers/images/cluster-api-provider-metal3:1.7.1" + fetchConfig: + url: "" + selector: "" + ipam: + namespace: capm3-system + imageUrl: "registry.opensuse.org/isv/suse/edge/clusterapi/containers/images/ip-address-manager:1.7.1" diff --git a/index.html b/index.html index 6c1036e8..cd42f60d 100755 --- a/index.html +++ b/index.html @@ -311,14 +311,14 @@

Charts

- +

rancher-turtles - (0.3.1+up0.11.0@0.11.0) + (0.3.2+up0.11.0@0.11.0) github link @@ -333,14 +333,14 @@

Charts

- +

rancher-turtles-airgap-resources - (0.3.1@0.11.0) + (0.3.2@0.11.0) github link diff --git a/index.yaml b/index.yaml index 15b3b58c..cfe81681 100755 --- a/index.yaml +++ b/index.yaml @@ -1220,6 +1220,40 @@ entries: - assets/metallb/metallb-0.13.10.tgz version: 0.13.10 rancher-turtles: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension + catalog.cattle.io/kube-version: '>= 1.23.0-0' + catalog.cattle.io/namespace: rancher-turtles-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.9.0-1' + catalog.cattle.io/release-name: rancher-turtles + catalog.cattle.io/scope: management + catalog.cattle.io/type: cluster-tool + apiVersion: v2 + appVersion: 0.11.0 + created: "2024-10-01T14:38:02.794383+01:00" + dependencies: + - condition: cluster-api-operator.enabled + name: cluster-api-operator + repository: file://./charts/cluster-api-operator + version: 0.12.0 + description: Rancher Turtles is an extension to Rancher that brings full Cluster + API integration to Rancher. + digest: d505d80aae14791f256f22dc79f5f64c40a2025f4016a590b57c3c01f8577931 + home: https://github.com/rancher/turtles/ + icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg + keywords: + - rancher + - cluster-api + - capi + - provisioning + name: rancher-turtles + type: application + urls: + - assets/rancher-turtles/rancher-turtles-0.3.2+up0.11.0.tgz + version: 0.3.2+up0.11.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension @@ -1357,6 +1391,18 @@ entries: - assets/rancher-turtles/rancher-turtles-0.1.0+up0.9.1.tgz version: 0.1.0+up0.9.1 rancher-turtles-airgap-resources: + - apiVersion: v2 + appVersion: 0.11.0 + created: "2024-10-01T14:38:02.966269+01:00" + description: Rancher Turtles utility chart for airgap scenarios + digest: 5779ec8de3136a411c56d1302e926b37b1b789b632e23c80b79a6bd94716aa8d + home: https://github.com/rancher/turtles/ + icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg + name: rancher-turtles-airgap-resources + type: application + urls: + - assets/rancher-turtles-airgap-resources/rancher-turtles-airgap-resources-0.3.2.tgz + version: 0.3.2 - apiVersion: v2 appVersion: 0.11.0 created: "2024-09-27T17:17:49.465603+01:00"