diff --git a/.obs/common.py b/.obs/common.py index ede08bb..8db978b 100644 --- a/.obs/common.py +++ b/.obs/common.py @@ -1,3 +1,3 @@ -PROJECT = "isv:SUSE:Edge:Factory" +PROJECT = "isv:SUSE:Edge:3.4" REPOSITORY = "https://src.opensuse.org/suse-edge/Factory" -BRANCH = "main" +BRANCH = "3.4" diff --git a/_config b/_config index 1523035..f282a84 100644 --- a/_config +++ b/_config @@ -75,6 +75,8 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image + BuildFlags: excludebuild:nessie-image + BuildFlags: excludebuild:suse-edge-components-versions-image %endif %else # Only a subset of stack is arm64 ready @@ -103,8 +105,22 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:metallb BuildFlags: onlybuild:metallb-controller-image BuildFlags: onlybuild:metallb-speaker-image + BuildFlags: onlybuild:nessie + BuildFlags: onlybuild:nessie-image BuildFlags: onlybuild:nm-configurator + BuildFlags: onlybuild:python-annotated-types + BuildFlags: onlybuild:python-executing + BuildFlags: onlybuild:python-flit-core + BuildFlags: onlybuild:python-inline-snapshot + BuildFlags: onlybuild:python-pydantic + BuildFlags: onlybuild:python-pydantic-core + BuildFlags: onlybuild:python-pyhelm3 + BuildFlags: onlybuild:python-rich + BuildFlags: onlybuild:python-suse-edge-components-versions + BuildFlags: onlybuild:python-typing-inspection + BuildFlags: onlybuild:python-typing_extensions BuildFlags: onlybuild:shim-noarch + BuildFlags: onlybuild:suse-edge-components-versions-image %endif %endif @@ -155,6 +171,8 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image + BuildFlags: excludebuild:nessie-image + BuildFlags: excludebuild:suse-edge-components-versions-image %endif %else diff --git a/edge-image-builder-image/Dockerfile b/edge-image-builder-image/Dockerfile index cad327a..392138b 100644 --- a/edge-image-builder-image/Dockerfile +++ b/edge-image-builder-image/Dockerfile @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0-rc0 -#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0-rc0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0 +#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-base:$SLE_VERSION MAINTAINER SUSE LLC (https://www.suse.com/) @@ -14,11 +14,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image" LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="1.3.0-rc0" +LABEL org.opencontainers.image.version="1.3.0" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.0-rc0-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.0-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/edge-image-builder/0001-eib-elemental-reset-fix.patch b/edge-image-builder/0001-eib-elemental-reset-fix.patch new file mode 100644 index 0000000..69a5aed --- /dev/null +++ b/edge-image-builder/0001-eib-elemental-reset-fix.patch @@ -0,0 +1,24 @@ +From 643bcd634310909d01e1365cf5f3aaac98f25414 Mon Sep 17 00:00:00 2001 +From: Eduardo Minguez +Date: Tue, 11 Nov 2025 17:10:01 +0100 +Subject: [PATCH] Fix #808 + +--- + pkg/combustion/templates/31-elemental-register.sh.tpl | 2 ++ + 1 files changed, 2 insertions(+) + +diff --git a/pkg/combustion/templates/31-elemental-register.sh.tpl b/pkg/combustion/templates/31-elemental-register.sh.tpl +index c1ff4337..91f8b4c2 100644 +--- a/pkg/combustion/templates/31-elemental-register.sh.tpl ++++ b/pkg/combustion/templates/31-elemental-register.sh.tpl +@@ -20,8 +20,10 @@ WantedBy=network-online.target + [Service] + EnvironmentFile=-/etc/sysconfig/proxy + Type=oneshot ++ExecStartPre=/usr/bin/mkdir -p /etc/rancher/elemental/agent + ExecStart=/usr/sbin/elemental-register --debug --config-path /etc/elemental/config.yaml --state-path /etc/elemental/state.yaml --install --no-toolkit + ExecStartPost=/usr/bin/cp /var/lib/elemental/agent/elemental_connection.json /etc/rancher/elemental/agent ++ExecStartPost=/usr/bin/systemctl restart elemental-system-agent.service + Restart=on-failure + RestartSec=10 + EOF diff --git a/edge-image-builder/_service b/edge-image-builder/_service index 6fe39df..0b243a5 100644 --- a/edge-image-builder/_service +++ b/edge-image-builder/_service @@ -3,11 +3,11 @@ https://github.com/suse-edge/edge-image-builder.git git .git - v1.3.0-rc0 + v1.3.0 - 1.3.0~rc0 + - + @PARENT_TAG@ v(\d+).(\d+).(\d+) \1.\2.\3 enable diff --git a/edge-image-builder/edge-image-builder.spec b/edge-image-builder/edge-image-builder.spec index e457b82..9a4dc7a 100644 --- a/edge-image-builder/edge-image-builder.spec +++ b/edge-image-builder/edge-image-builder.spec @@ -17,13 +17,14 @@ Name: edge-image-builder -Version: 1.3.0~rc0 +Version: 1.3.0 Release: 0 Summary: Edge Image Builder License: Apache-2.0 URL: https://github.com/suse-edge/edge-image-builder Source: edge-image-builder-%{version}.tar Source1: vendor.tar.gz +Patch: 0001-eib-elemental-reset-fix.patch BuildRequires: golang(API) go1.24 BuildRequires: golang-packaging BuildRequires: gpgme-devel @@ -52,7 +53,7 @@ Requires: ca-certificates-suse Tool for creating and configuring a set of images to automate the deployment of Edge environments %prep -%autosetup -a1 -n edge-image-builder-%{version} +%autosetup -a1 -n edge-image-builder-%{version} -p1 %build tar -xf %{SOURCE1} diff --git a/ironic-image/Dockerfile b/ironic-image/Dockerfile index b137d4f..671f1f5 100644 --- a/ironic-image/Dockerfile +++ b/ironic-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3 -#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4 +#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="29.0.4.3" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE%" +LABEL org.opencontainers.image.version="29.0.4.4" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-image/ironic-config/apache2-vmedia.conf.j2 b/ironic-image/ironic-config/apache2-vmedia.conf.j2 index 2301717..3abb7c4 100644 --- a/ironic-image/ironic-config/apache2-vmedia.conf.j2 +++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2 @@ -11,6 +11,19 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }} SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }} SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }} + {% if "IRONIC_VMEDIA_TLS_12_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_12_CIPHERS %} + SSLCipherSuite {{ env.IRONIC_VMEDIA_TLS_12_CIPHERS }} + {% endif %} + {% if "IRONIC_VMEDIA_TLS_13_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_13_CIPHERS %} + SSLCipherSuite TLSv1.3 {{ env.IRONIC_VMEDIA_TLS_13_CIPHERS }} + {% endif %} + {% if "IRONIC_VMEDIA_CURVES" in env and env.IRONIC_VMEDIA_CURVES %} + SSLOpenSSLConfCmd Curves {{ env.IRONIC_VMEDIA_CURVES }} + {% endif %} + {% if env.IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER | lower == "true" %} + SSLHonorCipherOrder on + {% endif %} + Options Indexes FollowSymLinks AllowOverride None diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile index 485db0e..08909e2 100644 --- a/ironic-ipa-downloader-image/Dockerfile +++ b/ironic-ipa-downloader-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -18,11 +18,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.9" +LABEL org.opencontainers.image.version="3.0.10" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-ipa-downloader-image/Dockerfile.aarch64 b/ironic-ipa-downloader-image/Dockerfile.aarch64 index 38d7eb7..6f47548 100644 --- a/ironic-ipa-downloader-image/Dockerfile.aarch64 +++ b/ironic-ipa-downloader-image/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -18,11 +18,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.9" +LABEL org.opencontainers.image.version="3.0.10" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-ipa-downloader-image/Dockerfile.x86_64 b/ironic-ipa-downloader-image/Dockerfile.x86_64 index ad94c15..619cbeb 100644 --- a/ironic-ipa-downloader-image/Dockerfile.x86_64 +++ b/ironic-ipa-downloader-image/Dockerfile.x86_64 @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -18,11 +18,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.9" +LABEL org.opencontainers.image.version="3.0.10" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-ipa-ramdisk/config.sh b/ironic-ipa-ramdisk/config.sh index 8d2226f..c188274 100644 --- a/ironic-ipa-ramdisk/config.sh +++ b/ironic-ipa-ramdisk/config.sh @@ -16,7 +16,7 @@ baseSetupBuildDay #========================================== # remove unneded kernel files #------------------------------------------ -suseStripKernel +#suseStripKernel baseStripLocales en_US.utf-8 C.utf8 #====================================== diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi index 9104d46..454b163 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi @@ -28,68 +28,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec index d244cd7..e398255 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec @@ -19,7 +19,7 @@ Name: ironic-ipa-ramdisk -Version: 3.0.7 +Version: 3.0.8 Release: 0 Summary: Kernel and ramdisk image for OpenStack Ironic License: SUSE-EULA diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index b7f9e47..4e44b0a 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.16_up0.12.6 -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.16_up0.12.6-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9 +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9-%RELEASE% apiVersion: v2 -appVersion: 0.12.6 +appVersion: 0.12.9 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -10,7 +10,7 @@ dependencies: - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.11.4 + version: 0.11.6 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -20,9 +20,9 @@ dependencies: condition: global.enable_metal3_media_server name: media repository: file://./charts/media - version: 0.6.6 + version: 0.7.1 description: A Helm chart that installs all of the dependencies needed for Metal3 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.16+up0.12.6" +version: "%%CHART_MAJOR%%.0.19+up0.12.9" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index cf64357..5b8d3a8 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 29.0.4 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.11.4 +version: 0.11.6 diff --git a/metal3-chart/charts/ironic/templates/configmap.yaml b/metal3-chart/charts/ironic/templates/configmap.yaml index f46830b..58912b4 100644 --- a/metal3-chart/charts/ironic/templates/configmap.yaml +++ b/metal3-chart/charts/ironic/templates/configmap.yaml @@ -52,3 +52,6 @@ data: {{- else }} IRONIC_USE_MARIADB: "false" {{- end }} + {{- with .Values.ironicExtraEnv -}} + {{ toYaml . | nindent 2 }} + {{- end -}} \ No newline at end of file diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index 4f0aa74..f5390c7 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -64,11 +64,11 @@ images: ironic: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic pullPolicy: IfNotPresent - tag: 29.0.4.3 + tag: 29.0.4.4 ironicIPADownloader: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader pullPolicy: IfNotPresent - tag: 3.0.9 + tag: 3.0.10 nameOverride: "" fullnameOverride: "" @@ -138,6 +138,8 @@ baremetaloperator: debug: ironicRamdiskSshKey: "" +ironicExtraEnv: {} + tlscerts: cacert: "" key: "" diff --git a/metal3-chart/charts/media/Chart.yaml b/metal3-chart/charts/media/Chart.yaml index 283fa6f..5f74cd3 100644 --- a/metal3-chart/charts/media/Chart.yaml +++ b/metal3-chart/charts/media/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 1.16.0 +appVersion: 1.21.0 description: A Helm chart for Media, used by Metal3 name: media type: application -version: 0.6.6 +version: 0.7.1 diff --git a/metal3-chart/charts/media/templates/deployment.yaml b/metal3-chart/charts/media/templates/deployment.yaml index 9dccd57..f41513a 100644 --- a/metal3-chart/charts/media/templates/deployment.yaml +++ b/metal3-chart/charts/media/templates/deployment.yaml @@ -34,13 +34,9 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} - command: - - /usr/sbin/httpd - args: - - -DFOREGROUND securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/metal3-chart/charts/media/values.yaml b/metal3-chart/charts/media/values.yaml index efa8c21..eff908a 100644 --- a/metal3-chart/charts/media/values.yaml +++ b/metal3-chart/charts/media/values.yaml @@ -22,9 +22,9 @@ global: replicaCount: 1 image: - repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic + repository: registry.suse.com/suse/nginx pullPolicy: IfNotPresent - tag: 29.0.4.2 + tag: 1.21 imagePullSecrets: [] nameOverride: "" @@ -42,8 +42,8 @@ serviceAccount: podAnnotations: {} podSecurityContext: - runAsUser: 10475 - fsGroup: 10475 + runAsUser: 499 + fsGroup: 486 securityContext: allowPrivilegeEscalation: false @@ -102,11 +102,16 @@ volumes: - name: assets persistentVolumeClaim: claimName: media + - name: run + emptyDir: + sizeLimit: 10Mi # volume mounts volumeMounts: - mountPath: /srv/www/htdocs name: assets + - mountPath: /run + name: run # media volume settings mediaVolume: diff --git a/python-suse-edge-components-versions/python-suse-edge-components-versions.spec b/python-suse-edge-components-versions/python-suse-edge-components-versions.spec index 0d83e7f..ea86afd 100644 --- a/python-suse-edge-components-versions/python-suse-edge-components-versions.spec +++ b/python-suse-edge-components-versions/python-suse-edge-components-versions.spec @@ -20,7 +20,7 @@ %endif Name: python-suse-edge-components-versions -Version: 0.1.1 +Version: 0.2.2 Release: 0%{?dist} Summary: A tool to gather and display component versions for SUSE Edge products. License: Apache-2.0 @@ -73,9 +73,9 @@ cd components-versions mv %{buildroot}%{_bindir}/components-versions %{buildroot}%{_bindir}/suse-edge-components-versions %python_clone -a %{buildroot}%{_bindir}/suse-edge-components-versions cd .. -# Move the json files to /usr/share/suse-edge-components-versions instead +# Move the yaml files to /usr/share/suse-edge-components-versions instead mkdir -p %{buildroot}/usr/share/suse-edge-components-versions/ -mv %{buildroot}%{python_sitelib}/components_versions/data/*.json %{buildroot}/usr/share/suse-edge-components-versions/ +mv %{buildroot}%{python_sitelib}/components_versions/data/*.yaml %{buildroot}/usr/share/suse-edge-components-versions/ rmdir %{buildroot}%{python_sitelib}/components_versions/data/ %post @@ -92,7 +92,7 @@ rmdir %{buildroot}%{python_sitelib}/components_versions/data/ %{python_sitelib}/suse_edge_components_versions-%{version}*.dist-info # Include the main executable with its new name. %python_alternative %{_bindir}/suse-edge-components-versions -# Include the json files +# Include the yaml files /usr/share/suse-edge-components-versions/ %changelog diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index c3dd0ed..c04266d 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,10 +1,10 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.7_up0.24.3 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.7_up0.24.3-%RELEASE% apiVersion: v2 -appVersion: 0.21.0 +appVersion: 0.24.3 description: Rancher Turtles utility chart for airgap scenarios home: https://github.com/rancher/turtles/ icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg name: rancher-turtles-airgap-resources type: application -version: "%%CHART_MAJOR%%.0.5+up0.21.0" +version: "%%CHART_MAJOR%%.0.7+up0.24.3" diff --git a/rancher-turtles-airgap-resources-chart/README.md b/rancher-turtles-airgap-resources-chart/README.md index ee1d2d2..d6bda53 100644 --- a/rancher-turtles-airgap-resources-chart/README.md +++ b/rancher-turtles-airgap-resources-chart/README.md @@ -23,6 +23,9 @@ cluster-api-operator: infrastructure: fetchConfig: selector: "{\"matchLabels\": {\"provider-components\": \"metal3\"}}" + ipam: + fetchConfig: + selector: "{\"matchLabels\": {\"provider-components\": \"metal3ipam\"}}" fleet: addon: fetchConfig: diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml index 3f59250..0939b5f 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "capi-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,9 +7,10 @@ metadata: control-plane: controller-manager name: capi-system --- +{{- end }} apiVersion: v1 binaryData: - components: H4sICBlUgmgAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9e3fbyJUoiv/fnwJLmTmWekhKsrs7ac/JyU+x3Rmf2G4v2925Z2xPGyIhCWMSYADSspJfr3W/xv1695Pc/aoHXoUCST2cVK2ZtEwA9di1a9d+73iZ/pwUZZpnD6NPx199TLPZw+hFvEjKZTxNvlokq3gWr+KHX0XRPD5N5iX+FUXT+bpcJcXk8/jj78pJmh8ui/xTOkuKh+rROF6m/GqerYp8Pl7O4yx5qP45hzcWcRafJwW8lcGA8Ag+GZdX8PXiq/F4/FVszQ3+Tj6vkgz/VU5kUD3hRzBkvniVlPm6mCaPk7M0S1fwZmX+cZblqxh/VotIipWaBHaXZv+dTFfjaTw+K/JFZT6H/HdSfEqz8zF+aK8NF3OeZJOP69PkdJ3OZ9zfJw3Yo8nxd5PjTWEo0OHfpvO4LJNyUv/6q3KZTLFjmJMamIYpV0W8Ss6vHkZ/SU4v8vwj/XrJf/MrOJc0yVaP8uwsPVe/wae43mlifqjslHQxlrdqLxH+VPfUvLCMVxcPo0Oe6krNQU/8VfIpTS5l70s1/BgR1Px5CluL/z4v8vXyYQOaAjcFawRBXqTq3+MGmgoi8a+PEMj08zwtV39uPHoGv9Lj5XxdxPP65jDcL/Ji9cJMAYac8gNAofU8LqpfwaNymi8T6/TN4LdPFhDGUTybEV7H85dFmuFs8vl6kekRZkk5LdLlirDuTbpIohnMD/+Jo06TaFok/M/8rLnWKPrvMs9e0t5M1MmZqE+wu3IVL5Zf2Zhwcq42fnWFk4dP+IdZsiwSBDuAblWs+Uf+5tNxPF9exN8wNKYXySJWewwAyE5ePv35wevKz1F1Zf//sYVL9jKitIziCHANiM0qiS4v0ukF7H0WnSbRukxm0SpnECQRn3v8ZZnP83PAjMlXVq+Prem/uYBucXnRZTqfY19Fssg/wccpADJLEJiriyTKgELBo3kS4wHVncGxXgKWa9zjZhE361fXQrEhbPgreBGoXFLSyIIlMCMGJ88IZl3gMko42nrXARj5KdK5Sa3r13CMoRvE2/V8JqcR1zPNz7P0b7rvEoGIgyKIy1VEeAgYGX2K5+tkBAPMaj0v4ivoBseM1pnVH31Q1ufxPC8S6PQsfxhdrFbL8uHh4Xm6UiR/mi8WayDuV4dEe9PT9SovysNZ8imZH5bp+TguphfpCsZaF8khEh9aSEZkf7KY/aaQS6KsDMvIC6QSzqb1gIjCgO1BSsE4yF3xEs0u4E8IuldPXr+J1Ex4p3hTzKsNuKj9QWgCeJKCv8OrivpMstkyh82gfzA9j8r16SJdIRr8FSC9wq2rd/uIrkU6IEs8vLP6C08zeGeRzB8BVt/wXuGulGPcBK/dsi/7+ssMXuuBui47ttamKq/hVXl6KgcO/pUWeCRWSEvk/NvfVCHVTgKwCQfxkpij2rM+bKt/z5hXJIAbCRJ7OKdxNM+ncDYBVuspoka8ii7y+UytYhWn87Kl27O8iIgdQbKisPYRjxXxYPiKteo6argWTZsVw95nydPsrIh5doAEbS/6QAHbc+7wjSL+Nn1UmIHECfHVGpLQt1gQfezoGVcqcI6Ii1WTr14ZdqMr4yxN5kQOyvVyCcwAXhhnNIU8m1/h33RUKz0rHlBfYh0D6F2eRfEp3EU4jEAgOo3xqsNxZGCYQbIi4gPkZZ5O4wZx4ebeMRm265HvPkk3Cln/uqaDVMPaKTH0mkQ6usrP8MNZdHoFnynotS/Pb4nYui5n54rhblYXsaIIsqrGXVttHeSs3gidiDvzn5NzF7A9PeNJ0m1FoAdBa5pUOAU4InDC45n8iAQazg0/G/Et1Dt5bIazALKTwVBwO6az6H+//vHF4Z9yOS7xFO7mkgnrAoYaARIDEwdsh9Dc1/hkAuxbegZX2kR6A7i/vf/eDeco+gFOcvIZeNg5MCpy/vTFqxAwLQUHVc/A9sEiccLLfCYLvqSlrOKP0IEsBS76efqxg4aZtoc3jzXtvyNT/OtetH95AROI9vCfezwdzWrhbwqnzLSImgPgz8/xBPQMSywCXq4HEQAB1p7lVlc0AO4jzC2FjZg1pgnQhTlWYdIzJNzbyefoPnLJBDOA3sGESWN5Bf18xhGnFzmwO0wRYbUXMdCyMofZXCbz+ZiJ+Cy6BKYnP+sZT20hojLsVQzcq4vhrcHH7xA2OcJ6G3b+iGMcRC1ujeuqN0+Ikcy3Q4i9sM7CFhBDXU2RJSDCINBm+bREeE2T5ao8hPu0QA3E4WVefESFDyL7mLGoPCS1wuFv6D+7AhBrS3YMJer09kGFsygPdwEpxQ4Mv5t74fWaCd+0PgbSJFYjiDxt3RKLeMbXSJxd3fKZxf1YFzizq7FSuAIDiH+XKVze8PsuNmCd7pT4/fT08e2j5+FvYFU7OMgdcma1fR6b2Y4X8XLMX8XA7KbT1q8Uh9wO9zECrvVJz3TaZWXV/LZRS1VpXcpagpTB2jb6XaQlLSdbMmvXfp8AR7YG/F6IesQea5EUqLnDrRSOCDC/XObZDG9+/abWjIiK7+pOSGt1OW1TSaxhzWh9ydIX+8g9Xojuf8atOZK4l0XrTAves+hjciV8M5wEGDUv1K7GtnIMmFzUeZ26pECQb1ECRBMR6SJXeT4n7pl6pV0sElgWENQoLk7TVREXVxpVkCmFucTwJkzYMcxf10lxFZ/OuUeRZ04RDxK0guD0L4CZXeSz9OwKkVEojYuq1ShaO0Fbl2hiAkIF1N8AdRtaZFui2toto85zwAggF6JGBUwpCeSsMmakqOn18+I8Rr0yvafsPX9zIc0+GVx4K5M5gOpA7xeMD+gRr+De50dwHeN8RH9CynRj/HPdHtw7Wch2iga8f5tjQM8LnYoevy3ckYJngHLHg2J6KHW2V+h4nAMPRY7/QbkpBc7tKm9uW3FzC0qbG1bY3KSyZmNFjcfhcito/M/VUMXMHVDKeEDHrYzxh85QJczNK2A8gdGjeBkGkcEKlxtXtnhAxVvJ4g+b61Su3GHFigewnQoVfwAPVKTcuBKlFxK97OowxUm30qRdYeIYPu0xUPdvUt3e3GKkV6ztuFQnRfswGZN9S9eWEb9psq+Nq7sWr7OW7pRJfw28QDEnAdbFdL9pfzWio4z6mDJFUVn1miL3tlC+SC39CQabpefIE9SWMd3M3SDIM0GeqbQgzwR5Jsgz3e8HeSbIM0GeaW9BngnyzJcqz+CaAVs3EWTk05orNP8Ktzn8rHn9Ti4dGLwVc9JTNJ1MVVgCfk7TLl1RGx0iUGUKikPZyi35cbKc51fI8nWw354W8kZvvHaMKsKJynMMlpEXIgkhajVxdQIBW0xGUOjUhkb7qQECsegUK3xP6fP62jgCh+ygJbLIcUWSY2aqfZa1PescUou3AI51qdzSP9h+9x+66ISP4y/B3sU2D3Fvoc7giyxfJQQMDCCqLjySWA9mUvX6R85+6Wohdvn5T6/fEHpk6V/XiREOKhFRbA3NOGpJeSE4B5DJSC9WyFSsg6Yae++izn7eM4Iqu4K+Rj0+b3YQhIgQzKxXqZD6igmZFSznHKsBDWVGrgb+DDig3Px81aPoNM9XGOW57HM9HuadZXWsYMYU3/ysoVzRhgjF6u1eXxZWUKLA5rkOsHB34QsibM7YBdOGAkm63lU8g2kDIxtMGwIUbL7RDqbtJu7BNE/3Q9M8YyE6Zuy5q9huMj7CtNuPlDDttlVV1XZL0ROm3UIchWk3HVFh2laxFRb0hh70/ngL0zY945vEYJh2BxRl1TYYxv0RGqZtCuNNojZMu534DdM2AqlHTIdp28B1ozgP024l4sO0wbAdFAVi2qYQvu7IENPusOqv2gZvWW/ciGmbbtMGsSSm3UpUiWkD4ekVaWLa8JgT09zRJ6Z1x6FsMO0+l4tqG4owdX8CW7KtPQvire46iLdBvA3ibRBvg3jrhF4Qb4N4ezfYzyDeSgvirbMF8bbRgngbxNtq26l46069YNpQVNk0HcMgYz6368nO4B5ziNjnlRzBen1grLtpA1F7k9N/c0kUTLuhdAqmXUdiBdOuI8WCaYPoVV/aBdPuNFLeRHoG024kUYNpvikbLHDsNnmDaQNwy/NVnytvbFx8nG9V1aWOVz3m1jevcTS1EpU3n/Zk4PHMhxEXRdxkEzs/bn3Q+JEp2MPoLJ6XPD8ko/F5UvlpfapTUz+M/v7rV19YvneV2l2l5d8ss/t2ydytvbHTuqvfQiL2kIg9JGIPidhDIna7iTj4H0k8X108ukimH9uv4EERD1Zvmj7GStK0H/LkAV52UsCWjTNtQLI+u8+7nll9EX/+KbsgyFw5srJlVz86zLxjOWR4FZw7AinGfjKCv2Rwkl1FZ+sCgF4AJBbJLOV7Dukpbkg8n+eXskkgieZwXe09t1a8Z7QSzMaTYdgx4J7i9veUnBlJV90ce0VTBCAa58WYIWCVqGk29NN/vYqL1XqJPFG+Xu0ixK3ZKwOJxexkJaqaz+liDdcKsnZ4VJonyMV1k+muJKTXhw9ufgEUbUZNPfMCo1LSMrsHsynLfJriReQa4qLI1+eoa/iAxHnyUg7Z08cf+Ix25tzEhgkkDMOarLThTx9vuLmWcWF0V+fE71HwlFuAEWJ4r6z7dEAHsyuEC3PWBFpic6N9oSCkaYg/AUFGhcSBexibEtNg0Gs8J65qV2PIxl33UswwWkenpQfds2s3Hydn8XpOvE10fBQt0my9cgvQT8+iq3wdXablBYWIpSWpgBgFYGhY5EifBebgks9IZtMVG3+PtgqttwjVm97woyHFLRrdtjIENp3suZOwyf3FDjONtCjGgcZ53upnaw60EECZL1nKHDHGnKXzeUJuDUnbnW30KY6xWDLDZWfJpWKqjdK34VnF1+oF/A/qb84q0BG2TkVLrnLHuLE1PWaz5ikGJAKBRUpoCcIow4VCIaFQSFu7C15BoVBIKBRiWigUEgqFhEIhoVBIKBQSCoV0fKUl+0dKJHTwrv4b0NKtiZowuUyE5VBvEM8xg+kXIAi65BrgZkhtFHNKDBJMWGmBWT7U2ORTYPcfU+zG4pRufeS5HEOgIQiVrz++glM4SSZyFFtmzb4sLPmo6Zg5dA7hTKgyDNqA7A14W8YIABPpaCyp/0pM48xZiuvHinVKzoEMD0fZWpQmZhJFf0EpUPGTtibjAt48TZJMJQk5B9mqq2ymDAJc+JrzaaAsloDMyhKgKL2Uscq9+2652Ms7gifSx3QDsj5LsnM0iR73vOrtZrHq0xoO7Q9fvPF1+DkOMJSdr/SjJqunXWpHHxLqsuhz0/j1Ks7Od6L7GaAHp+O1XgCRtzJBVdTfFSV3aeu4HTNAkZOlULotcWHY/95PlbXuAT0FkbREB6tpMiNGBa/AyFbKu07dk/NJtPf2wfhbEPbGLKotkljRfXvpqma6WjrBAdVMLkTajw9w/uhrhv+vCMcDS3utIbYPxM+l2tw/rfVF5odvW7rqVgbFK7StP4z+693bt0fj79//25j/8+79v2yugewr0bXrCsmtHYY6yaFO8kZLxBbUn0H9GdSfQf3ZbEH9qVtQfwb1Z1B/BvWn3YL6M9RJbgTmVdwVUSyx/C9aiyd3jNfi/fimxd+CTqZdiRiZ3CwHTjLlFN0yO8VyQJ8dA9ojhYLOG4qMoaCz3UJB50oLBZ1DQeftCjrDHQ6Afw3nBADZ4WFe2c3qB8o5eXoRZ+cqDoFfUdrRLiV7qU4Ru5PKtx101yWC9tPQ/izy/girXRRtBald0QAWRirP8wTkfLMwWwdRudH7pWu+f2XAGd3DpD0/A+CfxtOPOOqHv/89mqjiFjTWr7+O8bcCEBPux19/7SyBIEPY65ipA5l8nibJrIy+e4BbXMRT6L40M4BjCe8tFnwyv/2d9RI7GsNLjlHPE0q7j4c4o1HVpcBzLtdnZ+lnBNqcbFbRt64lvDHzZ/YAcTItFwqJeKfOckRYUnEU52tHJQ9uX0cfKlD98JDGqSiUxG20fx+xM14adHOiVhnPlzBRmEoB4hODfUSAIDNofgmnf+QHg20tC2hqfQxUUIV5dhon/U5LS3f60Fzkl9E8r575OanFAKuQbiyWKy4Pgq7I9BbZt1lnZ/jfjqEvcgymi8+oUIV5m3nb4iNgGp7QmUxuApuh4w0A0kc8DWQkrvRLpI47Q0f+ZN4prtZ83csETeSd18GLH988echMKbNHctOh1FWksxnQRpCd50JqWC2norneONNj9GAC7UwRpzvbZasvJc2sgHmBrVzk64z9QJjFl+2rb3m5TIgBj2aFrsGBPXdHexFUENgCOxj2aETGRqa4MhC5DwhcqW+hMhRYk13xtObpIhVWy71XL1oWCywgy94siHzA63y6mvNo0Xgsdu0PdxEJfsa4cTikKzgfO8KFli63RInLOCWKTr4i8OATjdDFEnEm1hmNj8KrN6ZItxpZpIctsOUWNjXUsw31bCst1LMN9WxDPdvu9++AMTDUsx0OjFDPtt5CPdtQzzbUs9Wtr1hE/ybV/RxbQrUVazsu1UkxikCdyaWlayu3SzOTS21c3XV3FVSV6WUNvEAxJ3uEi+l+0/5qREcZzWtlipYP1WuK3NtCpahq6S+v6g4JNI1A9A3r7gZ5JsgzlRbkmSDPBHmm+/0gzwR5Jsgz7S3IM0Ge+VLlmSX6qLQxlf27I59WHBbUb4z2FABnnA6ZKW73qbE83BTDTw4zsSO7JrcX+QoW91INrML/ZFgJTMyLGQc+4j8oRrPZVWdUdWeCUBrUSjhJq5e1G4/GdoywwGEjdgUAbcvtEwTEmOzy6/M9eFZXskgA5xz/I9vcfQh3tinVDp98jqeYiy3P6B56bE0QmMgnyntvAZDF8cqkk070hNBXQETLMGNttuHcNt52bn5hcpJmu/1cd66y1y3c6tZx5o1To3HorcjxfXnoyWtOeTcp57k+//Od4xu23jQL2CowRHGxThTwN4bRLkuO5Mvrqr6ZLyu7i1OqpMXzWgo33pUfUZz6EM9mH0bRB3SABB7uA7lxwb8WcPt+oItCu0379D2o5sTSs7LlJtDCvuun4WI7UBHeY+ppuv60+ktM/XzaSNxfWyNexOKujNImubsdYh+HQ0ZHLUSWX/K22+kD6KywV7I4r3JClA9wwJJsJpu5hL3Ff3HSE7/aIV+TOhCQmRHkofjKk7B+FO1Llwc0wDja5/EOmLHgyQ0dRiMg/KDw7yEqH2jQpBzY9yBEJGXMdWEia3oq1QHol01x8UlKaSV+5k7kjx/QFSktjd6TnGdmM/GQJ9B6UhkhK+WEsV6udBiTBlCox2436J4v7jQliuboLzNkLX9JWJkjbrQgCKGnf4ZCWvnpeEIk2lIighDHZBt3d+Q1zmkyjbFr42005hiCC0p2cxEXKFTNTKUGAlzLPLxG08UpJIU/3Byz9VQla81p4yhRz/46o4S2+DfpMA/8wPYqOasInBfr0wkIm5YcNQbxsjysL/fwdJ6fHs6OkqMH8fE39+GP6Wz27TffH3/7/YPk+2+Ok+R49t3pt7Pvj2en8XeHy4/nh9NidvgRyE72CymBJuf5b54dH303fnZ83JdKBltFclJxFON1Rl2Oac2lM9+2aZ8Uhl/rEaUjFI6p3YaW2O73u6+2Tasgrqx8yrioP+UVa5RdGCaeT9dioJMd9a+XeFK95I2e6FNcpBgtpPht4mQnpAg3j3BLT9fpfAXP9K/+gzMWWU7uCYtPCS5Cmd3EGvJ/Tp4/Qxwj2jhokYNrXKqVXPcWq3HUFut/W/sbl0N39GfVi/LP1KfGb0/xtDY29ZpgPaDml3/9ytxVyYtfQba15yXvqfXn3sKmhMkBQrH6RBPsPFMqXa2l0mS7ZzUNydi9of5E0TctTmN15kPMwU7RNWZZyEro5/24NwDr/KqQV2aKn7TPEZ/sdHakf3ila6MNm2f1Y0GfyowxZtfjVBKeoe11pSJLjaaof7nDLlR3LaLeNXtT20rNoiZo7CBnRRJ9Qr3rjW80toajIojDMK1QABPxHs/LvPHEc5j29Gb7M5JYKXaXtU6EujSYPk2eTDgj7Snw1UnsznrJreoaI4rqDTa0tZ/mhnnCqW1bqyNcDzQW9TrDpLK/TvxuH7EX07UnVqMyMn2fYCEWzxkwdNGOBYg2aczHky0cyo6Lqdn35WbgbzulvHKW4Oychj+X5qXftdtgLtZ81Meb1N/3rkcum/wSzsVNIbgeazBq6y+3RmrsKaBzpf0DoLP3y36SyNi6c3texFu655Uqb+chj/Sso38NY9vm5nhLSSmdr3jMp29fbST3sStb/2BX2Yv1Is7GWESMJGP7ucObjp31XEqxXixOMhxw9rQzRaovMdQd8YJ8tEFU846txEb8k366T/bT1Q0ogt4osVWbS2VeygFVL06pgsjC9AFVqR9GESmZL9MyUUkbOgfCoFcuteZa8ln0xAYvKrZLlRq/fZpA1FUE7ua4IS4DW6OGcj3Qdt/M/Naj0921a4PPfQcbMkW/J6WoKp8oO4R3WYHuLgziajhkvSRYO1HA4ZnzMVIj+Kk1vW4zSZ6SDF9u48uuVfJKnGutrFJ13O9U47lGSSrtzqQ8MDuTN7MwhLFUE9WHxiT0WsYpe5qTxbssTdY6YzBzc0Y/c6YnRS9Zl4Ju8fUU9FphXyGu3dnnuFVzxmmkeJRnZ+l5/xb2sAakbt8ITRtf7gpNVce1jHh9C3UiTC8sXP7cDa7by4TWm+egmycb0ygtD5zL6OarNFXbxPmyzhGUNeOCthDjCZoSVq7bAzLEOUqpedTWssqKFZAZczbwZieN8nOe7CAItk+lNp0YDyptk9GLau2lslDnsnpX03+JuhN1+tPBzmSd5PzTb/p52shjR2ZeTd4jTmUJLMRFeo6G4jn6huv8hp39xq2b4ij3+hhrBmHGrdnDWj7MmX7CdR7K6DyXaK5TVGujC47erwwIlG13iF5iKQ5aXfR/PdfAysgG+ZpcKfAGK5X7xjZMkVdKzDtydw5KjdmW7lAntuyRs7uTXjo/tBNimrSXW1+MfVkn78ju3ET2ydb8kwM4ZQ9twK5v5j5y1rsTfSoT3z3SfjEqvrBUQq/tD6De6hPdSEfBNl0dHan7Ifevy4t8rnIss9dmt8IjX46ZRksAaJUpFfcxTp6clEhU2ccJD1vvekeWWew0saIrUyqCZg/g3CKXFYa/99ohcYWzORj5yRNhfKg6vJGdvHz684PXzok1JtdzxGvddizCYl4+pXH0I38UfXrgFoxkj9+YvkjjVK5P0cVKgCNPhJlxdvhn7SIXPXr12EkcfLXlw+nscKtD2xjWka2CWogrxUPjpbfPZJe8eS/jKxUDXnoYXznN2qNYQoHFsw0pBPpRYnE1j8olpqOTtmVgDOB6tQb5CtNOYxqD9JOUUzRv+Y5gMVxrtK28FD/In9gN8gehEEB/GFvhgij7/VqVTytwb+uCpidCoOh08Wpf5iWldeib6Y7cNAFcPzpKXXEbjGbYaQWvVOo+dXZJ66Yl4Pgca5GuKGmgOotwMgmypaLTHvEl2P7Z9i+7uob9w0432D9StRbRAhnhsI+D9lH07rveSZVQU4Than5NT57ANEPGhYKrTJ/saH5TkOq1m7W9OsR+1gsIghzlDPUDnbdhOMnWvc7yQ3EA+1QIoIo9s/ux3PA3jAeeZvWdxSH4GtglX8wg8Ms3ojFQ/+KMTAPwY0dr1WzP8/hzurgGTKr135T21ANYu355B+xhmoH8jqGmhZTc9TtwPr5tZk1pdr0w4/5bYCYPvhyYcSHZXUOKe5WjZAQ79TtTz0kkV7/8zAJJep7lTr2Caj9QIICigqawkOpsycrRMgFI7AtdlNQgldiyMfyLDmmhM35dJvcwfRol/0C7M+xjdu6qa8zNGRPWNShHhQFTtYK/MebLPDGczKEsanLerZVWrRebBPq7uueGR4J7IBB1ap0v0eNwqqhBbKcDEIF9bWuL+PPT69hS1a+25sSfVX0Na1s3Yl222V8hgEhjv/vG60wINe4D4jNa2zVAkTvuAKPSq+8QjH704trgeH0qtErnFjzpCjclExLMHmVrzzh7qP4u863Xi21H6rNrg/Z18E0Lw0naEOZT3+BtBqAuOsbV+Vik0vG8TEYNkwULSgBqrqmIwbmUkzEb4eDJX9dU2059J1K1dLvxXJDc9k4FTxg5uJk5bTiL3bOS14RpaXY9l4z0q3ENTuc/7iWTZtd0yaiOO8D4j3bJpNk1XjJ25xY8/3kvmesRzhdG9LYhvONLxgzid8mcY51Fn2uGO954NsOuGXtWG87jS7loQIDaNaaR+32fQQVfahhVKlaUIHjWWp4lu7d/Uacb2L+SashBsH/576PUoN31Tkq3isAXcPQ/q1yqdYaEN3Xhly/ophVm/jGXg0HU5glSUZ3dMAehOvLz7WjzBQmnq9Z888wMxZ0Wtz8+XC34Izk3+jwAVdsRMnkaGwdE7vqaE+m9HcNbrZ1CRvDvwabbn23DL+zIQ13Wg1Y00oWNhU8aKd4XWDIxDe2Mpq2z9K/r5FpEeqvrqsGNbQQsGUkWTgkA5E9uSrj3N7ZVSADsyjgvxgzcXQOte6QmL6QLpqb9AfgJZ9SrilSxNug9FWcKLZGgJX2xXPWHw2uIq7Sq6A+Mv8VYeiSdSwEbdGbCoOekWKTADvRnC4LNNOXHLWbO/Ch8BeBtb2fHB35OWtTGA6SU2ieeaQfuH/j5/Enf/lPfaPKDp09fTCaT6G9JkStns+s5a13X7XWeuo4xGcNLFeCprlepqyTsq2dKCFNJABmRmjO87sx4TOP5Ojuj5BsyrGZs5lf93BCwa8mS6KN411v8JufQbLryxkXVld7DjV61DffacGjD9rerE3nrlMLt0N2gX+Y8s9nEYk0xhwXSq0yH3j15BuBEFOkN/sY2j7PzdXzee6V5skiVdf+sp/pqrX3nTiW4UD3yOMy4TvcyvZcxNC+NR1W1zuV7J/jRg2CSWDzb2Yq5N5Y6lvxktS6oDhYGhopmTSHCGdYe9E1Z83SluRmspDeHLkD6UPnyL6J9zCPOYhPzPirk7SCiyCcdEz7Pp1aKeqAAnXhuwp8rx1Ty4p5RoCi7xsEh0KTLd0HJBPgDAosFEhhg+rHkTCA6HxLcx1StJ4k+nOX5B66bKFrxDzDp1fN4+WFkQE97MlUJRCilcx59mMibE+zDF+hn9T2TCa4uczr6JW8K5ctmJtPMtuybkvBOwoBgdw8ZKjzXZ/CD90SB2ueJZAJhzyf2hAIOPykAhpSwfQCuSSea19KFDWDe3XtvXKQmmBWb33orhR4u9MwAnUyQzft9R90hHY9PD6er+SEm+UGEPzwgV8yFKl/knfDQBgjxkHRa0grs/OoqYEOnM146xe5J0DUX2hPxJJ4DEOMinmI+zhEF5354e08eYamwe+8/WGDVBAQ7HHSYyFO3clYmD775lw8YbZfEhbAUhBUfNH75HRt89e096RCm6zWrgbzfAu4EuAquNSUbD1Gn1+rnWVou5/GVotYNSk0hZuplO2G4OHvSdan23nNKVCHotEjij7X+tdFAVdm03/QnX5TSflRZJsx8DxeEhVhhxg+jv+PEf90bhGt75jL66dUzvndwkItc6VmVaDnBn/auEWOeaH7iBnDHDAb9TOfAzSJfVGNrSI6uJIJqufkxAaraEvqAMKrKLuBPiFSDOIXXKaZrac4XOlMZuuP6DEZoEWxJZe6n6VYN8O00B0RQy0JGoTkPlADk/HHZVVziiFNnNN9W4bccuXk2jAXFJmcX5tbsHP67nq+EMhbrDHPwR0lR5MWob8tQ6SCFJDwnEmuv8OZEmOJfYt4dOrEd863glFKlaLWetnrQaSQNFteAHNlKGc/Zcty9usgs4iM71QMe2jbKGGxX3BgEgo0PJlUR4erDCCaMXVFFFqwEcGI1Atz790gX8ZmlZ3YFYTIr4ZEk0uQ7oyd+wSaq7X3WnP2c5oxGePTi3N/7N96y/TKZn03gp4N/2zu4FlIKO1v6008OZ4vIhkKpo55mhArXSH55gqrud0ncP+U2NUFeLdgoXzXIq1BkSthUMLHl8uTA6zDB0GpQW2r3RQC8x02wgIlE4OmIbn6vAb69kf0jcJan6WyWZNWfXwnTUf318Xo5x2pTifctjikRVNpAFTooFX9aZubb6wkctrM1JfeOZzNryZpdmKLKiIvvTOcp8WAEf9xGLmSn1c+UfUgiQlQ/JjHkinxWiKY05us3XZ+APG7jDXHd/k7v5+Av1ZYP/lBjxbWQjLUviauc+D1iaGocuMU79WdaM00nuZRrkbAKeLHJu6zoqMl0nufn8+RwmszHyJy+y9705K4zjdh7tP471ClJpzbFl7lu17lMaKLRB7wIPuhbzLPPdt0brOQ0X2d6Ibwszy65xMu77Kkl+VRAY0zDPbXm7WaUfMx+8SWOtvSKZvmsN+GgaZZ9mhkMTv6D0HuXYZYRAumEnvkqW+JspnR8hMRTXbqGtEMAAOoY2JB90/nBBwKXN/fVD9RW/bpn/6wtJBXaQdXhjx3yl+8ySgaiN8AXLxRE30Iff06u3n8YkZpOGEnMq1+D1ZCOuU/KlU7ngKtSzLWv7CDMaFkkjYLHBHiLImfvkLN1Nh1ygMs1WmBKwSuY3f5kMpHNb9lWX3zItVGbjwZgMRUpqFRojbbcs/S9giny7VcWGN5lGg47QGP4OwbReaTomSJF/sBggoWdaFIkXHf58F025kEHQ5j9rM/kkJUPo7+/o+vq3d7D6N0ebSjcIcs8Q8i/vfeXdHaerO69nyyLNC9SD6M2t/8ZHR+92/u1Nk+egQpfFTurd4r65kzZD4QwkP4cyRn/X7/37PIo+h//Q77BGR8ddM15kFzJZT1b5kvVWMu/AGHbv4dX6D0e710mHlue/VPKQ2VqJQMj15BGWV8KDSHC+1hmfa9XVh1bZAQGBSryLjO3bcnWVu8LezpfzwSVdUw03Th2VjytSMGVenYNp1quEOW6SleJDzjgjPlKaz/yENalreszqR+vZAL+QGaHs3d7SiRAfvXd3iQ6af7o36ll79b28hgBj5z0ibJ4DeBhslzcVICO7hDJRB2PTjQyN+XjZCArMdI7AaseRDEcOMoAqt+ejUynZ6sN6tuxTO1dRuU1NSZxGRHtyFMsog9v4/HfTsb/+ctkfPhe/j4af0///Nqbz6vcpoD+Jw1+VI3tyidYbSALxUg5oeO8mElq16oDkjgIXHiKipFM0rhTGLpDFOTeL7/ck3F90Q3mBF+RoRUoPXQGXVBXE92TvDPLV/zMs+d740YPcXmhuj+0H/r2+Msv5dz08bK6M6yLF+f9hUflQdWYE3z15PWTVz8/eYx5SS9hw2R6MvW/y6+/wthDlEPyGWuCAJ9XEZwFOtt7I/iLQongT88e3+1l6/mcP00z/m9c8n9JZ8t/Ag9erob0ikx7mqlJJTwnnF5eyB/CEw7pND2Dt9WS0wVqxrizeaL+yPPlkB6X8fRjfC5zo01HpTf/kzV+cEtU+EPfriNhdoQIwNGMqwd/Vh1xc2btl190N7/8Ev2viPlDIMFDdBPOaX4e40/bzPGzOqrY0bXMsUhmcE5hmG2mqTqpEK+Znu8A6eUD9vwBiMbHhExn6ob5kM9nryuKGLh6/S9cQPp5Ok2RHsXvsg+rIs7KVOuYUVJ8l/3xSillfc9B18RKY/xQ7rMsddE4b/Tgvnp4uptO9fT4kuQSrWxCgXX89PLxyZsn3pp9UruXKof+u6z8mC6XbO1DjYfietk3wZsNI3XzGYqVk2swmfhGXSAXhTDrfW1A6S//qmIVBhRFyzFIuGPM9dpfldhj1s3ueWowSI97Zl9FANWGO9z61Qhgg6idE5p4/IrTrUfs7Rb1BPp6H+Lw6JmLX7++QTZibgNNBJuY+m4oV79qG+fsV2147n7VBhX768/lr9qd3t2byfWv2qY5/1UbTJN7X/V4re9mGdezqXe81zPURsV7xvqz1oedqocNi/5IGdNNSv7Ip5b3Ol4G/CscVXQh4EyewFZw7ZY2hHjKKQuB85gj+oiZDz/ndKjVykG6oiFZptvAUJ+CMJSdM3BfAs2Sxe0443dQm73x2pVGWp5jhRp5gWu0dpzbTiBgiyNJzW9Do/1EOiMYfElQe7HoiPRxJTvE2dUpWRHYPsvannUOSZ4qqIJJZpwukjl0u1DQh20qNUz76hcPIc/UGXwBdxj51qj4U2vh2mVPdEyyfrd4Qs4c5Bj9/KfXb0wkpmG2bHgIic+40pEqjewcoFG4SvCObDlZfA7Ab+z91jUDxbvocb6IU/9icz1bUOlUMa/Kj2nGv7JtlpZj6pJMxQ8m7Qnefa4zIABwPrIZFTv8wR64JLaKWCgU5+yd9grKtmLvRWbj7cTigQV5vyDJVAXLWA0gmzd5o6qOqeMCnbQf3K13UID4H0k8X108QkO09zY2P7WKrz1vPHTvucolPXyZvuLBIv78U3ZB87nq4wK94kGHBYIOigAdylCeZFfR2bqgIJoiWSSzVOdhIE2ECh1GPQKgPnqm7z234LFnDhOzh+RA1Dvsnqogvaf5fulwUMaHarh3f54HJMKv0Ua6Xr5JF0m+voY8RvURVGwqilXJqpKskVylEYEH4jw2JNM5FVEqzKGBq0HAyOFf1aKhL/AKSsvsHsypLPNpGvsEe68uinx9jgTvw2sMRXjJ7qPF08cfVLBabx+or5+tJfqJ0gGIZ76u2Yc+AXFhXMI4mxZxTT7qIaF/99AN/ayItbBLLpFXCCkW6Ajk5SpeLKN9Uo1JmED8CSg4yjT9CalhsDxbFfk8ejmPs4SGhL7jOUhUsx2PJNt6M8syg2l9D92Llf779/oxKzUJ4Y+PMGccxvF5JWG7ytdwJZcXUouZlEyMJjANWPZInyC+GJPPWgsMXxztLPGGRQjfCEu7+8wwjSFYVDA12MkvxKbJir3u7Vw8vMmVk7JKVHBHnhZe57Z+RudAd1FBvWT1yIjx7CzFqr3sVdWkZeS5VqD415/zgDmxkhSLl8pwflbkC87pokBlWFtC9gv4H5Qqzirw0p54TBs9jKGxNVWWyOYpSjdAxqlcHfSo2OSTl093qn7UFUh99EwVbKMyAJJkX5Ys4PGK/xiksRoUFL6JcuvpGU++EKt+HC3TZJpUMyVJ6VX5EdaZFonO00MEY4A7lXjDqxBBCdCnqPDDP+WC/RIKAyRwRT6DI+2jCItEXc5rfDIBeSk9A0I5kd5gV97ef++nBMUoWCmQMlIRPrJeQxNSDseJdP9GClzmutoiLYhqj+eyoDXGRn/09DXfo5BDs4S/o/T56160z24yZK3d40npwDy76qaZHCfDKdJz4HI93avI9+ITgPgA7QuYFiO3OqRh0tLKflGfLMAbZlqFj9fAHMx8X7MmAM8Dye9RXkFvn4kEXuQgwDNrDCunmPUyx6DlZD4fK+enyxgopJ+FVG2tWHOBcRyYVG7gAf4Iy7yus/tn6HsTCgRytYpAr8QbTKSyCNw7izXwWFeHRJ0xNDsvysMZGoIOy/R8HBdA4VcJXW9Y6mMM7yEKkdPgYvYb0jOOcek+vjuD4OkqS2u3TeD5wjpTW8OzJTEAQAkDicpD1Cx8SpPLQ9RVwarHeGjG4sF7SF4Vh7+h/1wH+Mhj4zphSAPcFUBSMOnhruGoHHM35SE8oflapROpjYe0kNX4HG9t31eLeMYXWpx5pHXFds3UAHeLAgunV2Nh98bAP45JnAbGAn7f9fas02sjuj89fXxXUPvwN7DOHZOIAebDimYIfTTEKLbKF+nU+a3WmjxSAvU1JFxsDGEiw42BSNgn9QbxTzNYUAFidL/cB/wZZxJkawOJbKwiQgOKmgHnyLBGQQ0cnKpTleis3/F5np+n03ge/fgKTjZGQfHxbllBStoElgzVpMxMegbaJPOW17H5qbEbdjRlzJoyS7uinNGZk+bAMdKJgGDoMZzhVslMpjRhkyj6i0oDwO57ZkiMvz9NTNKvc5BDffzLUEJZl5LGJsJqbawwkclGEsbSgyE+GoYBbhE8KT/hw9TfiI79BIZhHhcrP73vZn17pLTldr2rHOJYx3vj8aIvurO5ol+tvHtfPY2/r+KsPwnSNVpK6EBLWuCzVgNJxQBS2vaP3nmkpZL56c7HpeIoez9VVr8HVJ58boGqTZMZMWN4hUe28ab/nD/BNEVvH4y/BaF6zMLwIonVzWSDQZlSFRgIJqgc7EfC/ZjiZ9HjDP9fka0HljVDw3AfyHC/Mnv/tNYjGa6+bemwT4Unafej/3r39u3R+Pv3/zbm/7x7/y+70TZ7nQMgF69Q4/86wRtiZy4LqtaJwdWSB6D7Q5UByJJL2EplIlfaVFabObs/FTuFG81se8FRtK/616Z5cz9pawYemTJH3VbZ5zVO0gjMwY0zt29ytwq1PLjfiy59hmPgJmAur1cF+vo5bdYVdKl+pgyX0wsgKMr5hl9R58JNjkuVhIvNSNLDIF8SXz5jdU1mGm1wUP4JFSuE5HrBw3KeZJTd0YBJaxwaC/bW7Ul+GVErUn4xOhZnsDOn8fQjJRf8+9+jiXJ+o2F//XWMvzV80SYrwdQX1ltwf8zyBfyr05GqMh17+TPlgoopjBMgGt89qCRpVLOlPDPpYsHG3W9/Z73Elkp4qXfs84QyaaHzakZjCxMu8y/XZ2cppaKUimrf9i/njVkLrmKRIKKn5cIkSKqGFMbF+drhIWi3r6MPlT358JBGqyjJB3gEqS55sdDZiVp3PF/CpCUdp8phhqAhXh8u4jkmLhsCFRzHjToti2miuPog2ld0kvT06ueJ+JY2hyrfvieQHezImut1v6Iw9BgYMjLH9gsIQ6hIS9eamFzklyBKC8mwLI+c+G2FyLliX0o0u9JbJJnqeksCd+cEMHUkpihfSWJU5SpCqrniIxf35iFIJj0xnhqwu0c8GXTxv9Ivka0EL0K0Bfvf7sdHir/4h3CAo50t4vRaMMbqVxc0yVfx3KpuSN5DGhXq6APHLSP3wxl2xUDCnt2gJ0cdiUpT9SuioxEx/QxPGY7UB7IvNIKQZHJ4AkmJJjdPF6nEofjs+IuWhatkguIE8EFSGPOY0XgsUqk7HP0LQqif8zlQ88fJCoa4Brxq6X5L9LqMU85djRonePCJRnDLVSvKaDmjWSSziT/WSeca8aSHrTHvzqNGOZSV78EFhri+rVX3iqOlTNrAGE0Tk5zccprusaiT507W5/N1+5D3FS4sNcc1uoGpIybBxmpHcsunCZY6WIPBqdaQ07C70bnodTbIfDpdF3j1KxFmnp4l06vpXDN5gC9w5mNAFwH162S10xDMRfz5afbDPD2/8FLPepfeGV53Z3DRnU0sd9ZyjY2HmcIFEjK43874qYUler8uMCN9Fglh5Nj0FJPde439ynaTQ00dd1eqeAWzwyYtOenQJCUrTIkjc0Z8SL0GzeezpLCRJ9pfl1y0UAXGCP7hTYP03KDpAWryyHNZ9ItEongRvot+ka9gT59mIqzPo33kYxGpE77ybDgfjNrUj6ROnF/GV35JYCSpGXkGy9Iw4xoGo1xm9iEk1awajWmnnxHXwiGhn5LlKI5AIIZhTXm6GCt8TWGpXsVisKkkzFYq9bRUA9w/+tdRHVcsLoFlllIrX+F1X58oJjbkVkfXUDqNfeFhZ+StKemJJZAIc+BTjEaZ0uaxVl6N1q9hxsY1VDjJJlWSMZBAJ2qKnepTcKm2VVjDAGsK7g50+tNydg3aslfcebSm3hEbzlLUFRbxopxw9VDKVz/H8ITe3hoXulJMvkFz7O/VaLyUXd5DjLovc0CF3ngffn848bfHqCgXl/wTKU8BI7u0K1GKRCs9u5KISqMloLOK9AUpjXfhgXrdy2jvFWmYRtHei+QyKVeYK/tHIOC+dSjIsp3lhp/HFN6Y4WQk55vZ/cc2HLBWuiEmUmvBYzTfJNTjiBfl9Sov2+tVhstuHV+IP3i9LvyquXzpvNAbKyqqxXJqB0djgPxsjZVX4lO4Nr2z1aobpdm99wkxQgomkj0tQRpdaUvvfvL5YfTtQf2m9b301PTMvYT9HR/9a68ilBsJUjg7ydpzhIZoMvYasxlK1X69ndQWR33Pp2vW+5Mqxloi3px4iTLt9xuhohjcATvyQLEjKH3aLInCGmC7/DzQ18uIrBXIWYoNm03t1duNc61KIIDWUJAWxWsYg4eYnQmFNJy53v5ZTjvJtpXo+AGxTwpLPOULQe/oR7L+zy3kIsd18i/6KKE7TbB5DaJBi2AT94gREORSCZIIF9IstRzrYp1lvmEasaXdsaRU2YzUMJo1UA065VtyYRIqrA9coNzVtBYWKWps4XUT4Y2OzlAivDnZRIZtO0JPvMIAEl/xu9glAUZCsxUBJuEYevxt+0H2oc5e4zAFF/JYIb6xCrEd7Wg1mjKyOZl5e2HQkXI2Ly5DRD1lZvsCajuJlvfMigs6pX4BHVEnvWU/rY5tuktSr49j5mDXEMnvYtToEyzdQ5tryVEVKZWu+R8zFnr8PBSUoAQQHyTw+shE42qXvW+rmd+gZd7HsWfIzq0qwdZYeGYecWi0csdnS0M1W5X6ih3jdFR8D2vf5fhTGmdzHsw7kRM3X13GaZ6v0I6w3DXq645NCAPSBvNzM05bbH5eAr1OKmbgrGDz3JO4DFH3YJmja2KOoGsV1S9lTmvh/bW6Cn5qdLKIc3C/Fczf/+Ewp/2hMenYdhmXjm0g/zq4aPmmlfRuI04d212JVcd2d+LVsd1qzDq2W4tbx3Y7sevYdhC/TtAbetB949ixbXrGN49nx3anYtqxDYaxb2w7tk1hvHmMO7bbjHPHthFIvePdsW0D1y3i3rHdYuw7tsGw3SAGHtumEL6ZWHhsX0Q8PLbBW+YZF49t023aOD4e2y3GyGPbJPzUNxn6NvHy/hGmmOy6j5nwnnY1j9muhdpalrSKZFt7FsRb3XUQb4N4G8TbIN4G8dYJvSDeBvH2brCfQbyVFsRbZwvibaMF8TaIt9W2U/H2uur5dVbzUyUnhV9smqvRW6FSL6Ur3L8f5U5W6O0nMaVpWZnUIinOVUYHZlbtqgX6TZMFXCUR2KGU/E9b/k/q1Kh0GkLsWUxYALN86ulLlaxQYk8+Y1qYWOozVkoJOssEVkoAeg2oywRyaTqWHE+lxFLxSaWeWeSz9OyKQh6ZTm2UHLOdMK5hoPE5EDy4dwzId03JQtXC3VQtVPsPM5Ei5pHKwVZy8B/FftmhuHNgeTxP3IwKoaVT32iCoQjGWLBb3PJ81ecyHBvnH+dbVUWq49WdFHmkkmydT3vKafTOoC8t4dDCwa75DqsSLPf1S6TBOyhnSP20FzJcwqMvroQhrsezeCGtb2fVC7+wyoWVTf7CSxfinu+2aOHOwF/tVXHp6qRVyxeWNv+Na7I4n3gl2VBW+T9uFUN9dl2je+SNHuSj7E49eweTcy4NZjjH+KfP0OmFTv90uTn7iOU/UFZOoqE3mY+TYBsycVZayMTZNU4X0nTn4CSEHph9kxj8kHfzZvJu0gb90yXf9LpoQ9rNkHbzplEpJNz8h0i4uTuk+AeIOGWFXUewaZtKK0SbVt1xrfu6VNoRT9kIW3DPbWnBPbdnxsE9N7jnBvfc4J4rLbjnBvdcdwvuucE9N7jn6hbcc4N7brWF6NNm6xF3g3gbxNuuFsTbIN4G8TaIt5UWxFtqQbwN4m0QbxstiLdBvO1qQbztaP/M0ac+8meIJtUtRJOGaNIQTRqiSUM0aYgm9Z/vkGjSzol3PEDN2Lo2p8oJt0P+XtPLlTCO/FQILqnYFHdpf1Q9Et3XMjo7px13cGVG5kU9E1XmduhssHVGn1XBoAbVY5JeB4fTennt+UjqXqceW9eSJe/CjvogfSwMrGf1pohBMlFe89tG3D7DAjHCpyUG0NFKj6LqIsFfgjuk1IQL8MKleGf1m76ndRkgqsk6pyvajEZRUuj3SnEzMXngYiDPxyy/zKhoUaZdSrmMMnXYOTi+hTvCKmHpnZijKcoqyEd0zVzFkmG9FfKidtILxx0K4k4ZdxeH9N2gk+hivQDMwxA84n+kX9R60v2FtamAr0qB/4pP0eWXQKS3r2eHGELM+UUYVtHJZvcuGGZYdisefNf7hkRV7MlYwhSe3CvpBFirQ53vI5As54/i0uHCj52WSmOBiIELnl7keUmIhJiMemtEuZWBCmqNrdDJ6Hwdw8ArLPcHfdwcYEvgoot01RmK6Ata1Y+J2kK7zGfkg9IV30YIIE3dXvE2THNU25QsBSKPUiKsdMohZOOsgl+do9PBBwIiKYsUAYd9XPOI+CServCM5gXKgq7oGdzR12o9DGsVwk4pCzJVeoxvsN//EM+7EaR/B1ruzA74C4k0hhVG3RHRT/j1TbEGaNJ0RtFPGVG4jeflKpvlixUqmYChxvaZInMOHsV8IuauyTRfHHqcuecYejDRvU5oHKvullaw4Y4XeVnq+7Mk61d0omKVR9HpGivpTWMMGzXipGELOidhZIyz9RzEhCSJJhTtw9tkpofl5KlQ+Gk6R5Si4DKsjw2Hg66jdLHMC8DeTv1Zz2a52Ndxy8Xe+hrPuvURDt/ywMnWdrO0iq36k8TnttH1CoI1P9B5EjBIYqUjffNMv9syXSmobQSyJrStYO/vvulYUnuI96fjU7go7/esRN6Kzot8vSy5EB8GtyKNEclVxeqCBI65FwpWO6StK8LDZHGj90pFIbT+6+fjP9KA4i3QXLGbK3Rx0Y3FddIBi8XW4Sg2vy/6JZvnVevRlLyLq8X2Z6RzNn+JBjyiAz/HRYqnvHzF9RxfJWdiSyh/Wr7JH0Ono+glHv3ZtplnDEuv3XcU64S8BlLoGNmElZDvbrJiL5lfBmxHxuKV0LBtcsf4c/mNFfZoZ5o9m1N6TXIAts1kgYHCwDZMPzZfxh+blwKtRwDANmTvNN+PHlXXJRNgo90SxhUZRORdZa2uDxfx52cUOv8wenD/t9/9blvw+VxBpg2BZMtdVaN5E62ptq4tO/JTcPUy5uq6p3FJBbb7QPsDcVPIBE/ZEto6UKppKjCxx/eZ/aFpNbiWt5/fT9qv3u9HtbnCb4gJWBC1r5QoXU1ok0FSKOafFpKX6LV4Jmdpua9NW3A6nYfRUS/m9GVwcUui2IagS6HEILkyyO3wvIgXsCwQJ0GQylZ4+xf28VsNEmPdWPOyyGfracJ6ay3G1u9SPLGSFg1kOtg5q8wtSFYSOVzKdJSE6s4PRjlHRD6maOMa+z5UMsb2RvVjZ8ayBI5+StOQsKXQtlPKxmaRqOOj+z3IqN90vCaZfB5G//X2ZPyf8fhv7/flj6Px97+MHr7/2vrn+4M//Mu2RNEtiGLbWBh1ArxHUMXWV894HO3hcHvuV2gu7ndkLtuCsq/kdAWQ1yUkV6/N4++8cG3/LWMUINtY/vpa/XTwh/13E+fzg68P4SULT9+/HRsknbz/+uAP1rODLVG232rjJfryq8LmdD5ngtv5uFN65scdEjS2XuMQ7OJTEkOijgRku7cedU53J8YjkJaVXNYnL6v3qglIm1YkJegRI9Uyc7xVlB+uujN3Ysjpnom27OhVsPNaK1zj5TKJC51uwNDWuGea/VKf5AtyuaNUlmS9X4W6/YDyj+iFddGgnlSMnpB8rMdVMHWQjTq0t4GsH3y5ofjqdpAY5ulA4rDyaRdlSZGepzrg41MFzzw4PeFslH7pQ5rNAZYfaCvNOVOHpJpclVO0yrlRzv3olI6uD45P+hZZHTotp+jnp5QBcfRYftFqHO34hc5BWdmfcMbTG8XP/23YDnb6vhHo+o6Oak8bvizxbGa550TszwaAvEjPkZWeo3eq9pnq6b16Bn7Wc+r57DFKtOhGM3tos8uYOko/If4efjnPJY6H0o0u8k8GUzLYRSsUyg0Kfw+8Qf53mzo6DXJzGu7kNMjvrs3jSfvKeQzm8qbz+Nz2tzO+dP1fDnAv8nVcu6O7eZMOay3uaprE7nBPdujwNRSiOuLTXI9p7U6k6AB+q2/NL/IVLISUFuyUrIPYdG+UIf7yIhcH0dXFunRq8Lmt8uWYibHE7tXuyXJ6kSxicksBlgYpppiBYqc3mw0BFeUnV7oJgUtJf2IP47GZp3BnJLFL9uW+Buwlf1Bx8ZKfalzMrmg/vJedvHz684PXHlNtTNfrMNeG6FicxYd+SuPoR/4o+vTAYwSFGW9Mj8SIl+tTKZlgjUUUI3UnfOb2Zy25RY9ePfYgBsOimjd3Gd4sAKVtvBrHbLZDSC2Fx+KVuc9EGK/I+WV8pcKFy94EuKpxJsNHsUR9imsI0iHU5qTlwChN7u6kbUloMFmv1vF8jj7xmK84/cRFFCLz1rBxLJ5tjbU7Xoqju2i/fhA6BLSOcRyujtKtwzNNuVIAG7guaKoUSa1tB8gkLPOyTL14BGwVnYPyyR+vea5jJppAwYu1z/UIYPzRKynBxmiJA1TwUGXTVPRggRUYBCiAf+eo+F+RL4A62XDOCe5aaiXdTthj3z3Orq55j3GADfaYNOPo0VEkYa93s9eSyPY6d1vlyhU5vpo6dxAfY5q5PuTmUAl9yd52K3A0oBkOS+sflg/BWPsQWM89AaT8XoYBdmDwUZ9ZybTNMAf7r5f04bwiwo/cIvZ4lMkxbaeo5ldYxzQxe22wUfKlaFDUv7SRehjYdwoDzcg9jz+TZ8J1YmFtrKbcrB4ATPTLO2OExaGCfOCpmtGQo9wvkzZXKb4eNwJRKdPUhKg8+JIhKs411whHHkGOpxGR1e/iraGM8vIzi23peZZ7aHdU+4HsVYoGl+slOlyzLZC6BLpA/iEJQGhfqLJkgYiXqbE2jOFfdPALnYDrMrlXJJZTFbkPuutZmWZlnbhYn5Jl31CZrqEPT+f56SGwjCv4e/nx/NA8MbzZoSxtct5nBFCtF+98vGdUG3gTD7iNNkM1GsA6p6Jr44xKG7DcDjAFBn7ITai9G65x89UY2hQXf1almCwE2IIN2x4TfD0ZTfNzVzTNOANdL6R5kA5QKxvIzkE9hDbdCKxvRglaGciCOTEfprpMgumLbP0nXIdL67tseF65nSpAb2RHrpsrXBgu2t4FpjANnm3wEXh6Fj2pc/J4a3C0X938xWImbEdK/NU8v+QEjOifWUTJX9eUWEV9J5oM6XbLGa3I8bNnQnhep8gumZltNZfrYppvADPT7PovQBlD4yac+H++C1D7XV8vpGsXYBXU/ywXYJrd0AVoD2TBPFyAtba4frXIwig97F24lgvQDOV3AZ5TkWyPK5A73nJOw65Ae25bzebLvQRBCL1OzEQZt9dchy81THYVG10Q6j2F+jxLrtcCSwNsYIFNPsd05CRGKVhgt99rFTt0jbstQ6iLpQCi8lm599cZKt54Ssp3K7zVQMXn0MoRGwKwzUOqogK9Rd5Hdefn89TmIxXOqudZ9U0uzG0zXGtxz+Wj2oJvZMrx9dRVbafIN8gMPjgL9zBDd1/UqGmb7YyCDyVskKDTTdwPfrZdGGAHlR/4iFc6EgiNFP83Uhw/sJ1ifrwWWrrO0r+uk2tXpljDVA2/bGNiWZIVKnQXoVs/fXIbapWhRt8KuYH9G+fFmDfgOkHaPWqTx9O1w1PfZO9JSkkGqkJorM3LT8XVSMttKjHJwGMFt1V+KYFP9FuMlWHSuVQpQpdBLCCTFIsU2Bnf+jew7Wc59kyJpw3ban4U7ghw3rPL44MhLpLUxoMlutqHg8ox3T8Y4qcr4wxd0haL2nBZ9N1kMon+lhS5cgS9/lPcxTTc1HnuGJ/PC+W4oawm8qsU3xJm3rvkAjaRCCQSrRZuo7s00RV4Zs/OMJO3GlyzbfMrX44P2NNkSdRZongsXhvJTJtLP07RDtbxDtRRbSt8MBzpJjjQ1ZW8depd4SeuukRKrqQ1RvleFkghMx1R/OSZ92YgspFbzjzOztfxueelO4gNrMDjZz35V2vt6Xoqcf/qkTeBwPW3LH/zhQ2XMLENLvaHbdM6MpUB69myWE5b8pPVushUNQbRkyrEOcOEZP7lZ7A9XWn+DKtVzKEjkNew4h+Pt59OkolUsyBuToXkHkQUY6mrl8xzk9eWOInOM6K9uaqHXmpanKEOOGdXVTgamigOW1YyAZ6GQGSBB4aZfiQmNTZZnoBvoKJGSfThLM8/cMo8sY98wMSaz+Plh5HZBtqfqcqrhDwpzPbDRN6cYB/DNuCsvosyzdVlTsSh5A2ienrMQps5l30TE65P2CXs7iHDhmf8DH4YOF24U/KEZXjxIGQSBtJNUmC2LqwVOBgHpSvNKy51TrjcgRPG4XCCWS35rbeIvAQMNT9AMxP2937fUWpJV9Oih9PV/PC/yzzDg3B4QC7TC1VmYtgKX9jAIU6YzlJagaO/8M8N3TkZDJSMgi9+nUSNEDyeY5rGIp4Cbwy4gkqZD2/vySOs4Xbv/QcLxJrUYIcbHDjywK+cp8mDb/7lg51+RC68Dxr7/I4Wvvr2nnQIkx4wt414VI/UkvW2DeVX6SVrdF/9PEvL5Ty+UlS/QfEpSNZKX6m1T+KITZeywoxBE8PsKNFpkcQfa6NoY5EqFmu/OZQArjPY7FFlybCKPVwc1jSG2T+M/o6L+HVvA6zcMxfcT6+embTAF7nSkSsRe4I/uXKj1ds2uPVEczM3jGVmYMzAPQc+HPm0GoNFeoYEdQyYXdpkA6hgHtbiVhumEsnWGRT8CdFvA97kdYp1DZuzhi4p4JtSEtTmMUK7Mm24mjxXCB5ivVANMPM0B2RRS+Qsj/XZoBwjp5brC+NyJYtu822VpoAj1s82YY+xybmHGTaHgP+u5yuhtjpXUFHkxahvE1E1w7kw/SsTY4t1zEdzOnyjXGKZZDrnHbOu4FotK+7IWLjo9JJGkMt9jmw11qA5c8YRdV1a5Ev2rgdUtJHxvMy5SBoDbRggtjy8F3GpinEjyCSNeom8gMknFYu1EHDy3zmBFsJulp7ZJbTJnIjHlgjasHk9GRKYptreZy11zGn+6PSBXtL7e//GW7lfJvOzCfx08G97B9dOkvvz2dabCrmNyFL2M+pin2aELjdEzCX3rak0ogqGmIDTFuyVrxrEWuUgjrEkAJPumNgIrCxAxEYrnW0txTBUeXNhhwiZ+COelFhR9hoA3RvZPwLXe5rOZklW/fmVsDzVXx+vuQZdMpBvwHQ0yJgjV6JCnQFEyD+3zG9Y3ydwUM/WmMJKyhuo5Ws2hbKpw4PTq2g6T4kbpB3BjeXUx1r9j1eSaBR1Pybr74p8qogqNWY9ZNL+IcLcxludCvtrvdsbfq/QYsPPNf5cOwFaDyOhFcqxRwxWTXYwvNwg7GQpUnEp6lImXAQOcfIuA1FxGK1vie47z/PzeXI4TeZjZLvfZW96E0lVGwk06JPiUEEN69FLWzWQv9DqbFpg9AGvtA+WM2Q2eJY1Jh0gcJqvMw0ABsegHomMwASfWpJiBbDaTWEYGiGbZpSuUvqHmBX0+rAeDepW9FiW3wQzVZzkDaH6LvuUxoP6pG2ZUD8fiJ6KtpUO0zSRpHSDuiQNHmaHT+PoA7Bp+2aIgw8a2FtivPEfYe1si41l0Ais6SXF50HVAZcDeZbvsv6kbNVmbTiBAsHwFnr6c3L1/sOIVKzCgC+Abg0DMed9qECae8ZzxSfNL/GjNV0gespHvrZsaynDjlfKkvWCKnAxeq2zKZOWco2WulIwEEbfn0wmgiCDSU0rgogrCt0H8wSBvNF5Y21lFQzWjqaD9HFc9IAlpysLMO8yDZmdQQD+jucxyL1Mewd12SSu2JUmmCL3lA/fZcMYd5qmPccFJ8aUesoPo7+/owv93d6we/bdHqER3K/LPMOdfnvvL+nsPFndez9ZFmlOhfz+56Auj4/e7f0K62vOWVktxWtggFUNm1mhmjX7UdEZoD9HDOdBvf6v30dH0f/4H0K3/ifM/uigOf9haJXbvrXQ7cOWuZeruFiVfwEivH8PmYh7POq7rL+OQrNRJmNTcx1o2RTEgnxh1e4besF5+SF4+xFxQ+nIogVYq+HJs3eZ4U1K9i0YduKy6Xw94yNl8l3QbWxliR1Gagq7gj3QG7kylbM7XZ0+AJoMPeY/8kCWIwTIcAWnI5Ufr2QaQ8kSO4++21OCH0oc7/Ym0Yn14zA0pw5YIaB9P7TvSIwbAnLRMClXWXUJwlkuzmBATn2gPWgoMRSh2xrNE+HAN5aBOLk2DOtV5xxtB/cGIDEMm57X1lxb/zTfZT9mjqqxbU3jJ9oBS+NsVyyiD1jn5GT8n79Mxofv5W8qawL//HogG1DhJ+CAnTTkA5nB4G5BOo7xrtKVbtUlrh0Gh+na2CGHtGI0R+OwZCjeYEbg3i+/3JOZkgYX/s0lfGHOSQkPkQzem9wbZvGq9DfLV6qfsT3W0HnO4vJCdXRYn3Q5108H9fuyimVscZLQJDLLsVVqGHP15PWTVz8/eYz5xS9h62WqMtO/y6+/wmyHqy7lY9ZTwrlaIc9FVGdvBH9RCCb8OZBpy9bzOXeQZvzfuOT/kjWC/8RaYKvhfaNwlWZqggnPD6eaF/KHcNzDu07P4BsFBC7dy13OE/VHni+H97uMpx/jc5knIQaaefifrK2Gm67CfQ8bIBJmUAgPUIa4Smxm1XG3ZWx/+UV39ssv0f+KmKO+hjl/HuNP20/4szrt2N11TrhIZnDWYbTt56y6qpDPYZy+WigpZz5g/x+ACH1MyNSsbsAP+Xz2erAgaRR+qs411YMHKhe/yz6YGoWDryTUFLzL/nilTBSj6iT1wEP5S21GVA78LD3TaG82n26J/LeyptDlT6UGZmySzLPop5ePT948GWgFIxMVa1agz3dZ+TFdLtm2jhoyJTsMUy6RAUWKHp6hEmByzSbIYTFpVIpt7b2xA2qM2B/4RmwNr61WbwNWM6T2WtvXfkWOVNvU8d+v7BG7Lth1L0haqjj/e+dg2KJEkt8Yw12oB9Ug0h9tXEGB20bmt80N8Tdao0i1LWsVqbZpzSLVBtMV/xpGqn1h2HCTNY5U267WkWob3hGeH3i/7HcPjuv1Z5xvew3eP/CYCvI5Hhd9vgbjPn2fx0z7rmarPuWjPDsDTrMzp0xXwUv1XSV2nUtUY8qcnHKMOCyBUrya+sBj0CyZiSLB3IpGc7mb90d54ddeayQ3ebmRVf1Gn9DvHiLiQp2xvfrW5ziRlgdOVOhCgtaPGj+yMtxKl4BXEDq7W7+sT7W9QS1LKmNHf//1q/F4/JUpWfgwqqRonkjK6E/HX31MMxjnERkwXkl/ppDpVzYv1uAVpkDsgY3MYGIFdpdmuIDxNB5TlVGglct0XF4B77Q45L9hWbBBY/yQe8izVZGjQ9v4PMkmyDeertP5jPv7pCb/6Why/N0Ei5Dbl9OUS0JOgN/k5YijXfFQPcJU1F8J9qnfNNCS1SnWqs/OywlcYQiVeodf4enCsWCaai6yGwVeA1cPo78kpxd5/pF+veS/1WawXxie1NSKSScQTCuHQaaHAJIuxvJW7SVSUVTAar2AETAPo0OeqkItM/FXyac0uRR00Agzjj4dW3+ewm7jv8+LfL18GHWBRWYjuyAXovr3uAb8KBIU418Vjr1OVn9k8NM7KCb82f0expfQu8v5uojnrg3lTYK/1vO4cLz4VcQWx4fRCwVevBo+WVAaW6VCrdPHe/bpOJ4vL2KulVYtOtdZ4K2bc+lcucSYoe+DjoVovlyasAlZMGoz4LjkABHgYyrVUhuVUUmPoHzKrPqnViQ/lUEtEspAb7Et7UKHRXsq9M/NuCHEJF29Xa5ONgRztVhV+cgWJg512qmsM0XQa0o8r10v5ZygNS0/R+5upg2OylUNPd1XZD4vUDoTo3dTDFjEV9ANWY3WmdWfGMxrbz9X4WkPbbc7RZGn+WKxBtp7dUikEaO08qI8nKEkeFim5+O4gP1fJSS7YD79MS0kY5+Mxew3Gslbbp3G9Ugnc8D24AmVEn+Wwd3sAnu+Jqjif6Ot4bxTYlYzHpBd+4PQBPAkUvuEKiyTFSebLXPYDEFwpK14By7SVWlUTKtG0N8jurWInV9ihrWGU+3TDN5ZJPNHgNU3vFdUBWeMm+C1W+16kQ4uRF1dHVvbSWtew3eVswefcZakFQbq5HWfn86OqrDs1kwomt1kzSoTVq9VS723UUEufZqkhfHHaHKNnXH0lUFbSPHHJFmWhBMUSWSK4bUfPD1eZmpYW722sbN9Spxpo5cXvtx1+6dt/HZzqt0SkQQqKFWxkM/8MoMzrG4i6fa0DTesrvpUAQ2O17lc449TQRrzs87GOGC5F3GnyN6TnKEVtRRewbV0KWp9YuJZDamm6hCeaQ3mlm9FM2Yb2LtG742jz9qudTMmfRnM/BSSgjkD6vUqXEv5ti7i6UfOGaAvHYOQPZoPFVajlkzi827KEAOq9CSmGKbGwv7UYaW/KzhyryQFsiSMqemwZskUCy03YDS9iLPz/qh2jGPfOwF4Xv2YTZO9NkpGwblKMBrpTFVZPs6XHOLGlZLouUlQEE8pJJPn4QP2XkVhk6mptwrU7+H7dSI+iV7r0Ce6n8mhoAdIr5NpoS4gFvuex8uyxzmkP25nLB33vKRH3AUM53G5OuHj8ybtvly4VcBZ+zICrAOGR2moVLRxP1nDdglog/3VrxYlkDo/V7mgkekbY3ztLuDi0mNxa2qzaqil70uVWaVduVQflYRTlvBa6LtPJklTViA63h4WPsrYPgI8prPleNyheLOnuYUm1q0UbOeVbkcNSH5LVT2g9ZNbEUgbYZloSJ59lM/Xi0xrbCpIS8d2tpbkLiUF+E8xSlEkbLciJ4owHQulZIom2uKlvse+YW4LRaRYjXJyruDKEJipaL5+1cs3QfUSVC9B9RJUL0H1ElQvQfUSVC8ecwuqF9OC6iWoXoLqpasF1UtQvQTVS9c0g+rlH1j1orQsyiVoMyXLtnoVa+P6NCzqvaATCTqRoBMJOpGgEwk6kaATCToRuwWdSNCJBJ2I66OgE+luQSdiRg06kfZpfqE6EX3HtvNu/feC9bmDf+PjJlyX7EeblITtRb7CcDdTA3kBhCwGkYayh7Ji4n7zw05sCYF3dyfwLkTcqT9vNuKOHrpC7Txi7PqD676641F1ikBxHxTvbF3j9lJRARh8t4KeMugpg56yQ0/Zq6DsVbN1KyWEIr2mlCF5sQlf9gyvbUk6grUI4f9lPlIsTv2L5YD27PH8udLXpKUmeFysKFHlia03/HSLqrIpp5K0GUVmN0R5wPwf5WVbrFftaSDcqh0awNRl6lD/VMBZ/6SqtJtX4Sq8+6LthKr2hqQu8x4l4Th58bhL3eFU3/lqak4cMxWSpJ5Ui20xFcaqXh+TqxHnbsuk6Ke87BDG5lwljDNyWvl1umDjo5iDnlyybgUiOKrc8rx+/EGrV/WSRQJxi5/OOqJewqmCmvf0e1RvehesejK0T/dKqQ8M+HqRLiU3eqKKVzs2gBvViNbdM4Y+zUYoi+F/nnxOVR6/x3lSwq/0y9bw4antCjqSyYkzfXGSaZPvSaCgSvpqSMLbcKPBH7xUN0aowhuldK+qQmV5NqaaeK39C/TgHzbwNhxKhuHa8KpQLaDDHJltdCHgjJ4iNqVTtyomKc4TFGemF6699Kg97qm38kte2JVHEAC66FxRnyJojOek85naL6cCx6Hj6VvY4CXRLfTMkZFtSPa13t3xO2bWnPgKkeoYmLp5RNj6KyBTihzGicojZT8TTaPVTedASxwAdxQ+xRtL6k5ynRQcs35Lj6LLi7zka0ezDXvwrz3KvNoxkH1M955i2Tqx2lYPn74cKRvqHj3bmwy+2D00dB0PK+iD+Tsd2OOwTfpYJcV6cGgsB5ISP4mnF20KQAWb40jV4LYMm1SB01Kbo6S80iL31gbxV8mZlQnNmJQ2sWe77DWbWmoUNDuJnaeNxmWd6bHL9FtkeqnDsCRuHnYGo2LrBMxmFgYP28JWCeM67AS7zRRnKT3dJ1hbMVVeaPVvPnZkc1UcAdpM8Q+HLwpquSgBNJ1bbWUdIIu1o+nY9NUBg5bdaN+HcV009hLtWUc/SLhn3wdbvM9PpVDNLuT7POPLu49Gmxf1XKRIq5lGu2fEppT1kRpRD0gaQly70Rlqaf3k5VO3EZUvWGJTeMabUGa0vZrc5i5DsK+48AytuVR7m7Rjes0m4TtmfUZVGupzxROGeJAc82t2M8t0VEyR10tVrJqy3/MJNKMppwcWGphKovKNasRIpet1qZSENF3ssHNwfAt3hI+q9E63O1WtdaXR9LVS994VUgp7e/XFxXoRc1ldSkOqq6AD8LCSKOUuXVHx4/g0X7N8b7avZ4eUYfHKiFSbLthdntp3vcxKUv1nbZZQeHJPvA/M6qimV5cSttqpcEdTQgxc8PQiRz65kTXWJvFY0gTNelilJzpfxzDwKoF/kFXEE7CiRd4OuGXyKcHaeNuCV/VjleTOsDwQFXuAOyUGIeIsNRVqX/FWTPNZMopKtm/AdVqQFC+1vNm3CW7DZJbCqXGUceLSFyslWmgKnq7WPCIp2aYrUxJp3gky3tXXaj0M7+c/vX6DwCaND4ooRHf4Evv9Dxi1sPkOtFyeHfA3DoMV9B0pm9ibAu1BNJ2RKiG38bzohS2xgmx4MDFDke1zhVud4nHMJwlXtKH6yB7n7nmcXUUT3euExtECZcLHC+7PDHe8yMvSkpjm6Ucg4p+AsCHZG0WnazxG0xgrnZiM8oYv6JyEcbw7W8+j/TJJokkG+DzhbTLTKw+kAvBpOkeUYi89lWeai6KAXAMk4FpyMPN0Wh9hv7tjqhUD96ckE56kh/lqfgBLOUO+kznCc/O7qkibl21iWJFMYa+xjoriIX34NXUlp9nqu2861iklPvu54C81zEkG/cdILRP8D4L/QfA/CP4Hwf/gH8j/oLHUqcbgDtkneCy0tuCxEDwWgsdC8FhwjhI8FtSz4LEQPBaCx0LwWPDhuoLHgtWCx0IUPBZUCx4L9hjBYyF4LASPhWoLHgtdswoeCy0teCy0wTl4LASPheCxEDwWgsfCBh4L15WR1d8dwdqtyoUaXAmCK0FwJQiuBMGVILgSdHBawZUguBJ4Tj+4EmwBneBKEFwJgitB9+yCK0GjBVeC4EqgWnAlCK4EwZXghl0JxnCUgYJM03lwM+AW3AwqLbgZBDeDWgtuBl+6m0FwMaAWXAyCi0FwMehgtZsXe+trwRNhx54Ikaov0rM8eYurN3A1U1wDER4xQyn7UjybwaRJOzBDSb1NhMIT1lgV3G5CPHQF1J+P/0jDilF8qD3IxV03lthJIizW29LEG0mAFfEVdri6qgqj3nV8/oyE0GZA0WBKhMLqTAo8jUB2myerzoJ+/jYlw+RrzY5ippD7QJodI+OwEqztJjRNYSSlrA56+tsYhfz5/sYKe8wIzZ6NRemaJANsm0kHA8WDbcQAbEMqeXmZBHpEAmxD9k5LAqgMvC4pARvtlrCyyDIiNytrdX24iD8r/dSD+7/97nfbgs/nUjJtkKmx7faqkDrj1GXdZNrUanAVS8chA3oaoz5qvewD7Q/EXyFbPAU+Jz1rHyjVRBQuxuP7zBDRtBp8zNvP7ycty4Eevh/V5oquOmuibNr1rKvRjQTwIFKoquG16V/UWnzOVftlbdoizdLFevEwOurFnPa73TS3bIptCLoUSjCSKyNGIn5exAtYFgiYuvRgYR+/1SDB1o01L4t8tp6SJHZmBNv65YknlnVXKOWxr4tiwEHWWiRxRpWNeTpKZnWbavFDJTFXLEfJZrIytjeqH+tGiC0RpJ/SbOTaj80iUcdH93uQ0aeK4TJeoQ/hw+i/3p6M/zMe/+39vvxxNP7+l9HD919b/3x/8Id/2ZYoukVTbBuLp06A94iu2PpKjI6jPRxuz/0KzcX9jsxlW1C6pGlsFUBel9hcvTaPv/PCtf23jFGAbGP562v108Ef9t9NnM8Pvj6Elyw8ff92bJB08v7rgz9Yzw62RNl+1wUvYZhfFTan8zkT3M7HnfI0P+6QqbH1+kjALj4lMQR4n27dzSAnCjSFf0yuOg67Y7pd/hiLFitp58KGOe2HsprprstqhiKa9SKaO62eSb80SmZ21cmU4pgXeUHlea0h+EG9auZXPqUyB0WqKMuj3OjlenqB5c5fJlRz9/AlohT2XflHMjtUqpPDH0Aa1NopK3xFRIrlRVyqDWYMeGn90iD011nmUy3VGb9ShlCVSguhKiFU5QsNVfGOTxkYlPIiWV3mxccm/9RKbTJ+G88k3JASEjhUBQ/wZRR6CTfFNlr4SkeWGyCCBy1TWtnJb2lRGs9Gt3O/7QP13TffPGh/z1LYOJnZbi3MMp/52CDeUBZjBnuB2lo5aZcXKdxuL/OZesoah3g+z6dtp0cG7dWsT9NZ8Ufo46NDgO71B/eXLR3cvlsqGlszdcC/UxwRdu1xvojTDi1YZR/4RfZwxGtWvu+Iq+gBgPp46/2XjqKfn74M+9/W/XBnaxFjXs7jLHkiV1m/J17jk7q2XN+K5JW5ylvmLNcUbp+xd0rfwGxD50NJ7UVe+lBYxDF8ld13M8EtRT1Lpp5onWKRbyOUX/oR+zeKdm86jW0JczfWjQlGLT/jfDfFsFfJ2SbxoLUuJOYpX4o3ZZEAW5ZgoD4FgilZeqz14lXn7It8Pms7RMxnGNvv0hKg2LVUkJPmQa/E7XwItl6uoFUMaYUJ4oOIGsbdnJbc4YvSg5ykJSdZbwt25OkZT4L4bYZ7mkyTiqxDxqAknsmPyGIWiTwbMR/tpJpGJkIzCwzxiQL3/vfrH18c/ikXbT+ackv2nKC4lJGWhIVpfE1eB4s4S8+AGZ9IbwDPt/ffd7FFaJUTvS0Z5djZQUQFhW0pm7sj3SPRMZoosDuywEtawir+SLQmFtEE/Zu6rpQ9xFtrmn9HQvXrXrTPgSl7+M89noYWCu1QBDMdNk8W6fk5GmU6hiNyjez/Aemsz6Ist7qgjnGfhN+cNaYHUIS5VWHQMRSwosnn6D7HRkCnAKUD8bcvr+D7z2TnxMCmjB34YHUX8ackKnO06Cfz+ZiFgll0SeGOHeOoLeLgwGVcrJwiuMDBfWi642X8zsufK1E0rtN7a/KdJyS642P8IPGiEjYzGBJGk43AmOXTEuGA7hzlYf4JL8vk8hAZSFTXIjKOedfLQ1INHv6G/rPpwlnDueXqqZPbAwGOXh5uAgF1kfrfXZ1weF2/nJWCDc68YoVIk2ZR20U8Y3IcZ51G3Ws+OwhncnuYXo2FLRnH2WysnVmn7ex9D2DX6VbE5aenj2/zRMHsNzhQOwsBhdUUMQyypl3bkMdsdMIKxU14S5uTbGO/6rxldWhhLKdK5Z1FZQxMjxo5cJqB0wycZuA0A6cZOM3AaQZOcyhgA6dZa0M4zSUGoLXArwI7fsmKPKNUIMuCrj7Lb0hMG8C+IVvRvlt2djkKj5zPI7Qsx2WZTzHecibLarHM8DpO83yexFUPuC2zAwxJCXCjeQDEPFTxR592KWhDEgDTQhKAWgtJADZdcEgC0A7YUGtAt5AIICQCCIkAbrvWgG1Uf4o+8/Ec3UMHOH9YX2nuKDWaIe3H0TLni7iE3UgQw3QfQzjYuk9APOvLHtZ43zllTjMKbw2b1BngKYhz7D3VQiV8s1j6nNgf7LHIYbLpHW3zpTK3aMaTa0fepyvyqbosK3IKHAGLZl/kl0Dz4UjXerSU1lPLPQPIb7nEFLV0tDfhd+MVy8/dblxDsoN6+WtVNsCMzzaBsyIhLf1CZQS1XmighGk1Nb9S6EeL9PyCHKUik7faTVocUUc2mnvdB/YHyEImxcKcCuRgKpvcvTgMQEiJpybMw+WcXtUOleIU3KtrP1q9q6+sqnoQxTd8nrIurLokJUCjYnjaqrvWvt4dO9hFI1onKoM/75IL+o9+tQclASSljkYvJCPAWbwCMRNmCZuyoIgCzDwo8lNLxySQck5YlcsEOSiyPOhpfQIetiiQ7ePxuxbferxk6q86ZATvtQs/ejNLX+Uf4aKS+GQLx9spmRUFjhEayyJZdfiNO+BUN0b2X28tX5g8mZXwfPu99iU4kbr9dO4iXZBOO0LxLXa+IHm3ZbZUuSGxLqtdZgaiAKhNsJQ+rLvEKjGHHyKbrfR6U5F72sjik8n5RIV0jaJX6yyjP94QmSa5fxRxHFeUrKYDkOzLL8EkI+2w7tKXHmDH6L1JgF0FjYdE21mfPbbmR8oPkvMUOcVU2Kggxgs30+QoSz6jnRsoSmmzBSF2L8Tuhdi9ELtHLcTudfQaYvf+CWK3QuzeP/f+h9i9ELsXYvdC7J604FEdPKpNCx7VAofgUe0HieBRHTyqg0d18Ki+Mx7VIXYvcJqB0wycptUCpxk4zcBpBk4TW+A07RY4zVr7J4zdg2f5Mp/nveWSW9GAblFAv3hZrufiOZfoHus+Hm3Y8eLHN08eop9wWmoNNMIoycgvzlr0G+m1jbdMYmKXz9GAcDaPmTecrtJP+APnZZ+paaGhtORq4//eCmY06UuH8OdFen4BTAEWPClSZPXiOTv24Q1P4RjpSnxuy5U4p6A5P0U2Dt9vs0j1lFnDgBlfC5l1rwmgHuHninEEQJD3UtLhqUhLFshuxKL0ewi7/IPxyamgjfb2dht++uGHrd0ToXNazgI9qi/lwaT/HXP5OMUP68gltR/WWl0FOk6Av19nEi+JN4413iIpEHctq1iBZZNy8hkzb2ofFBsHKu5U9VYtSy4HAh2qzgi7iRNuDWXQjuYg+Szn7kJP+iKdqQL2FRyFgZ8zzLi+VTeQfIratdRl6HxxkIM/Ny/TLrYhlZ8qcxZj1jrTCoBZ9DG5EukNgwPQW1JhQ1zTN3C4Zc9oVEoMqZl4jK3gSiB5jnqmnS8SWCJcUFY8lHaERJJzReZ2mHTPUH9dJ8UVEXHs1QTtknGYgrspjI6qWlLkbuftVW01XqKdlcBowvE5sAjATxkAO3vujYXgZtfd6Gp3CL2ec0iJOMNhtRfaDgmXI8SpcSd5cR6jdyC9p2pe/K0PsfapGgVvdYJlWg/0fsIcAIXiFXlt4KOc64wVCQaIslukxQr1npdZjwuKtfiBqMJ7uz2WeLwki3eghf8+q77U/ZStF6cYe3xWo9wYn+iE2VOm90xvMFo+nY8aN5lWs5XCWTA9UkHiZvBXMi0nwYaLAUu6wm2wXiD+WRUQrZkb9IhmeVJWGSx1edXqzrkW+hekPEa7FJ9jWM9KtGptVx1Oax5PP5Ydg4nejSGnfJTT8wzJdfdE+l02sPVXJOzBN4QcbM/JGRD9bQQ+u58IyBpOnxTj/Ltie0Tjqti5nPZvASwLReQilJHV6aoGV92Bs7TAfeHQ7kxxWOi7Ps+vFm1Outz8Ei700NxP3goH5MT/rElLXW/uEH9654ASMPS2zbZJF005DS5eFtspZJp4DrkSKBoRX+FvmXJ0dO8h5Hkx7Ly1j83OepLG5odsrsHSS7gDLTjjoAzCpjoXQ+/1eQIOuaaf15egZN2ab6/ZMBA+QfCjuAm2EVFugrPKfqm1uMU71Vghzr3I56UWnYFljJuzVDfBJSrPAd5nyfRqOk9qH9p6C1dglWl+zL5TTjZtGLskneqb1JKuG8tnGUaxTUbKbtuLPk6lmtqGmSUrrsXgLs8vUdmK2uWqXiaW24JVjKaTD8qFDfWkE+rrQ/9lis2be+2Xy7kN3bZNZfTGrvbv1PWJ6+5xfY8FNm9JWF7fQGDh5r3x3IZuK03uRiVkbjcoJ3O7LmmZ23XJzNw8JWduPvIztzuNlDclV3O7Mema2xAZW8Cxe0mb2wDc8n6125Zs2lCcUC4LnI0u/SsK0KZsuxYWOzk9HwbBkswJqYjIUca85pClxZO0sG4gcqNNuHfQ/QQDxoUbho9wmSMMDT+YYFjiFGPPNaME8zqnEUlgZpaC0r8kyNJ8ThfrRTSnStTuUuDYtB6Co3su4vKCjtF54s4QKF/7EoB+NQy3oejQrZKpcOhwCPLsXJyZVsKB96NCp56myaJ7a2mi/RnH/8ls/pYU+YEHn9GmwKHsb3JzIkKurqJ9yrylcxSsV3k5jYEgHbDhD1mkMlXZXphRQwkC19A7CRVqTfDog56fzoVbv+aFW18Jcmxj5tydb2TuIzlA99gdXObsxBUD1D79sVJ2dNicfQt/h3SxrUsO6WJDutiQLtZ/wSFdbDtgQ7pY3UK62JAuNqSLvUvpYkO+1ZBvNeRbpRbyraYh32rItxryrYZ8q9JCvtUvLd9q1RVB7iH5ccQiqGLarNSgKKGuK6EvcaUn+dlOe4pOCtq5xVZPchbTlq8b4LzbKVrvaCLbFk83KwhJfB/MnvftXFWBzFP5ufJbAzAqTe0pLOyYkXiDLLVDEtOqDkIq2ZBKNqSSDalkqcWsGSJNzZ/iVgG3n9todGI5fZp717Y8wZEF2j9fz8SkkSBishZeawyUzsp81xoNxuGXnfpmUl8iQUQH7jWNwET3vjWfjY1bPNeT2vpVHgiJJRWtYFy7TarNshnl2ucGiJsNW4oO3UR/oTt/swMtZ6UzK58GZu9Ac8InzAI5j0mdbFa1r4xeBbq5Af9eRud5Pjvgy5a8f4gaYZ9Vh9B7pdUNukR3K0qf1lTFJcVaZPdWUfIZPhxhoKuSrlbiUwAwXrt1x4Bj+QrO7B9zmKmt0LLGIQTT/wKkZ8/hBwVH2V5VtFm2W1XbFneqJxbx52fkffIwenD8XddLaaZeOu54ZRmv8JJ8GP3X/tt4/Lej8ffv99+O5a+v1U8Hf9h/N3E+P/j6EF7af3sy/k/57e1Y//3L5P3XB3+wnh38y3XoeyvoOFRlAwB9Sic9avGkcPkhVOLsESkp2B6d6FodD5xzbPbFI0OPdZVzSPzd3mtI/P1PkPg5JP7+597/kPg7JP4Oib9D4m9pIR1jSMdoWkjHKHAI6Rj9IBHSMYZ0jCEdY0jHeGfSMYbE34HTDJxm4DStFjjNwGkGTjNwmtgCp2m3wGnWWkj83b2UkPg7JP5uTfyNo73YxSVV7cnOvVa5unpX2ZvpTjxcMnso9keWwNsyYTeXlML70ShuMoc15qMTXDrYvCj6mVNTwatwKjA2i759/OL18fH9B6/XpxLFwhxpeyeW48r9bx+0v9LntmKcVrRPyh8etnqt/OGh5bfS/s7B1+3OKF9oqngOa/qPJJ6vLh5dJNMW35DWCbqTxjd6VaF5msiNolla6pxfePcVIN07+rRSvNj9VnxTWhMC6vxDHgDzAxo2XoU7dc6wxDlC/GWWFMUWt63Y5HRQyW3UjbOKi/NkZYWq9Yz49IwjIR5GL/K2kZTDm4zj058QEpVP5+BhdOLRM65VUx4SOkn+bo1TqjTZb4sbqCQV5Bm1TcAaipJbZBgZvsF60SmxY42YEcokLGDfTNWz5mlIzcK4i6P3DHiK/g8IrA+MLB/ovkC/SDxE7SulZaYqSilWvrHuVEF90YyqAXX+Kbug0TozI3ADOeLHFr2k3cbeOYfMuzvPGX+CwcHrgjJSFAlnVBDYkZ5E5fTC0wlHLYerbe+5BYU9k5SBU9KRO2fPoHsqe92eypsYSXfubaqw7gC2cV6MGSIPCS0cH2MA/msgGKv1EgNi8nWHu4Zqw6DY7N26ACg6kbJccVo0SieDNKyJvT3DrHLtsG1oZbRWe8EktJqG9AXMDDYTPXsN1egb5qLI1+eYU/MDJYd9Karop491htieHpBpNcFLyUrr5SzH8wXw1obj4mRylMW5Lz/b2PJ3rqnSKQ+A7SGuYp+ifal1Qk70mir0JT0bV31AaEDoGYgYhsHschzZzJtYkhlK56jVkWW6974dtv1Ij4+QJ1073LFVgxvkKl8D6S8vKNuFsES2ODbS54X12SpXDOtsj3zoeC+RtAjdGylss0tq0NJ9q3HJprceBXawiVWIs3Rn3VHuveezfhbnCSbS0T5WI8aqM7ijk9nIwYyKbqNnPOYDEARZcqnkOR0ApdZulxCi7BXwPyh8n1UgJRKZSvXe6mtot9iaJtst5uknTAq9XiEltUKB3FmWBPyeyWn7zHB2284kZ7cByXB7THWd8/PKmXsTJjy73Z45z263adqz2w2b+ex2gyY/u92U+c9uG5kCK7DyP6zdJkK7DT+nQ0yHdrtlM6LdBkDRJxf0JlAcYna0282aIO02EGgOra/dNoPcIJOl3W7UfGm3AdDzMmvabTgMr8vcabc7avq024BN6TSJ2m34RgwwldrtRs2mdvOGmHey/SGmVbtpDcYjR25muw3bnJbuTeC5KR5VC4gm3kdnWesZQiV1jUkVVIus1+NTrZBK+DPlpFycquo+cc8waNmcxvPox1dweifJRI5wy+y5Vg1LbmpKZh7OYXrj37ANPR4/NfbADiGLWU9laTmupASGqrJHJV5WrFvrHcyq9od9K03URIoBKn7X1uBcxJihP9EmlXOQEV2aYBmIQ/XJgxPkyoSSBUvGaFQCqswqbqzol/m9K6K4k8bazSP43W6DyqysfDSsm/TrSMpgt+tbm0/2f2yO7KrV1/xQujMjq928yXRfaCo3jZ+vMC53l/R4gM2hWr+izdRQMSaUti2hZxYoZrPkTTc2LhLH2Pupsu49oNkghpfozzNNZsRA4RUc2UaQvhP85HwS7b19MP4WhNsxi6Wc2IPuGBsEyiSnQKBzSvch3H58IEkVKU5aEaMHlnVAQ28fCGufmnj/tNYfmX6+benOrTDTrgjv3r5Fh4J/G/N/3r3vynHBbUCMtRPjb6M2/CPbmUHlHn/uKBjvGDNtvv2mRV1arb2oK64rJSlXXBeDNXq9uEYs9XqUqqQ+g9spcN81YqgXH+rFSwv14kO9+C+/XjwKC5xllLN3Ollp/y1v6VZnyMNE8VierJail/kRvMMXyxXXJ0BDIb1FEpuu4S7Xm2N4TC8BCHbGJeP0F3xNFR/Fr2smE5xEJ8aDABDiiKeCBOhKv0R6f3L3SVx1OxrW6hKTTM8cKOJx4AiaRZzufIesPhWjscoxRXa8yNcZayr4dhXQ17cLpF/U6mfRDLti8wTVn3CMTA4bDCRTau5oRGwqp8OQwUiQFapA/VvF5lATQVObp4tUyKprUHYLf9GyaFP8mniBD3g0p6s5jxiNxyI1fdh2A3/G1MZwKFaAizvex5aut9zOyzilrIykbYAHn2gEF0liJ7wZzQH5P+9dlq71RksPG+60x2b012b0h353PcZqiYPeYt2dpRcrDL6yZvsWX3TyqG0VFht5kmwUwbSN1VAEFfdgHIF7q3qTVsxSmp2jZnRlPCdkWF0Gg70o4unHsmMwMWMr5R3LtOl5hhxq90T8yjX6OE1+iosU2UtffNLv1xmeKQgg+QI5ngEym/KfWyJf40IxP8lFOYsP0YnrbxocnDxwplg1bY42HAOeW1Acyzx/lin0bJA48tR3IHoC9KvRVVo2cpn3KeAxxkO+th2NW9zwP7AC8IMv8Ibpec3gP8AF6aMT3aTwdXUUKwclO5Jw2gMNBZW63IYvXt+93mjcHqM5gJL7Paz5p830kxEH10jeaxRY4SZaKOkUPdBz8Tg6RfXIIv/EdhWixCDYWm5ZPqa5QcppP++C2kbYbjcKUXY+MyLD14UjTOM3WIJKFmyuWHVRSJCAdRPhO3aC/LrqyD55Cv28pjBQ1dSc/V8SdiTCultYKG6Zov4kQwwrPx1P0AOt4ugmBItc02gXR7rInLnVx6x6QZtUP0HCdhEXaC2fmToCxCS2TYZdAqY6eTxQndl6qjxKucI4l81L48aU+mt5Y2PLpC6qusxLLvesnK6ynEfo5UtMwyQvtuvBxfqUagJa9uYyPS8P6xM+PJ3np4ezo+ToQXz8zX34YzqbffvN98fffv8g+f6b4yQ5nn13+u3s++PZafzd4fLj+eG0mB1SlutfyA1pcp7/5tnx0XfjZ8fHPsakig1c6bPGkjh7TEsue6MVsPmbmnpKSfNLdMRu1oI0LPlzdbq9a/LPBT1gfT0vIGYBY3+COoxtgmDtfiK485HxJf9w/l3ROHGJ1bGnxPkvgOZR/cqVGMS7zmSVdz9LC+ToM4n/UoaBma4e3x0+13ExX5C1LTpbZ1O6/nd0A/vVQ+65/3r4f79d8hUKqjxnR2eaEyUtOXEx5Hav7SuVC62jE3W10S2VmJC+Fv6zHbhODt339r8rHPnuOXEfDtyf8x7CTd0Ip32HOGwv/rWPo96Kk/aaQS/nPGSPN+CUb5FD3oAzvgsc8d3ghHfIAd99zndrjreP03Vyg27O1pPj6+Zkh3KwjrkO41g/eSfCQq1+S5m+auaSjdK+oIsx9LYNEyVdNPMHGRMP+kSSU4PYnKlcM77C37KevqN7j+RDA9KCPDbcsKfiuPkhR3oqn+IWPttxkuQedS6G3utTtA65lp7Xl6ByMNVqzpgNW8YF4DjVS+TcpcgmwGLt/VJr6UvTw40jtbgX+bzUKZ2QHDdnqewulxjVBfA+S6ZX03lS+9BmQQ2FdE3GVwvryN9k2lCF2lQ5btVD8hrLZ9ZW89wmL1LLXvSrWBj+7IbD3hgobMrYBnd5fm7Bw0d9gG3B8R+mkw+qtALlHKC+PvipiLyVoZVS47veu0rnag9r9cutwOWymRTGQyf9HJlz3qGY/L+k0x+qRdQtf7C8QlM8gxO9IToknxK3oWC9jtxKssitMyw1TuUuTTw+GZe4baK2v/nsS9x2nYNJ93rDmZi43W4+Jr32m83KxO3GcjNx883QxM0/TxM3j2xN3IbkbKp+4Z3LYJPTfCtZnLhtmsuJ2xYZnbgNzevEbRMY31COJ243lOlJBts63xO3a836xO0Gcz/pAW8kA5Qa7cbyQDUH3CIbFLfNckJxu+7MUNwGkeLBWaK4bUJbrjFjFLcd5Y3idtPZo7jdZg4pbrvMJMVtiDxAMxiQVYrb7nJLcRvIzAzKM9UyY8/zg+2mc05xuxuZp7jdlfxT3G4xCxW3W8pFxe02MlJx2zovlUBv6EH3y1HFbdMzvmm+Km53KGsVt8Ew9vUxxbYpjDfNZsXt9nJacdsIpJ75rbhtA9eNc11xu7WMV9wGw3Zw9itum0L4JjJhcfsC8mFxG7xlXrmxuG26TRvmyeJ2a9myuA2Ep7dDLbdN82dxG5xFi9sm23gDGbW43VBeLW43kl2Lm1eoFLfNjtmN5tvidmNZt2S4m8i9xW2omD4kDxe3gRmruA0m7oMyc20+hmeWLm43s3LfYApuntm71MtDjolXJi9uAy8P35gMbENye3G7ZqvUNeb54naD2b643UDOL267zvwlve4m/xe3jbOAcRtw2r3PTH9eMG6D3VU8c4Q1/dlUojC9WV2uX/34d/M5uLgNuSe983HJ6xukTeJ2A+b3m83Txe0Gs3Vxu66cXdyuK3MXt0FXqU8WL253GilvKrsXtxvL8cVtSKYvAcfu831xG4Bb/rdTmr1Ce/9rTlS160vqeZqRl4rhuCQjFklTrCojMyswIspRTtlK+eD3DnEqHgv9m2N7DRxF+2oc7QxnpDbt24AMYJmjZap057LkRjo/mEsf5+OXf4abvxuYj85+6AYq4xVe0Oss/SvmJ5qhAhHE78Lhn/rGyxsf2xs78RERCLqwOCqqMWRpOaG3+OrfK0n73TvofjIBrnmqPXxwmaMoWU0PJtFTIBJxmRgzIXo20ohkIBRHTGGhlRvWnCTL/qwF2qmEVUcXcXlBJPGctE8785YelNiP22DMuN0kf9xuM9Uft6EJ/7gN20iv5H/cNtrFW0kEyO1W0gFyu8akgNwGbfKgBIHcNtnru5AsUKBzN1IGymR8t6o/fSC3oXvTnUqwEusGnCKQVfE7WkksWz+qd+YXbCoHvLMLRioAQmZz3K/uac86iO5RSrbEa351Fe2jA5COJIrXq7ycxoB6B8xhoRKBw5xViAgH4uECeiehUhoQMPpAdz2MGuAZyjy9AQNDkehNNYZODaMC5OE/iGboGJB8TkvaOCtGzMPniPwhs90mmLMUlDfg9GrikCiEUUEot7w2ASob6R4Zv5H1sbtCQIjCRjQZ+XS6LpAPSYVBMiGlJg4SiGsMWyjn83Xip90Yaj4C7vVp9sM8Pb/wNtR4B7BgGx7EYn81yBa0qY+ABQJjMWYOdoE3CVz4Z/zUwiK9lxfxcom+8JIWA6UFvHo83ZuxvbKdhVEfz12WKpzSYIDRpJKGnP02cFqfUvQ9QVfo1DMZHbZ8PksKG8Gi/XW5hhv8KhLrrcJRnSxKo/IBCi8U/yFiEJEWXsiQxXMeDxC4zpMM+p5H+8h8I/InzIPYMD8YtRkayGgwv4yvfB0r8JSkeQFMC8ZVyBLpeolm+WVmH1gyyKgRc//QQ2zPLbwSToWCCtAj9iz9DEOrKxV9DmDMKSwZ7jB/B5Un7ID7kLWhdKdJbDsMcv/oX0d1/LGT+ZLgVWpzC7w+xPOTiRQ5FGvOZQBsTBDlqG6uI56NEQqZSWNPOgW2VMIK1Ih+9iVs+CkzCvF0lX6yoXKvtJgHX+BvHUw2UFGMuwad/7ScXWNoyCseJFrTKBKdzCkYykn0UmgC0ajUD1Ua3OVruW/foBPI79WIvKzruN8YzV/mgC5e0Zn8zWYXiT2WVoQgyi35J1JtSaKIJtsN+C5Krith9Y16hM430iakUgAvfxLxM4UIWPqmvVfAo+SLUbT3IrlMytUe/PUjXATwl3enf+EwYiNNYGZutDiOVPYwkuEe2/AAUm4RIlH0eY6YAKH0Zzh4gd6vMxi8X2dYDXFPGcLFAC/yel34uUlg+0fjxd5Yca0tPhq2JQlTbs3Wc9TVn+afSIU44KTyzdUcYtDJWmt9FPxvfFrm8/VKC8r7yeeH0bcH9dt9yCWrpmnuQOzz+OhfD/ynSd4gOEvJPHaELjDkYmJMHKhm8e/xpLZQ6n8+pXxLM9aXWcvF2xovbr5X/EepaFV3xBI9UCwRSrE2W6QwClhA/5if9TJKF8LxihcNO/xUb9ES47hLCcPSKixStXkPZfA0n3OsIa5Ao8Usp91NPk8x8cLxA2LlFPYMkIPkCEQ/ki/S3EI8Chci78mPEmjZBKH3QBrUCEJx2hoBkS+VQIwwIlVkCwko1lk2JGguttSBlsQtm5MaBrgGtsEUYQccoSST0Acz3AK9t8DaImON7b0JYr7xMduEmG9OepF53P7SIN5k4HVRsbnvmpAjkdqakJPQD73+tp0A+FB577H4NhASWyHisUq8MNrhqjR1PctFTwNIIUIEUt/mZWgI8QBdgH2ptZ1Yy5uCNEac7cF/KR10m71PO7btrkryvi7rmxBPCq0gWGgHzuhENt6SAStSN7ETP2YsrPkBzTbUwU4MFuJ95blxtWuvL9RKvLdtt76+HtWguG1QE6p3SS1KBd/yUNyGaFc8S0W1rHZXBaO4DSobxe3aI6LuStr6aru+clLchocuDS8tpb7bjLG84TJT3O5QKvxq24CjH5IUYEflpzaeq3cpqpbJDsKpLcpScbsDxam4bVGiyl7J3ShUxe1uJOmvtmsoWsXt7ifwr7adFbDiNjTy0qOYlXrVp6QVt2sMpdy8yBU37xVvUvDKXk7v6n12aswpwJ1v9KxnQJV09w5sAvee2Q2HsUi2L/HEDqsZQJ+0VwtY8qOsR8C4lToBOO3hFQJwRTsoEaC6cdYIeEkv/RNWB8CFd9YFaNuBUBhAWiV3/873rdq72kB16KslAspKYkratDtcJ8BTaB+s1Om/eu9I/DYeuRCPfddCX0M8dojHvnNIGeKxq+AI8di6bROPTSxCCMqm9iUFZdty1I2EY+OAIRCb2z9IIDZuae9EOoKxSUoOAdkhILtv6BCQHQKy9WTubkB2VyT20ktC7wvFVtQyBGHrdj2M2V3w1aHNDl46bS146QQvneClE7x0uicbvHSCl07w0gleOvrV4KUTvHRu10vHuZZueHZBcaxqKDaedA7U8aCtSkTlMpXL5DWXurDTF+SnYuSjooJW6ckq0etmLKeOIjGVOVhlT9QEVJIbsfiYOVgeBE3i2yk7VJesi4Oo0ah0HQ6lFZKxXWdTm2xb917njQEJmqbZdin0sd+ABqs3RQx3ntLmduGuLyv0jKqVsOaoUodFj6JiB9HfRkqdYPYVvky7bzbbYec0MaFxlGtlTnZgM9r0AosezCas/oj1tUqXCOk/MmBDVJgXTRc77KYH8BbuCLPp0jvJXVMsx+Ri7pQ2AZk2Uhx2vNfLzS6Ssoy7kzX4btBJdLFexBnZqEh+kX5R7U1GUozfTFZxCoxVfKpUQWb7enaIIcTuBRGq+ztV6L0LhhmW3UnafNeLakXuSSuONJ7cK+kEWKtDAeoRkOj5o7h08OvYaamKsiFi4IKnFzn65KnKTnlBKFevE27si9H5OoaBVxhG7yyru2vAlgnQ+XTVmaLGF7SqH1VmuWS1Hhev5jsGAaSp2yveBuS8R1HJ7kZoCC8RVjp8ExUjVhBs5+h08IGASHUJTbrT1ZpHxCfxdIVnNC9QFHKZc3BHX6v1MKyf//T6jRK9demSiK+s3/8Qz7sRpH8HnFWUKvAXElkv1TVS/opvCiwGRdMZRT8xm7zxvFzhor5YocJCDTW2zxRVrMWjmE+koi9JIx5n7jnq9Se61wmLXcakqmsI4o4XID/p+7OkAr/RiTLogyi5Xmlx0vgsGYagcxJGa3e2nkf7ZZJEEzJ08TaZ6WH6OLIXn6ZzRCkyemKOKzgcdB2li2VeAPZ2uiL2bJaLXR63XOytr3VWg+qs5uRkObvZZpEuX87jLCGHkx7erBW/Gp3AN0Bi0WHaVFaGF6IlvkEbvBDHEBXVTVo84JiIYiGr2w5cyi84TTB1G8I5Kdu9y9iCWKXwqi6xrcbFG4LmRuSIDCLa3YHcoVC5S7nKKhNrG9L4SyhFpB45Q/IlMeszsYvb3dk17YE1eokB7YTKbsRH5TSVtSfuvM512kWtNeibE2fMOM1zGLTOZvX5KPs6v/kQqIqbMLpdK3vba6MIsnet5sPcflafSmLK0vYuI02XuaJ0gs+6V3SsTV5IW/Ilr3SOIQiYGoQo2SasfbziAq3dmvdhToUe2tbKBpjxORTkrEjIdLcg31SUdcwLjnQ+aXZWxNrFVXEawC5Qpss1XyhCC92U1CHy24TF6/qzP7DTuKbqTFY2uXtxmMwuJfGBMA+Xc3pVI2N9KSZcR6t39ZVVNd3546icp1zYubok5XOJNd+nrXlCtN64Ywe7aETrRGXw510iUP/Rr/aghB3ln7oiSw/jabzi+wE2ZYG3QJ5N07mIii0dExUcEVVXOnqdeFVPC+6RpCiQy+XxW41FPkahDWw/itAjr+KjB2ZqNIYeWAWM281Oq0hy8hI4zcP7R/e/Ofr++LsxcDGwn8mYGYlxmo0fAdkca85rsmAPLLJbiVjZtfOttEX27VWHLOi98SJ73My+r/KPICnwNW0f8HYyfl7EiwVcqlPyIyhgq9lpJSCJL5JUSYwPf9nyheIEKmxN9b32/XOSs3a6rJScf6I81O256Kv+EY0PdLQVYvNKMlqzpC3vtsxWQgNdIYGW98t333Qsqt3fZXkBGLTJEaUP7SrOtjzPD1GeVJ5BUxHw2y7EJ+je+zIhy+coesXp+0bRG7qgSbk1Ih4QTkKymg5Csk/Hp4Ca93sWKG9F50W+XpacfupCzHZCdHRZ1BlaIAnvZ1ReumU9KDprZ2VRBeiIqp+P/0hjfeqy8rt5RJeivLGuToHf0qLXdtDSbZcV5fY9S9HepbnG9mfUZdRqebOsb4nyT5sneYS6ds2fPWWRD9OvVx9YnfyFYkdL6xfxmCqpw475qXd+Wr7JH9Nt8Aqo7CqBQTLgYWDKwFifws+vOQfaT0v952PSQ78yhRtGnMCY/nqJeolOI++JZtvnV1gFXPnav5Irq1KHvIprqeXhrqQccq4jb9cp++1W/H4OxfWFnqgAY7d3v9OTqsMiggSJeE6lecbrABVcMWpZlTzdrZWxsUkLxii/vZI7pguYPv5J/kaSxgp7fEaaPRuqfk1mFGybmVIG2lK2sZlg87WbYPPyBOqxn2AbsnfabILM43WZVLBxhW3W+6N+HVX/slbXh4v4syo//+D+b7/73bbg82FZTBsCyRbepnaTTHQ0qcXm2J7pitrFnLTzNC4p328faH8gZTQqaKZApUF4bx0o1dfV/Co6vs/aY5pWQ+n79vP7STur9v2oNlesFb8mytabbZAufPToQlIoYdotJC/Ra/E5V+38nWkLDt17GB31Yk6f+7PbkIdtCLoUyookV0Zck6FMZJp1/FaDrIBurHnJPmAcW6qtgHU2BU8sG/rRJAY7Z2XFBPFMohpKEz5HdNLtMkbCppgXawFlGxkWsRmFsrkRYste009pGgZK8ZVzGimxWSTqGGRFNzLqNx2vLTHErAAU+q+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/84V+2JYpuOx62jW15ToD32Pmw9aU9HUd7OJyrDge8QnNxvyNz2RaUfZlqK4C8Lhtj9do8/s4L1/bfMkYBso3lr6/VTwd/2H83cT4/+PoQXrLw9P3bsUHSyfuvD/5gPTvYEmX7nOw8LYf8qrA5nc+Z4HY+7jQ+8uMOAyS2XoU+VlkjMSTqiODpc/Ab6tznmO4wp75+U0S3IaKmc6jI38x3agG8A7C2eOwjo/eLTzqK/lVv4FzVfFT/rhqlaELT9IuOg9FuUGFdKHJ34tgXnejkAxVXHUfPJkkAyTyiEQCOQqsSqiwf+i13kx+/yDMfpkvykw8Eeu2rLpD3FyHwBPgNAIKs/wPBUPmmCwjsViALdd0TO8c5HrmGb6/UdG4e1/pDYv3Z+3oYbB3q2yKW8tnQ4wB/k8Pn8OGMmHbpsFyx4gxlB+1Dwdpa/pEzGDgiMXYH37WoFwdicf2zZmTxejle5eMe8fP6aKcZvo7MSqF6G/jcw1twlkEfjbm8uYNbWbTT/0AXsuRqDDdx9cVruIn7IP3lX8G8QqdINxDLuGMXUP8p796NUSlcukMv3Wugj1/gbTss6qzxI6vhrVhRTFiJFiDrl/Wp9kJROyw6vejvv341Ho+/Mk4yD6shwpOPv6N8fp+Ov/qYZjDOI4pYVhbHxzplwFd2StdGNlIr7vY8ySaoKzhdp1gsnTpXQ386mhx/N0Hlp501UuHD57FMRrmjPIwsF52vJEg/0pPnYsvlRJK3Tur9fIVqbRyCmJeHUed73LOajWRyVP8e1yYRRQyoJ2oaj2ga9AQVI39ue/oslQK4y/m6iOfNRfBGXuTF6oWZyhhf4ydAONbzuGh8CE8pleRDK7WIgJs6GVccZMk16xFmHsr0EJWT/0ZqPrLFB0adSmJjCX5pW3QU/XeZZy9j1DYa05P6CnsEZFwoNRHv4YlWuDHCa0rCjz8dx/PlRcxaco5uV4gNa81OXj79+cHrys81ClabZ4t/NP6z/lbFzNDOhFoHqXKY3RcUTpi/qkSJykaZCH5l9NeWQxNTqZxV69TsNdKHQlvCASvgnyty/TvH7KSq71LZ3MTVilABHeDJbEIugLWe0QhSJJSnfZ1Z/bG9pj6PWsJQcb1T5GWaLxZrICRXHKGPHtN5UR7OMMXNYZmej+MCCPkqIfeXQwDymBaScdqrxew3msC1kNCGrpgO6IDtwSMrjsKc/pVNSXoXlO3t1ZPXb+wUxKnKmm6Zerv2B6EJ4EmUnUw5FifZbJmnmRiB5ymJRuvTRboqddQGbF2920c6mYOEStRfeOoIAbzmvSLT4Rg3wWu32nOFd8VkC0nv2NraibZjI1Sxw4qtuZ2ecXMEZ9M28Sd94dnWq5UEkxiQwoCeEjej3OH0jFo4DeIFWljUHg+5+I/rbNZVGrc6W3mVD8PLJ88BPTnFyKOT6JQfcTIRccnq4jslJkjleamuTNaBvoD0RzTFyVOMZQezphi106sOhrPHaCSR8Nt4CKpgeoKM8jVLFFH9szaO6Bcbl0zn9nHjDDNPPsdT9NAQW+qHdTH/gKLDB+n2A+dTOtWRu3jyO3p8etY6AXKWY59SQjtgy3X4jnhCXeVrdaFgNIcefFN1jTu7UjObUksRDZlCNzPvYTckLm8ZdyFC61zofXtC/MMOZ7VEzmkHki/2I/n0VQBW9NOrZ/w7OdOfRXJLGU8s5YSFRZAXqaTrcQT7AAeEnVJOglgPie5KqfEJpuMPHAeMdpZ+VmfkIs8/jrWnCX66HdiAV94J2KAftb/0t5TaUOcYPbTulZSnV/EBvkcam51Z95tvHrhefYmj2/4rRD55Uqqo9vH4u2+/ffDtiBUPZfopcdTC3pV867a3O9LBjM2J2URNDcRvG5INn0fnACFxRs1NDH/bJiJIIwpzjIsZHRwEX0fX+x+Iq06Ac0LEeIh7dIgo/aFzO3ZP39+onGmJ/miP+Lk95ycfcMYfFKIhF0nXGQf9KKxXF0RaqTvz73i0O7rG18wqJKCHc6F1TudEUxBFsUY7olQ7pVJds+dU4BKeRFH4lAmCVH1xCZ/HaxiZkrXv4YOHy7gsL/Ni9v/bE//jrtlzfvZJ9EMRny/Ig3R/7zeTyWTvgOBDxUXsMl77e3+Qp84SJSrve5J2+1c7Sa/jwOqT/lqqVmwSRNPoBPMNUFIO7TEIfLOyQuFecdY7JR2z02xLx+hXa/kcmouc2bR4pTpYcJJSuQJ4Em2Asuk6yXHk0fwM1Vpq7iPhlVWXOO3OKi9uJoq6ePIZD4VW7TRbrY5d9ZNqLTvSv+kFKgq/aJNgVeMcNOY9jmF58bhLle0fQuFM9NM9UxHZ1ROu0aIcallLMeL6WkxViDFCb2Z5uXPQIplLdGVC1YhMIZhtIjCgJ2/XQKoJpoIocP34g/YV10vmqlfuLOVN3UHlqZfXvEBtZ77yahcsD3nap3slwx7x9SJdqiuJMNa9Adx+JoZJdc8Y+jQb4d2L/3nyOaViC7Cdj/OkhF/pl63hw1PbFXTEH5o5eXLuswoTCRSUbKchCW8/zfDi4aW6McJ2usbuFfeQ5dmY/Z3b+hfowT9s4G04lAxDPtf8hNWe8xjzkkqeE9LHoTo+nTpHoSJtnF7atZce2bE9s/H65bbs8pmMMUd214r6fVvhnHQ+U/vVxaP1uZwO9yjtWRLdQs8cJcKG5O/o3R2/Y2bNia8QyeXxd7wpCFt/BWRKixItlGh5AUbTfiY8sdVN50BLHAB3FD7FG4uC2yIg33R/UU3Z6i09kpqoSO91UPwe/Gtv5AgetI/p3tNsj++7xuHTlyMlAtujZ3uTwRf7ZuZObBX0QV9kB/YA2UfWeotUOk506UcVNQGttjWFCQk7JCcB8vSs7UT+DnnTjvxD+LhcL1FUhPdfsTHyibHEtnzFMuNrNRHJ2yXVBGZJpnQV7qzWnVvSTmvGFaW1l1K+L1FqXS3PESRpNUZ+F4r5jbOmVmfSlji1NqOQQDUkUA0JVFtaSKAaEqiGBKp+OxASqIYEqv9MCVThxpzNWwMPKmilXqs4S6mTrfmw/1Bvaaa6ZaJU4cR8synXVh/Uqq/EviV8UxLvJrNv3U9SVlN21XSK/ny68DypsovkHFG3UJVZvAyNfcydpI57mQPKbU3rK51V/FnkScnpeeZzrRhvgk5zbwwpXqwIHd0H31a4Y/IrNBLhzQp0eWNC5/JL6PRKkHq+tnNCfY1bMDvk8fUfgA1e87Le7/AstBGsE7ZspyAepbldiHlbKb67fCYd6zKfKKiTDy9r4uVBTzolbAiXrbW7F47NaEycznGL+8rF9jPp1wwaqHW+4kCDfuUgV1rtqbLuzSBUeqtg70oVZFaOyEg2xTfSSVv8qMfxkRIEHbTDx3eiz3PCfTl3eE2M7UO9u6t3WDaAjtn5ZgEIoQ2bhTaky3g2Q1UwSE3pAj5YxovesIb2lzaKaXj68oTHf4Tj0wMT0lB92IhoqM2dt0+HLVSffqWjFl4oQzwyb1sELrywaO2SCsSSwjUn51q0o/HopHMSPLKiFhCiE/zsVXI2sTCfd4UKzr4wvzZodW0u5E6+m7ngtjTn8mfza99c+gI6cFOrG34XwzmqqNcRzVFFsRDMUWkhmCMEc3xpwRzVU++M5YATVX27CqVuKUUIbY9CQt7qcP4nGk84wHIUTUZR+RYOzgjAUq9+qDcYbNOf6O5v5Uv9GHCgYtRHVb5StFSfCw5Z1kvujFp+elbpkZhr5cDKKjD9Tz6hyhFEOZgiFqMKnebRNcoP5Ot3FUnJ2ou0mI1RmXLF6QpHlTko7nsDN8c2qtMKXkVsSGoRjWcn7DaZR7eGosn+1MTOHc7DVYXTYlHsn1vlhx05B3TZreWYepGePpN1jfhULNaV6p5rUfttRn+ESvSTIPNiBxVSXCVnZwcWQYhLy27rbJ3T5lTd08XmQkkSsh9Ge+3JFv0ok83Kyyo7pfRq8Yjk7AwzlsPVdqVxhLX8szXB6TSefryMixmXkAJ+TNTyaZeqXzlMs6uH8o2TBLWlZvHo6FMIn85tzFwHVeaIW2sucPeLHMggxr/FKdmWirw7TWnLTW9ODF72VLoC86cny1V5iG4in9Lk8hDzMMCpHuMEx+KAfEjS4eFv6D/DCcLOvHw28dgo14tFXKRl4vAfaZFk7RZ8NUwLvhq1Fnw1Nl1w8NW4JsAGX402GAdfjeCrEXw19KNd+mpsa8E5Q+zmn9wmnKDp/8fS9GPhsKDoD4r+oOgPin7d7oCiXwzeL1qVV7WUTfrNNk8eJe7biHSazPPsvD3upysep5VNCOaIYI4I5oi+eQRzRDBH6BbMEcEcEcwRwRwRzBHBHFFrwRxxTYAN5og2GAdzRDBHBHOEfnSXzBH/9AElyS0Gk9BvLXEk3SEkSWf4yFc7jxw5qSjG6uaZqtpMbCCV3/rsMk17lSUdp7dlpxo8hxuzTzXncdeCUPrMUsEiVWnBIhUsUl+sRcrbGDVQw+qnXlUjG/vNIGsS6VP7dbnqtQ5NLlvZCdsMCbyM25g+0fEiSQxq3KDGbWk3o8Y9Byy8jFvUExVckbe0oSpZ4Zr0z4Is6meLZWpZmZDi2zH2SmJo+4C2TNEywnTMNZh5W1sw83bM45/LzBtJpYi+88rlJFRFGf6X0JKeS7wtk0iXcbmNFI31VV77uc0SPZa57VTP0uH2uZGjZxDM/1kE8x35jAa5PMjlQS6//r0KcnmQy6Mglwe5nFqQy4NcXm9BLg9yeeXnIJffrlze7v9wYx4PQLxgDzOYCvk4pBlOeTyNx0jvsOw4MJnlVblKFof8N95lcIfhh9zDDfpMiB/ZLFnO8yuuiNjpNcHimBEXpV7Z1cPoL8mpzrV7yX8rVGkvH99So5znQxCRLsbyVu0lLmptw9F6gepLR4ciOao56Im/SpBt+NlyoGAs/HRs/akkdPES2Y2DyHMG9GMNaHpmHEUazxsOI82t4l24yIvVCzOhcbRgomQcShpffrVzx5LG9JUnXrnGqKwyej2N5zChn5aH8tfj/DI7fMWVdw8xx3kyOxSHvBYlEPuLLS/isqaDsn7p1f3AQZ2r4tL5GVUAXGF93YzYEe1SuYqL82TFqdqJoWnfu7YJYlG/dBpXNXWvqj82yWzPPNH3+GpH04OeXrXPEZ5sOkFvQM7qU4yYbbyIPyUV6RZrDaNuh1inzuWItqB1QT/xs02XtM5i5f+4E8hb/bVP1zzvnPIM9TJIb+xbr+Lv84AP/gZ6xQqz3DzM7crGJkViraPV1WNrzm8seZKrUhfJIsdYrjRT/rks7HxGJdQ8iUtbNRd0mEGHGXSYX5gOs0FKSJdpn7mGQrPxyRcY9Q5X4bMkO8cb4Ljx0CFvwnd0E3eWnejXcDwHKWWxXlh3WSlVJ5BsS5Q80NjL+ZXWxAghF5rV0inRaphXm0LBrjZxFO2rvhSNt2N49JUK1K/MMeikjNK2+htEcmG8g8Yzd6mKbhEWRYN12SbHV3XuHNaVlJEuQD6rXIPcS5fwfAoybhLXI+MAZc9RTn4MSwLWN9lid9/QtfuZdpgC8dKssr+xPV3YkEX8MdHjw3acEaXpALm1VawVPiO2nIvmWv0aAZV3Gf+dZqSHbukYRp9SXiDqLLK5BYo5skJfWM8cvazB68nnaQJcRhtiSqyaQrZyXZxRUW3Rrc3q8siEyszy5mqw4NdtCiim50Dw0wUdE6nUrYMg43bcqJyI746OWlQtm2OxkjA2QZ4XmiQooqtY2+qcj9uOOXFvdCfT9YjkMY9mIKSimJmWFwCq1WWSWCFtf0uKnLa4ohLdLTA+pVQRJ0Xlz9WzFG7pTU+VoZc5RrMxYF4nDJECQzwzlfHqMkLsR4vLzQIq6tulzSFZArs9BRhuAj0qC657IDJk8OrJZ155BaJc9lvLVe1WJO7QkrbUIac0EPQdGcVa5cs24D1dseqdypDbAowWNynCFXVpQ80S9crmHnrr+ieMMqgQQhycV2FqVyzvNhgOq2zeGYffmKozPrp7psLBqydEc3VVdhZaQMzBSuNcwh1FKlXbHV/uHBRkQ7miuXY8FUprFYJU86ncBj11P6xBBEcVxpHXjz9ojkEvOV7CCe8wQqrWxj5aT/tiULEpqHlP37Ghdn+WFMX7dK9k2CO+XqRLoocc8HvWswHcfo7n6Ux3zxj6NBvhnYz/IVrBXMHjPCnhV/pla/jw1HYFHQmiTSl+m6I3icm2BNVSMikkBpJoFs0wmpeX6saICytSF7tXBkPUsylDfbN/gR78wwbehkPJMHSX8RPWgsyJuxJGKFYmgIaRqtoWSXGeoGp+euHaSydBkvn6bLe7MpxpXQXeWs1uqvUXJoRz0vlM7VfHC04joc/CBi+JbqFnlv2o3mwrQB8N7d0dv2NmzYmvkEW8xCP2d7wpCFt/BWRKCzhmJ2TlAIHSfia8v9VN50BkLccdhU9FYkI3lznfXzBm/ZYeCe+C9F475+zBv/bI1N8xkH1M955me3zfNQ6fvhwpf8IePdubDL7YPYLOd2CH1ta/DfntimjGXSH4MccAMdxEaoBHFvZRM4soI7YJa8klMYVDOTfk5MkuhUq7bbxKXnFHov7DvTxLz7H6cbwARH3J9yjvbHrW0UdTWyaQeYNa89+rMXiy7Zvfz+ks4s+v10V3ahy0aV/92OIRpNrYKUk03+sh1/53r638MOKaMc8Qg8kpJ1DHPlujviE+zdm45L7+SRxuduq6r34mpbQMiLzAaZnP1ystSu4nnx9G3x5EXAY7KaZoPzhHLaPHVPSqqJfjo389cE2F7mmciegsjrBg9PP4s2VWQtpz5OrjpDZ96nGOlbuVs5a9CBC5inydzRjlXf32ahZUe8IZTh6qbFUsRiN7CV8+OPrXkViHLi1Z0uw3EPB29x5u6Bhl0uSYhFhF9diWq7hYAZUns7Vm6FdoHXR0XtUdkCQPs9RbOMtpXxJSY0XHsBRLB+Po1kjRP6K3XT630IJMpqeoRvgIYjF6mjUB4+hagwwBc7Yu0KtsFCVZqVRcuPKaTVSPXbDV3tE9fI3OaiuJtlBaMwEyXuoghqN/aA0YHueuckcBCRrnxZgpjGUVbYOlfRj+oWmfbbtuAP96CNoAZPYjaJsTo5kjoxMDsp1U0p3YSyQrxo7tiVlV1ehNzHCN2M9v2w+PD6Vz9M40UIhOhZAh40l2mdFWM9f05iwXJ3TYwJLdgpAeNcm8IU0uqa9CrttOiWWAWqEmlwiUSz3TRbvQN2HVBf4d064eobA7CZkfcVG+u5buNHrE2eHmV6JrhT/K9RIzcJGhVrj1ztCCvQqfutcFDzlLCFIPxnZTp32l2+2RU7THEf96KurFKoHVNs3Ncoe3G9Zbp9O5Xa8xhV9czGSx90rd64DYil06F6jhN5RGGv6zrS8NUEJg2/Hda81R1H7rDDpfE0xmpAtgBxVUKKAlCn4UU6blnIIsD+WjdJFeIKVAC9EpmXyBVnk+p7uGeiXOskhgWbA7ViY+jQHIJVwRlYYJO4b56zoprpgOQo8mTSxpeym7Nt0ai3yWnlGuWAmtcV14NTRrj+DB/JXj83U6A1QyQO3stVcfFkXnSYa6laTd60M1/722+5PNzpeSOJh91UeooxCbU8Ju6HCVwR6pT2Hb4UT9tZMVxUbuJj++ePZ/oqc/UD80HmuULuJSmBPYA3Hf7ow+wfZUvNS0QgonODJuLYAy6yJjq77l1aSoGWwyh6K579bMdLiMy5L9AlKx5HBn8bzM2edjcYqOgeoUMDjgDjkD+LmZs0SvWMWZxUyJSxz4ExoQ2AevAOm+jOShgZ5L343ILilh4fRm5Jao9nFO7jrKA4hnqpW92pNCq+xckiYvNs8s/Kj4RPZun4kXUmpChVozhj9pxcqRNUCXD4NqL358I2gA2/HN0fcgoKRAw4CXG0WpoEKSUmyRvHb/6Dh6JP5BwPB/e3TEu8lpaR1DsYMdRsdjOmQrT7LGA1rDlIiOMOFnyL0rxS37VgBnuFohGuuUtYS1LuLJdAwJ5FW0r04t8C7xGXtzJcplhn189ICv8IvxCb11ASBJigPnhp2QWW+mlHk6BKnXfK/aNV/JcHoWy3yVZNMr1zIavrk2+QEmPZvqxMDw8DwnTjiv+e3GFXfd7kV7XMlzhxkC2y1zAc/ZCiGGPrj0S8vwXBXASyYZeXEeo4suvacCRf7moh37FJbBtzIZkQ/01QvjX4nrgrIvlxwdQA5BnMhdO2a5hBrunUJrdnqjz122Fq/LvDvkD5v/VhGBUaZMITpIvBhfVcjLJHpqQiWZ4+HcHhQyKO7NQH/mKyAs521GB9XKfGECR9m1mP2EYnXXkkmDnIdtem58yeMlssoFyuzt8YOmxUAOAA9gz4G2TTTxgY+xMgNSpAyO/owj4E1yE0MUBB/JQCGZUJwKaRX35sKVXvdnuw1FLPh/IG5AnYpSorq/IKpmQtZ2hNjUWcWFmn8RBE9AYm07AJPoRAXwm146RXhsVbsoDrQnaRD2TBechMA8EK8YoIR5hihaC51wocWLnJUyQvFE22Q4MNIvAXmcsd+JWcXY8GU6YoN3/azT1I5tRaZcNZxih6VagAt/BbBx9PjF61+enfzxybNbOxsaCl/Uocgvgf69UmHZjlvc/2g8E885tZ2zZMlUUDkHSrgOxes/e6bfEx6QHO/QqOI0miQYLzRPVixemegAhTvnIJSjQnqKlzC6Jk40dy9vpng9YHAwTSy2rmyX5LLCywk9EzLkbVNRKNOcaWiJWMn5d6tP5tk5zYB22ubNF1006h17RLKCzrPg8AIRlMRBDNmitUg1GeneeXRuFBF7HYqGuH39WEFZ46uRZMgc0JFF51ucPUwYcCS6yteRXF1XpEe47LGaRRpHT9TbCm1qOSNIGDYEMFahNITy2WoUOekemf9UmDKTVFVhpBBBxuqcdsiFIT7Oldi6QvWarZoa7+VTFZjnmztHNU93MYDHPJ9+pB1+jMd76BR7UAcbkgGqPXLy4jHKjKRYxwG1gmMPYzPOyY6lJrEHwAdxB2SGgssw9Q5jujUnViiWCXED2WXMtyWrFdeAonMiHb39m9wv5A9IR7JvF1AlkHjl9akItkJLx0JLARyHvzEgGs8ERr2DIxd8Abw48d1V+kzVVeAQxHz/E6XUNAlpUIKneipslhk8UoP3L902GJ65quCY9iZn2qyngl7SeOUD2UtmJTJbuKF7aAFdpKV9MGjr3S6f2CiJzGUKzM839+9H+z9lEqNDKuEngA2rqwMrSJe1h36HrT0CqtrMXTHolOkjJCG5ChPp8tPhtOpG6gWCfWPtamXduXM61uRBOey0mb6E79ZCSpvNmwa7hX9uQ2E3JOGaabvPRuZIRmaaN6SA8d81oH56+vhOwAmWtiMw9TlqYxtbPInztdZMT/YLPTqbMe5Zr6rSqRvDNsQ/t955t9N4z+DNCG/VPC3WUvlPq7vsqO/TBGSuNC/U72JvvyVbNi51DPf+uLPSlw+3CxfFCp0kOpLU+UOu0llL7r04AraVCpqiLVpiu+FhvCzJUcp1koixoEtTKQLZuiU+N//v//3/lGbsJXlgJ1jJMy1bcvb5wwYbD9iadHAzGFU6bYWTgaJKhzXWBSmddWNN40Q1+ZwybFqqU1X+U/npW/yxNhy3xkXbjbXFVN3x0IRHod2fZnkV/VEtYPI4XsXEq+ZrF6ngKSfEMnKtXF9+x1ecGyLQ7U6kG3BNCpJTIp5h8/O4MEmio0kXoqOIo2WaTFVOXqXuYSOr/IikplAaR+FjvRaCzSSUoVjkmI3h0f9+/eOLwz/lSmiZUqw9JdNYkCZAJeASivuaih8Dk5yeJeVqIr3BXry9/74f9pyHUkpRjrQcq3KuWLhPANG9G+vLMleqs0tazgrN6rksZ51Q7cn+3YqiPcoLb6b/d7yBf92L9i9JibGH/9zjKWnRwM7xYabGboNFen6euD1YVaMsMXhtkCdsivmvrO4ysccYI359qgBpmGcVNh7DAguSfI7ua+0fQPJAXDDKK+iL0j1OUaWdsWUaVk1e4mSdukzm8zEbDWYRZ5b1GFNtKZvvMd+oM/dRC6z8D6uP7LTJOd1MfrpDEtQgKPpIUZtAcTNJ6qYzO9ttINB6bHSqbQY51qTeCfCRrehwl9BTDNRmvIAXDF/XmTWVvQ1oHLO9NZ0QmVlmfEXFmaOStWnXfN5xj8iteno1FlaMRA1diHnqilXmNmBTPHQEm2zERnqC66ECHqqCARDzlMA3lcGjqNvxW78xaDewP2OFwg0xQg4+M5zfdJ6vZ2N04lCySsQD9WRrIBY3S+cjWzA0XnYL5ELFHvUy4eAb4judBkBsthHwNWwtHt88QsHmdTItEspm656a57bOKl3uGvqm57YkciU9Ze6SzCxtmyQbcV374OrTC4Qep8KZdU+Da7vse06bPOXlc6ZRcWbjqy7VCQ/MYAbU/XGOIN+FcqfSoYKF/BjN+Fc7T1Et/gR23elKYpIdxZyxhnv7wR61tIMWxGdZNqiXyfcAGdD8ItaxEk6djz/YGp0qnY/4CtWUP1PK4+6j58nJEZ49M7LaMFpztK36y1drshuNiSel9NSUDCOSN6khuX3tyF3QjNySVuQWNCI3rQ3ZShPieQj7NSDDzt8mmo87ovXwhFi/tmMYxDbRctyOhmMAgDw0G8OhtJFG41a0Gd724gFajGHwum7txR3XXHhuQK/GYhjQN9BU3IqWYldy2GaaiSyfJY8LuHUlXm8nQQq1PnWVMErLEC/yNedWo2A8nbShnlS6RF9W5H9m2BVfu9hzX/ioRCII04T5PEbRIokzk9YGeR7oSEVrUf8Sq4qz1Ylr5phOmCOUnWELP7558jB60bJoHVjLrpcfcHumqzmPGI3HK371wzYClpJKnj7exdaZ3tSmqdgbcd8wh0rJpDpcVwJp+8WkSm3LWkZe9TUOhEniE2LfzJ4JQz3NgR6Vy5y1Hcrvvcd5pDayVScP536RnmP06xzJImVCXy8SjrCzCjpNVF4XylM3jUvCMCUvY2QWZUBxOV+Tm6nVJS5Twyx6hC6G4/UymufncGGIxG465uqeRVJamSlyAg17mBLH53QMMMlQVgbafAuZkNzzBIWWc6TulLi/jP6sSQuPNon+0rKQ9iwQ3CjmDdYE0xvnZ+NVkVjbTbnr9SpHtYBoe58sWFBggEvSRndWxffHZjAk2gqNVcJlk2vrJOMai+oJAxdmgVkT0oof9e9KlOY5Ats1D45gzkjuw+1LMWc9EggMobC2jeq6aKibncLkyAUeueKjhPWxC7Anpuvs+JxdgjAKbnvJwcuxgIjuzXOAZx/1GSR8VkCv0qE4VXPsXX0Wk9TUhvgKJ/qJhgcp/NTHufnTwU8txYGUy5p1EuQ1f4KDF9FKAlqsAHWVUKLppuS4eXoh4vaAHJvROp5betqONxqKuNb3NstH2lVzsmtWYx0WXftZZfap/NxVzYb8/gbVs+Eydzai5KeSRGX7kjaNomEbZVutpcNqqWy2zzXmiAqr7Fa1WjTNUiyRq8DbLosTKID+SUdN94DhTS3EWm2IEL/WUibOCX/3zaAJU53CvhKt+I6dYZ2YYE68JQ/Jba+rxpzd9nV1xVFklVccRVJfcRRxgUWMC4ukyGJL+j0HRalUDuyD/sD6hdeDNNsUStllgUNrl2CH00LSXFg8r6JbLTtyOwU9dP2C1Eq9E9vlDvQbp5Tihd/ixBg8ZdJyf8pTtFHBAUN9b0ewFoCOcySIB610o3gWO+BRupaZUBKrMSVYFpVv212pZXpMBAyTrc6/HJTa4jf0n7H+eMgBaikAuQvM9KtT6a6LogrWOFMnEsOHTGi5wp3RHHl7hH2Nyioe/Pjo6F+t62caL4E15DoDyRWlzeAcRG1oUs/FR9kBmLwRFqLYcgUMruneqkPTOkUyzONiaG4641Zncr/ND2OtUOndIUke1Vd3B4dhdb0pWJJ/UYW9rZ/syt7SF0kmBrR0Vl/LUa0WY20wirhOtTnqVVx6rZyv4g/rr7bW/hVWEsuOD66mLC4Q0pNdTZbsZg0OmIvAVr/qrYYsuZmZRSpTCmpXyWLaeNbmbHTeQfUd9gnrXiwr8zo5r9a01elnQw3pUEM61JC+YzWkWdIJNaSdq8MWakiHGtKhhnSoIR1qSIca0qGGtAJ5qCFdaV9cDWkatY3ihPLSobx0KC8dykuH8tLNFspLh/LSobz0gKFCeemOD0N56VBeOpSXjkJ56Xr7YspLs2fqyxxkDwfD438j2v1VlH5L/skuxtU0OsBe6xTc2kuau+SKH1iQUkpP9pRGTWfmOCXR3is4Y/liFO29SC5BvIdDt/fjfIZ/Obr5Cw6Z5SY4AcsqYi2hkagaOHbhsb1mo87EQptS3atzjAQETVf5Wp624wVejuMFXmXnCx53aKhA3jaFUIE8VCAPFchDBfJ/ANoXKpCHCuShAnmoQL5xBfKON4dVDO9mhcfVzzve+TFjPtwBk1COPJQjD+XIQzly3UIN23/uGrahlkaopRFqaXxJtTSsLK6hqkaoqhGqaoSqGqGqRv8aQlWNZgtVNSotVNVotFBV447lpsQWqmp82VU1QoWH9hYqPLQtNVR4CBUeQoUHvzmFCg+Vdhek9FDhIVR4MC1UeAgVHkKFh1DhIVR4CBUeOr4KFR5ChYfW3kKFh1DhIVR4CBUeQoWHUOEhVHgIFR5us8KDTt/Vt3zzot4QVTNB3EHNnrRGBDdn3ZkXopqSWScYU+PGqrCEyeepLRuozHVqo9kxjT3aOk05fdrmOWzimyIGGU0lX942384zRAvh2hMrqdpKj6JuR7zXJD0zZTWgG7WblLHaTnt265CgdQYkcE5O3WY09I08xyRolIYkJk4beRZK7Dzii3ZdVtKoYYfddBTewh1hIi29k0VhinIeHpSumSuUxjAR4uY73usl1SAqlnF3yLN/QqSL9QIwD08zH3DuF7WlxMFj/Bk7UUrBAwKR3r6eHRKOneICJEnLpgvmrHrbrpf9QCk/n8oYrPGE0mkhvurVITfdmSC12ql2WUXEwAVPL3LMvAGIRLwhDIYoV+VS7TyU0fk6hoFX6AlKGYs9AasyAm4F3BJ4tyJddSZY8AWv6kdxI0TVdOK4KYC3rLibv+KtmOaouirZukCetnaxBRK7rQDAztHp8JcrlaxEE/IUOVcckdhiEAbhnOYFCoJzh6YMd/W1Wg/D+/lPr98otphMBER3+EL//Q9YTWDzHWjhIzrgL2TSGGAYfUcqX/WbAnM103RGqjrPxvPqDsbzxwoVkGcosn2uyACExzGfiDFsAjLPoce5e46Kl4nudULjWDk1tLoRd7zIy1LfoSKenCi+ZkQlP06TKWbLtEKPDHvQOQkT33K2nkf7JcioE9I6SXJP08UBu2PEp+kcUYoSh6C7OhwOupLSxTIvAHs7tY49m+Xi3sdRZ9gEB3a38Wr9XHhbaqdQXStU1wrVtUJ1rVBdK1TXCtW1QnWtUF1rF9W1uk66DtYdUP6nBVg8p8eVnDfLIs1JKARKUJnmdZRhCvWsQj2rO1DP6kssIXfnCu817V0AqjKfpoS6ZNUbRKsUpvK/pMvKzH6u/NaAmCpIdgrrZH/+TeqRbVuCTHUaioaFomGhaFgoGhaKhjllqFoXan0Lr1pi6FwnxadcZcV0ETFVhkpZZNTBFGbTyKnXUG0Mx6H5hgpjocLYP1KFsdajUqu9qm2hppIsAQh+Oc/FVbNalZXz5XxeWRzTJHpJlVnR+9O+eC7Wp2RLsryc4ZopDy2fssO0LOEqPDw+/ua3R1wMCpFFJQ66IypuRyk0h4pw+5JebmLXZmj6WgWyWUKA5QW4wJOr0r/BkVb/MBkISWuZdLiVj7H3FNNCxnY+VXPFjsjNVo3S3YdF2xUOyp1ppYGtcvr/U3d7jYP8Lw0UGUT+tdNB5BDtm/WoYQ6iAp1ZRtHHJOGstcywaqYS+nz+uHXbyWHnMi3Z0bktahpp0EOFP7bVoFhnZElHY3vbesRdpwMrvo5O2nGBiLtc+0RjdbfSW9vZ+Tr6MWOnhWohOLsGRHOGl/RXUVK3in5lmDYs6xjnDdVlQX9wRvmETh35dmKZ6U/o9akESk4qjJNpP1TKs7zVfcALPJx5U5ZkWKNFnMXnxhLr9FaHcZxQY84MmLcVrxJAlt2zblW/USJrdihvFsM6CLUbN63d+EXd5Uff/Pb7673L8USuVydnMPImWGB/zxvIsMPyMsKLY3oCfsvOYJsUOOlWpjA+Wwn5NGHTxLBhnLUKsSZfRbvWAkYNigKnpU8Pd1crMfxT3tD/c/L8mWEXVR51PSfZ9lc/PHrw4MH3sgmt2G1SLK4k27uGGauJUXp6jkqD6PtRdP/o/oMROiN/H8WL6Kc3j1q6REq5hy+Oj+D/vn9z9P3DoyP4v//c68aObldNh/wbCpSGAqWdUw0FSusQCQVKQ4HSUKA0FChttlCgNBQobbRQoLTaaprqWy1QmnCcRmdYrR/OWt0oCb9Ufqu8NnLakZewyFJ2kcTz1YVx4unoGTHlAuVq62MdPaeVH/l0ui5s1fc8Bd74ajrXtjWAd5LNUE1jceKbFjldxJ+fZj/M0/MLRz6Nu1rIzZo8ytrkpIQyZo51tjJKInjGT61d1ZC+AKYOA91XxnMYha1WjYNqryzsoLPNnZQq8YNVxku8TRIuzqc89pU2B8lPOncm+Jtj/L8tbO2vyzVpsISXU1iipHWDTAdIWVDJFUtRMDqIEsfkXCCrSoHD4biIebSP2csQ4YSO2pA8GLVgPxG1eH4ZX7nYZXHxI+8LWQZpzriqmXUsMHNNpMZguuDo9rmFEUr+5zpxqOj4bNUlrdbd27j83H1Vfs4u4GbsdZz7wNRovE9lzlwMj2XPV3pR54ox3yorlUcV2pWWnBSGNx8LtJkI6lMs8MfSthqjLWRaNYpuU6kY0k/2WrFMFqlqXcXOrqdYWyhI3fVWKEgdClJ/cXe57WkRClJXIRMKUoeC1KEgdShIHQpSh4LUoSB1KEgdbVGQOjqRbbE47op0QlecqhjtMlHOQg3rUMM61LAONaxDDWu7hRrW3QsONaxDDetGZ6GGtbOFGtbuyYca1qGGdahhHWpYhxrWoYa13UIN60oLNawbLdSwvmPVt7CFGtahhnVfz6GGdahh3bHYUMM61LCutlDDOtSwDjWsQw3rZgs1rHULNaxDDetQwzrUsLZbqGF9TTWs0Y9JUh3vsox1tVsd0IHRcCizaYbDTiUYr9C3aWWFbuickNrjTiRgx/Bw7WMwq04Do2RmOlfVOrCUZ+fEZI0GlDniqaDvypV+iRiOM0zalLhKZdU80I9UcsathKhQaPwLLzSOK/kZ6ybAoVgBLu54H1u63nI7L+N0JUVxyHX1E43gImSc0GpGczApQz12WbrWGy09bLjToep7qPpezXwXqr6Hqu+h6nv7KxhegfAq/4Q+bLsgh9UetcqntFxb7UrTlOUPVjiTEN0Er4rYzurGtWLMN87Yc2sHbUfVZHI+wY2ya0jL1Rct57EhyawUQ4dmSaJSJosYNnQquO8YujZNnbFULWOFzs4y6IiRgw4EEIl4tjDTUScO4QVQeFWBp0uBK+PB2rgcwst89h+cpWBEZTkwQNX60dqFUZSspk64qgMu6k1O06rcvi2X3BGDmi+aMhVighremLkLzOsalfnZ6hK6OLyIixn+UUtWUf67i88gOJJ2nvGGU6GYOrCUTBZoBhAKzGgjru0Y4WM2h8jDbMY006rFndfg7c5MQSxl9Xq0MqiT0hF3BSezJpTmsiv3LdD3s6xPM740awfLOkMUQWWye2gEGGFlddmZ55QTobAwAd3nz9LPkh8Po5MQcj4nOzqvzkACtbBiqwpfotwlUj97xCfbQMHa6Xtl49x4T4PhoBMnqwRieN+p1E2AAMWVNbW9R5VDb7DkYbQX/ZuacO8VcZHMl0y6FnhcEykZzrVs7eK+ZXS6Pj3VgWZ5ben5Jeq6ddDFoXpDyJQjZLE3n1lbwY4KapuMUCQlSFiWixnROSWqB0bR2JgtcDaOuADp6/Cqx3rjqL7cumoP14pK55ZVBG0xWPb8E2WeiKnstVn0vlAbjKEjcQZz+uazAz6CxJgTmmOfaVbbc9PNvCf/ILentdLWyAEllC6a8leNABVM9lKVwroErshZ69o0Tq/zRyDv9dtRjUcUTP8LqCYfsgfFjKwgVzb9r9y6cVmnGX3TWcSflZ3+wfF3fS/7GPW5LVGrVABO/Nf+23j8t6Px9+/3347lr6/VTwd/2H83cT4/+PoQXtp/ezL+T/nt7Vj//cvk/dcHf7CeHfxLn9XMVzHtzguIbVzFZdf96aNJxDxWRGKilmzQ1Z7cqRCbWQNRL4mRRa6od7+1dGUkhBE6vvnUp9r3JyCfWkqNqUibZtE3f/ka6clK6KoKapibzDfN6IptdCFuzBqb0TqeNwt61t9oeGq0vrdZWsH22XfPahw16qfyzyqatvJzV20sro5aebWnOhbfFjai6Lru2xfIupbizC3FKPe5NhQpHVREeq0sVVvGrhuqmW4uqL4qYdY9KhuiEuFJvKDZk9YsU81Zd/Ji1cq4+t5X45LrAA5q6g9WrmCnu5LOR0cxaR28Vh+PNYdNfFMA/5IqM822ObufIVqIirnCJ+pRlDII1TiKj8LMqCRfdpMy9uvQob86zQRlgptT1K8ZjVP7zySVcbxSVVOIJRqxXmldVio5YYfddJSlKqVY4N7J5WyKhsCuWmjY+jPnyxB9pFpkk+2Tql+sF4B5LLHMtZCmai1QThOOspO68wQivX09OyQKagocl0TPmy6YC3ttu14OFKQSYUpBovGEUvIjvurVIbveWdCx2qmOaUTEwAVPL3LUPAAikaYEBkOUW3VpB+LofB3DwCsMFazURL1uwJZYWwhrWW8JWtWP4kRKrhUk1VWmANqyEov8irdhmqNfQ8mSLoVh2vXuWbNjEsp0jk4Hv1ypZMeaiKeopNUqnukKz2heoCrNZbXFHX2t1sOwfv7T6zdKA0yqHKI5fJn//gcs6L75DrTwEB3wtxVbFuqOiH7Cr28KrCtL0xlFP7mFvt55dSd38ccKpUkw1Ng+U+QdiEcxn4gqkQrZeJy552gGnBgtMI1jZYzRvii440Velvr+FE38ieJpRtHpGnMxTbFYn5WXwrAGnZMw0u3Zeh7tY1meCVm7pbag6eKAffWVUoi8GTCWGQ4H1x1boE4q7nZJ6dksF+c+brnYW1/rDL3nfGJt7Fw/o94mDyp+90+Uwrc9IXa1kDfA7ly/bPhlMcW0lqJ08pPffTOIn6Qy5D1zpHfsOhY2HeKHxNN1lfa2274unj6KrOrpo0jKp48irp8+wgMkx7xFPehAGmLfPWWEujjArH93Xfrr4em3KRJZXwGWt+Bs3HblW+dS2nYJdjgtJImLZYFXYmXLjmy+/G3KJukqMeKRQOr42C4qo99AWihKSkn7wlMmrvxTnmKMCRwwZHdwwJbBAHRcUlvyMkg3SimpOscpSNcyE8rrM6a0xuKy3UYMtU+e8KPV+ZeDErf8hv4z1h8POUBWnsNditp2+sTNTpipfefMRkeCEFUUXbFzm/gHnLWWDKlRWeURcHx09K+WdmAaL2Ng9q4klROyp0mK7G8bmtTTk5HViMkbYSGyy1dYyEx3b/GFrVOkwDpcDM2NMyyipUnlO2v56O4V6jud56eHGIjFOIsye14CP3d4/+j+N0ffH383FiuTZMoZp9n4EQgMY83fTBaza63wx7kIZ7vE+t3QY84TE3PCZa191bnxKMZkh3AQ623P+pWN97zI18tSLKuJTgJkJ+ZjWwrt3IziYlrWCAjXYCDulUou0Ebfn4//SKN26pvduiAP0tZYaOMbHcvZokdUl3m3moT3u6lvi06031xNgladd/RJ8poxvJ0YqmVEEzbitfPgbkTB1pec16WVbICzU6ayVJY1ZtNSH5YdvOY9S7/pCgn+M3KUtsIOw3S4GpCRm5R7xitOyqr++dPyTf4Y+tasa5OLNQVmRpzwnv56yeXSW6fkX0LQaFa1SVtpsBCtUFCOiX3p8+GpAIpfBgRB/c4rIbXb1AD0V7Y2VthjyW72bAoIXpM6FttmKtmBOtltdK/YfPWv2LzMsT16WGxD9k6rX9F74rpUs9jesLfvlSTbJhWirNX1oW2Rv//b7363Lfh8NAGmDaos2ei5Ti4nOvOopVqwXeEFVy9jTp19GpeUsb4PtD+QUgt1kVOO2GodKNWUeH4VHd9nLRRNq6E8evv5/aRlOdDD96PaXDFDwpooW0+a7UjVfWdSKJ5GLSQv0WvxOVftqhXTgMPDJPIPo6NezOlLcu82CGAbgi6F0kbLlUG+zucgisKy0ItcfPgxGbw5fqtB1gQ31rws8tl6Kv7y2ppQv4HxxLLBEFXrXJJYaT1BSpFgitIwUEQn3ZU58UNlpqAAjJoWdaiBAtsb1Y91I8SW3ref0jQMHZIx32nswGaRqGMQmdzI6OMxZLyFxJnnveXx88vo4fuvrX++P/iDy83Hiyi67QHYNrYJOAHeYy/A5i4xhJriPRzOVQcJXqG5uN+RuWwLSpcJA1s1i/o12SoGOLLdQc80r7CBvkq1XhYIflXYnM7nTHA7HzvyBzsMGdh6PeF6veCG18x1e785pjvM2a1H24+tchIq7zfleDYAKBm+Q2VIABkow3PHVUm9o+u6n/g1y+5rEWoHALH+SROO6+V4lY+ppkWPQsSlAe6EpuneTyWiBPebgmrngWt90PiRGWKrdgkmrUJZzPplfarVomrHKPzKbB+ZAF6LBYASHmkOvOEeiGyZ2k31KioVG5vHHdRf5V5rL8tlH/3916/G4/FXVjIoVChT6BGVg1bZGz4df0VpYaJHlMVKqSIecyw6mmTsQh2NAhXAYSLVoegP7C7NEJ7jaTxGuf8hqvDTcXlVAp075L/RDS47H+OH3IO2sI5BnJkgGTpdp1gLlqanJv/paHL83QT5KrvIgWi6J0C+eDnKbfWhHdf2lSRyUXhNodfFep6AVFTr4CuVI59yVFjuvLpodPSX5PQizz/Sr5f8t9p+NlQ9oqTiBiXE888+4jwdAoh0MZa3ai9xbhUbjNYLS0KEQ56qwmwz8VcJhlXK9mt8HUefjq0/UZuM/yZ98sMGQAV0CtxSgUH9e1yDsqQY0iQa4fxqLSpUvFX+3Pr4WSpFIJfzdRHPW/aJtwDwZj2Pi+bzr/AY5niedeoYVHZ/spY+rhS/oCjIRxgZnumlVIgtzU3XNBB4/TcwCvY5pfEntZd4a/9Y/bHB9LQOlxezxD2W/QYP9KP1S98ob6SCHcv7AM6ppPpLTda31q2rTEdrH9Sn2C2QncWyMrETzXPxtPS9wY8N5kVU33KhCwHBPmYgEP784HXl5w4/aDVPdRvyR/XwSPNaRdRsV6x2JdBzy/845RanfcFBdMbmmSnFr9YeGf/crmRfHG9XWjno8LxDD9P8PKOK0ty3TrlGJSNWHOuLLrwkOlMoXq1nFISLhAL4MdBZ98cye30e15wHSF+tLZd3Q15o5jJzbw/lKiM1qDgQsDpB74LSv7x68vqNXahI5wi11H1d+4PQBPCo3KI6Kj3JZss8zUQRSHcEshKLdMWB9Em5aksw+ohuW/IIYxNp/YWnDnfSW8qz1rFb7cW+umIgGmVqqvoJeFw5YvRDxT6lTrtvlAMR1x7DK+dr0SVWSs6dNaN0Qy/zGSu4JI3MUPuoukK2sePp+juVkKHKNdalUnjEfofsWxHtEfiwCPXrj+lyj3zC9v4Sp8DXoJYC8HCvqyP5VKIWte6bwFPNRdagyzEVrzYBt52Q5Pb0zCzYlKJU45P1Ei9G1LDwqPUtUs6WekO7clBqGzh3SArECVff1kmJqHPCQMkkJWtWiyHmiqUt+wavt5iS48jrkl5KbGV1uET7p0hr8AomqxZ1ezCpRHg4kkFg/h2g+Kt0Th4EZv4yNJYQMv4Th9o/RZM0WudpcpYXUma4W5ujAUheLTRAJ/4Qxu0CfUroCCEuNS+Ze+oatYrc9eGXQ4fP0NObDhQw9KtOxCI9ecJbIezKQtyBpmoyFH8LAyZAyAsMP6dZ0Ywk9YhAF97R5yGeX8ZXUlSZ2MPfdxR3dZWopLV1PMNd6nhUAaVDhu/U/xEib0MH+ZhWwuHclKALLeQEA3glAQv3Y9MQPqLmRSw0Ku919cqdIPEhr3+JAEhd5MxBA2VpbOsusbTskT4C3c4PVBw51ZYecmPQa6MjPr5//M1vv/ndg++++R1ORP/rt9E+5cUo009JR/6AbbU43crfcV0eq3fZqmtVzl+b+JWZoucKnRQZeG58DdvogWWlIsrQ7i341PKftPewVXBRJAb9J2CD9QTEZVALvm27Yg+kTZKL9XyVYrYV7a86EgtkSfkFERl+fNWOQ39RSaUlE4YuGqD8fu2O0ACpfqfcRnxHvda/oRvQi8ftI+l1mpRJc7ZTEqIiKOTOa4ICbrg5JgegG/Qybc37AZMEUkQd6ouqNsHWvdMlsfmtspbwx96eyhw7ddv11SI5IV/kvbzci37/+2hvnmbrz3tkRFK9mddcve6VWFicO1mSXRhxfq89+8zY4RoujVzTn3xGcaiiWmrp62Ny1VQqHaosrwSr7pmr+nkPAdopyEjbTPdZT2nUKC8fRgTh9ldqOLEz2NDW+IDgqcN4yYTcsbhxZPa98ZZfhHGdIOl65nKKO0lk+x3gSzabnwJXalWvbTW19znMeW6mr8NHnaCRmqEWCMEwKYVY6HMuEUcS8+HIEs+xIerge4VzckF6cublKtm1KankY+W/c0r9VSQKDheRIn8JYksba0EBwiJ1juRWT88qMSTxvMz1zZdVYl4478/lRa7vqe7wOT0RnSPHhKFQFRfxt9fUU18lFGNSo/mec9eXtgWRyv3cOnRn7xtMycc71JsqRTWsr38ouC2JGKsI5bqCFFu3MIE89i9uHkC13rRUQ1M0ndSPhDUnURYahiZeGd6JCe6I695IjrNME2t6uWfoIiElLSE71s4xhbB3VckVr5eeV2rwoho+dhgX/qDlYK9t5mZ41Z1Wk9SX4bBleRVB03tneXXS7t4rea8Q+y/SJefvoqjtM68N48YClykIjPj+NBthfiz8D/M3hASP86SEX+mXnUKvl0mQNhx2IkemFKJP7ipWmXeBkco0puEMbz9Fk5eAwGOYijMhDkKZik8TCvdhP762UQS28A8btFsNKIPRXctP2KDDKQJF5xQrm7GzhJxqi6Q4T9CiO73o33UPQigr8EcPv4RbqnX5C/WWzPPLNybscc8bapedr3kWAfRb/IbL9pNAKhZqPyrvub+DQgbMXPkKxPptcJz/jjcdnYZfAU3TAvMyK/HffqZLyulueoZbkoITcAI6kGBQjCCY8y1MMaZVHgQzfmIuFLyddHzlHvxrb+QMwMFmE4a9p2jlUCk+KgddX/SkpNujZ3ubsi0eGOjxyvDqG32CsX8mlk3lGh3NfpfkFZs7d8sobXLdFyaqtCyhV2JpzqnDEoCtKvG1vxMklK7JBwklSChBQlEtSChBQvF4OUgoQUIJEsqXL6E4u3QGRy3STB42rT+uYzLocKCXzSZOA+Sd07CGsRPTds4C1PNQRwEaWKzQ2jLeyhGoEa7FQwCm4ecdoKMe/PwDKn52Td8As+JNnQEa8/FzB7CcgtiKD9siZvz8HMW7veam9DgHdHcJLPcCA67X5Z6ibnuLPEthtjiSq1PLb6TttWvwBoBZd09oZ/ZugfI2a+q9DmElDyMD+/YXG/iz5aDVRHQ6GEMCnPSmNzrYzMoPONdt4dc0rXW2t2bd94a4L9PRJEn9mjCCzUDrvps8c7t5fZl2Dq5dIC610zVY91+y02tTNWUTUFtN1kK4PWfcpSFTV2n7gP7oE/RkQU8W9GRBT1ZpQU8W9GSuFQQ9WdCTBT2Zaf88erJbseRb8sudteLjHN1ySLvk9kUIJK1Td0omg+32/fJmkEi6Jh8kkiCRBIlEtSCRBInE4+UgkQSJJEgkX75Ecqct9111m2eNjBaty2h+Ptbpi6yfMOnQV50dDc0lGdI1OtI1XiTxfHUxvUimH0PCxmtN2PgfBOlHCGl62EjZaL3QlbTR3i3eiIu8WL0wc4LjdDE1f3XkdrS6+Wrn2R2fx5+xbEClThoPaNUhjFGPoZPY1PMxApX7SX3zlY0jz5sP+vIyvmiWUzO1HMSk3zoRzgCrMvfXAu55Ok/aHzZzsNTm9EhKN+jamHX4dE5Hpv4fLbB51PaoOZWZVUVN00uVNjKeLy/iB4w0G+SNrHAoTazuSCPZgtucSdLqrFH7jfK/K9ckq8Kb5NHXKbFABMTqbpasF/JShryUIS/lF5aX8rUUWdHnRmVRZ6oREdmIlvk8nVb52261m1zWeO31eKJab+q88Pi30BmVFtDGGw40ay192aJacxY3cYiK9j3ZXEOcXf141pbpy50jbOwWTvtF0pMMxLt1QZkVC1U9TuodoVQmdz/l+FzBFQxEa8++2PfMTe32ANpTms09kufw3EgXTRBXZBxY+jgvxrxC6xo0DSuDv8bUi+slZmDO16tNvJVN9hbk4VEjm0lFAJUnGj1OsQhUTCPqC80qDCDlW1t6P6Oy0pzq0FyEBO42udZZYFrv0hupwLnJclu6YepbJEAfE8yITUpYGylUxc+W7kR+IfNOjPVdzooYpr8m+qSetnsMV8vDqoyPgHv5kvnYEddTOAO4YSJIy9fb5leMPNYyBpeqxeVlyaU695r860qmeu28U4AC5PF3VoGCUBJF1FZ5y3ixNR1W7s/TTwnVEENcwT6sBKWDq4h28D+tu48JUIXHUVOXZXZovnvUXbRTxOj2j92pBXt6xpMoJLw3jkDGnyYVJovqoyXxTH7Eu61I5NmIj6ZTJ2eYMdQywRCfyDzwv1//+OLwT7lgHFY3LLnMK2mbRnDvTy/Q+illbl9TNc9FnKVnwAVMpDeA59v777v0UVioTkoZUZ06UpYrHkWdrpQDEyLdI9EXmugyn8kCL2kJq/gjdCBLAJ5onn7sLL60R0KZmebf8fb7dS/ahzME4NvDf+7xNDQ3al+QZjpskyrS8/OkOykwcU/IdxxQGSe0Y1tdZHILS9k1OFb16QEUYW5VGHQMBaxM8jm6z7pP6BSgdCDmAa5qTuQDlZaSUlQV0y5zLHKZzOdj5vuBBJPxpGMctUVsXljCveLk/QUO7kPTZIZV8zsvxBx7nd5bYyw9IZG1snD+kHhh4eoGkGipXg/rwwqn5SGIpQXqnQ4v8+Ij6voQGce86+UhKZMOf0P/2XThrBPbcvWc0fPWQEBuEoebQEAJbf53VycclIhR77OWnrpCbRfxjMkx8Nq3dHYQzqT5mV6NVepP4DHGxELCZZdN2+1iPYBdp1sRl5+ePr7NEwWz3+BAOS0vQ8w43S5lFeg9q/qwAJ6RxcyIP2wuExFXePyWZSWfk2Kali0Xqpvn83Mu2titqOo61LH7Qy1z/rXFHebSW3EfGu445OMy1OMstIGbkHICcvTarsWwnnqVk/ZwChpURPq6HIF27wLkBZ9+t58h0Ll2V58bdPK5GfceT8ceD5ceT2ePa/Rk6S/62u200+uu0+sDMbzUas+Set1yhjjk9O6O3zG7MfebG3O8uVmXGycW7Ywz06boR6ps6kZpKFq6scvRK35oZdf4lqo3s4SL/7RBXVV2F21wrUKsGnPCXJPVMZd/X5ySIgLVPS19z3MgePE8+vEVCCyTZCJSS8s0Ua5RCTDUPMzgja79Yt87zs1PDUBWr28qhWRK3JLVVzNOnK8hjlasoW8dwKiJKPpAKd4Bhn9R8QkoM8ysQS5iTCyeZOpInqcgb7V3ztXc0ZCN6tgkLpmVkglpE6x7O9tV306q5a467zQncesleqsuq4fv945i7tvPz3WfOcqKjx2o0lm/2+2Pt4HLXZcPnWVmrD1p9eAft1GhyhtdptYW5Kl68KBJrkim7COjnVQE24FgtJhKlNKk0qvD+OpLfi26pDwsxAdGeZKxor1WYtWa2qYUy1AkNTDpa3FU471RqQnXCgPV+DYlnoRnvMm5nwOFeVPEQERUbdhtReFnRLOwdm3lFohWehSV8Qc9awQFiOGgXD89UWsmK8mlorbrDOjf/Ao5cTPa9CLOzoEzYAkhXqlwrI9ZfplJKNm6VO4aNF3ssHNwfAt3hJkd6Z3YsilqkeLTevlK01SJLXS+GONIm1LABTBf6JW6ta7iYr2I8VqMZzhv1S/aLsgfAivwJcB5AN8Zn+KtQyDS2+cVV4hOLFp+2nTBWC6xSwXrv17mG7En7SCm8QQk+Tnhq14dFWzqcoepdloq/S4iBi54epEjU6yYLhgMUW5VMx3rCzuOztcxDLxK4B+tFtYOwIo/z3bALbHuYbrqVPb4R6lyP8p+TlQt+Yxl7tMVXEExSAy2n80r3oppjorukm1765KLbVkelWifX4jvwbxbfKXDT8GrvLGKkqerNY9IGrXpCs9pXsxQSuoEGe/qa7Uehvfzn16/UXX/SB4huvOayNbvf4jn3UjSvwNOnqtaRVfflBX0HSnvxDcFsoU0nRGwwETlNp6Xi9PyxQriq2FihiLb5yriyNuzPJ+ICXoC0sahx7l7jhLGRPc6oXG09Ch+LmikwB0v8rLUd2hJFuno5BMQNiR7o+h0jcdoGgP2wbenKRCB4sriDzonIcVo4buz9TzaL5MkmiBDrn1qdRcHLPTEp+kcUQquuVmCNWzhcNCVlC6WeQHY26ncuza2dQPWtFvrUnUi7mHAVvkKOBbjzN1w5Z7m60yCsIl2yoOW6dq+eo3H7tKWwGejU/nD6Khjne3ebHXv7YFr7VujrKhlqTe4RsWf/ynJhMPsWWXzA2MVIBfic/NAvduyRMm/ZpySmofCWu933wxalOUcVZ6wv+CWHmmqG+3BqXe5xVdRByh07Lj4m3KN5lYFpXFn5BiNaJoW03VK7Jry1pNMfTeDJqu4OE9WvSeA38I5X5aVO1rptPSZsBzWes46gvxS8if4C2MeptomcWuliJ0RZGd4A/MvKoTM+smOIZO+hAfAiLLBcTEiKUpP9ZCXpvAvUR2Vr/qCXVAiNM6lIDCBeEx+isLNdYQiVaajs16qD7FTWPhiWZnYia6syZOaKSfOEA70jxUOxIQ7hAP1rA9bCAcK4UAhHCiEA4VwIKuFcCDV7lQ4EOdBM8UOUvFuw32Byytez1c83PERIuR61VnX4Cpfw4jlBelL0pKU1Ez8gH8E2jEibZz2G9DaRnanPwqRSiFSqQHOEKkUIpVCpJLVQqRSiFQKkUohUglbiFSyW4hUqrUQqRQilUKkkmohUilEKtXWFCKVOucbIpVCpFKIVAqRSiFSqd5CpFKIVNqg/y86UskiH68whGITAjTA/Fd1y2uz+lVsfKVt4msZOS2VUpmEe1wA9rv3U2VNeAHEH2EY9ChJZqQvQcm94lzUhvlPzifR3tsH42/f78GWECe3SGJFPO2lan8/Wap2TG9Div34AOdbJEQr9WF90OY2tQ8E5qCtj9NaH2RV/bali6YcHq/QYeRh9F/v3r49Gn///t/G/J937/+lA29acD+EuIUQtxDiFkLcQohb+6xCiFtLCyFubXAOIW4hxC2EuIUQtxDiFkLcQohbCHH7Zw9xu4sBXHcsxu0248nuYECiimZTxd02C2bbJn7NOr8VqSrEnoXYsxB7FmLPQuzZP3LsWcvrjfhlrY0z8dikKIJfznMJE6lGNuuQZnNdTKKXFN0cofxvnbqL9SlpMyznAzhj5aFVrvQwLUugA4fHR7+9f5+usgUeYNG63pH4uWYvvIF076gYs4XwYqRBx4V0shh2W+VaDwokWj6xuDhEEHgDWKByiboU2JEXbCnP7sEsyjKfUpxdW9cXRb4+R+v/ByQdk5cSDvb08Qfe9o64MJtvSlY68KMSKxZLSCAZ/znKCyWYduWLEId7ZT1ADfXuV7ZhRPFX0T65XsxYxRgrRVWbyXGMxiSUkgEH4yyhQaC3eE73+bZ9y4Zc19RN9+qiMEyq7rH9HFOgZBniJEOcZIiTtFqIkwxxkqaFOEmBQ4iT9INEiJMMcZIhTjLESYY4yfqTECfZ2kKcZIiTDHGSIU7SOUqIk1TPQpxkiJMMcZI93YQ4yeFgDHGSIU5yo/7vTJxkiIX8p42FbPn6izfU36l4zhCtGaI1Q7RmiNbsaCFa82aiNUOkJrUQqRkiNUOkZofE1bzYBwtmIaAzBHSGgE7XqkJAZwjoxMaxafd71ilvRedFvl7SbtN6iNcQTYvepRl62ZJyYEa60jaVUNYim94rFb9Amljs/+fjP9Kw4h461A3VJVg3ltjJFVhSt6VNZpdJLQCXLAG3rkpzd12SLrY/I+9TU04zb/DKnDM5k6PoJd7+Wzs1GKlemxuU9ITiBjJpMUoKyvzQzVnYK9RhfihbvBI2ZhuvBH9Bv7HCHjt2s2dD2q9JFYBtM3XAQH3ANnI/Nl/ZH5uXTbpHB4BtyN5p0R8tMdelFsDGKmWWXVFGRPFV1ur6EO40ZZd4cP+33/1uW/D58C2mDfJ1aTI4NUJn4qAtXkf7+hhcvYxLkjhPQRiaRetlH2h/IIEK5eApez62DpTaYfbH91kComk1BJe3n99P2vm170e1uaYU7IDEatYeMWIa3UcYfoWkUFzSW0heotfic67amTzTHHyLae4YRtXcyihsQ9ClUJoQbaEGIn5exAtYVjqN0hn6kwLRKezjtxqkyXJjzcsin62npHo5M5qs+tWJJ5aV1Vqs0RJ3NiMbEUyslOkoJZXbV0iCuoj9rbguJJspx7C90UFX5kaILZ1DP6XZKCUaNotEHR/d70HGPiMrNmPxeXsy/s94/Lf3+/LH0fj7X0YP339t/fP9wR+aZiDTvIiiWxeFbWN9lBPgPboqbAlITK6JjaM9HG7P/QrNxf2OzGVbULrUZ9iqcs816cmq1+bxd164tv+WMQqQbSx/fa1+OvjD/ruJ8/nB14fwkoWn79+ODZJO3n998Afr2cGWKNvvO+el/eJXhc3pfM4Et/NxpwKNH3co0bD1OunBLkrG5xaJ3PQwxIsPfbE+Jlcdh90x3S6HQOiwQ05uWdiwzEc6DF0nPjK/uPMejcfjr6zoSTTcJ59XSUaedyrM49PxVxSvFT1awwALJWM9xtuOsOYrO+kEpdKILTEYrk4EZwYTK7C7NMMFjKfxGAWah9EUA0PKqxI28JD/RuNydj7GD7kHrcQaA582QfierlOsLEvTU5P/dDQ5/m6CF8bccq8Uw/0E9oWXo4JvdYoJdDb4SiXPEZ3JMs/n5aT+7VcqYQYnhjFRO+KVe/Uw+ktyepHnrFy85L8V3DkfCUjBZ+m5QSsxpdt4xjMhWEgXY3mr9hLHT9kQtF5YUk6hQ8lho+agJ/4qwUgU2XmNG+Po07H1p0okRIqYhw1YCtQUpBEEeaGF63ENwBL2p7QWLwHE9Csekj/XnzyDH+npcr4u4nl1YxjmqLh7YYYHAsUnDIXT9TwuKt98hbmQcjxAOmYMVUWfrPUPTAFmTZb8tIH3FFW0ALCZdEq99pW9z6+qP/alvLKHFQZDhei+IedM4oAPXyaUu+GQcjDgEvEfr9YZ/fcHKqCscSVZTTunvLyIy2oSs5fWL32T/bMmhTrm2mSQUIo3YCbrKNHMGqZi0vlf0lllXj9XfmvMbGb5N2nyqBJmxXNY5wPGng0yZlVEGHuDnHmzCJWZY7c+b/hhEfNj1blW3lbCRGqnqyIhTyvLMyok3QpJt0LSrS8s6ZZFPjCqt3LaJAeD0QJZL1ch9A+dgesMri/YuMf5AjVCPauovqwV7mIvk6fRTB533EZ2s/QmqxW8SXmJBng6bmg5A2C9whRAr9E1YrZR5Mdz1vFZxtWSO6ObiePEKSPM/EoyxMy0ZVXpGhWZbun+VJIUtcnbdvqgo2i/3qu+32y9lvJBQdamzIl1AKi2dE7XDQzcdIp222pd6sylzl2FnOgm0K72QFo7UtqKwlJ8vZ4+Lu3MegbMdgYh/M7kDGoOZSvkMJyQQ7Htr2gcUpdTNhATHyPB57WMXxRmquaEfMq9sjnF68d5xS9vAn6TPVdRTWUbn1STWXUClK5TutmSQjJZ4T26xsRWIBhdIii1C9/fkiInhS3eaTpwx+l0MRAjtYy5ATAoxxoAM79asBWBu8JVoV8X/EciTWFBvMoWjOzIRUMZpLI2dHBbW1Gih4F+ost/G4v5K+5I2AgkISBgY6KaeAF7/ZK5GnZLTLuS3AjJf6xh9FpA9Aa579+rMXiy7QrFftvyIv78el24bJId2SNV68siWX+vRwfrb4Z5Y6UbbHHA4kQD7O+HvPpsPUcCfgqiitOQH+mz2ezUpbX9mZhbGRBjwk9LENRX2m1oP/n8MPqWUjDBCU4KDKeIKQ7IYyomzgZ7OT761wPXVIhS4EyElz1CuyIFEZn7C95oyWln2klt+tTjfLqe0w1MfLa1CLgPinzNdHq9dPXbS+ZUe8Jq84fKks/Ej3L05dGDo3+VeEo46HJOXifWfsfzznRY2NZL20fZOAsU1WNbYrrLUvKNaWMv+fw5Ojd4k885PAlnqbdwltO+JJ+naBw7hqVYF4KjW3NV/EiRYXMLLSiHFsVYfpQMfE3AOLrWIEPAiHPbCGSokiP8eeVdno4FK3Ac3cPX6Py7kmzkSu4TIOOVJnFhNWB4nLuBmVANLO3D8A9N+9bWoW8A/3oI2gBk9iNomxOjWY+JsotU0p3YSyQrEsT2xAyP9AbEDNeI/fy2/fD4UDpH70wDhehUCFmsMsCOtpq5pjdnufGgxU95ei1k3pAmR99Vct12SixhbsX+nGlX3jiZbgft4rjYDvDvmHb12B27Tdh+xEVZtQ1jPlG1J+Ys8xHPWq6XGP5Aah9h29MuyO1V+NS9LnjIWUKQejC2m+YdW/ml49XZZvnX06rzcs3dV9QSQ2WNdgVd63S6c+xh/FRczGSxVgrlW8qep4bfUBppGGpbXxqQjAbbju9ea46S/mmd6TTKM8oJw4puTCxTUj0clVjDUnIjy0MOlS7Si36EVxFav8mmsCLjDGZbx16JsywSWBbsjhUGpTEAuYQrlRDfMcxf10lxxXQQejSqRNK9U6g33RrkzE6euaKfcV14NTRrz0GIwYPj83U6A1QyQO3stdflIlJxKEm7Jlk1/722+5PNVhmvETxn6ecRKiu0QozgBVcZ7JH6FLYdTtRfO1lRbKTC/vHFs/8TPf2B+qHxWHl2IdkliLtXCjgX6J+e1YJWcYIjoyoHlFkXmclcL9YRRc1gkzm/pPtuNaleomVcoic+81IqkQx0Fs/LnPWnkklHTgGDA+6QM4CfmzlLjMqRO0ZoEKBxYEoWLd66IN2TMrEKPZcLG7lAsk8znN6Mk0nIPs7JBKCsCjxT7bjEiSU/Jsb/0SVp8mJFvcn40ZpivXP7rIw7EiurUGvG8Cf1WDmyBiD4O8Z48eMbQQPYjm+OvgcBRRJ5j6JUUCFJJcSJXrt/dBw9EvU7MPzfHh3xbr5y+VdhY0OdKhhhucNqPKA1TInoCBN+hty7St5BUiPGVq1WiMY6Xpiw1kU8mY4hgbyK9tWpxTQvZyvxXaWuZUomW8gr/GJ8Qm9dAEiS4sC5YScck6WUeZGiFT1KV9Ou+UqG07NY5py41inLtOZaYfIDTHo21VHZ3dlW4orZv3vRHlfy3JGODtstcwHPORudWLbRK89KQFoVwEsmGXlxHqOpn95Tfkl/c9GOffIO4luZEroc6KsXxr8Sk4rK9UI2G7FO6IgmdlFzCTXcO3ly7fRGn7ty7nld5t1pyLH5bxURGJXSUoiOzuOvXdYm0dPSkHjieLgKCWyvdpMA+jNfXWBBGRflyemWVcHreMdQbCgWEuC7lmwb5IRg03PjkxIvkVUuUGanCbq2D8gBRR0gbZto4gMfL+IiRYqUwdHHCxTtqbquiiEKgo9koJBkbk6FtHKwdOFKrxuF3YYilomuKCXT+xdE1XoyzGMbhticad52yOBfBMETkFjbDsAkOlFxXKaXThEeWzU/Jg60N2ORfc90wYFJ5oF4NgAlzDPKllh1wXKhxYuclTLKGMzaJsOBkX4JyOOMDcNmFWPDl2nPL971s86Uq9hWlNJTDafYYYkgceGvADaOHr94/cuzkz8+eXZrZ8Nk//+SDkV+CfTvlaoD4LjF/Y/GM/GlUds5S5ZMBVV0vrj9Ibt98uyZfk94QHLFQaOK02iSoN8hFkJSpWDE40jhzjkI5aiQnuIljNFXE83dq/I5eD2gFzoXZbKubJfkQvGuXG6nuNK1VmjONLR4vuX8u9WnCSu3Sh/x5osuGvWOPSJZQedZcJjS35E4iK6ftBaJ3dUpHu4KIvYmlh4SAfhjBWVNJGCSUbU5PLLoU5FyuQvAEao/JlcXld8CpHcrsCONoyfqbYU2ipYLtpIwbAhgrBzzCOWxXpKT7pH5T3nFM0lV6Z0KEWSszqVmXndnPuHs2PoKZJm2Xaks0zzThgM85vn0I+3wYzzeQ6fYgzrYkAxQoN3Ji8e6+hQOqBUce5gn5JzsWGoSewD8jEr6FRzz3juM6dacWKFYxlUWZJexRF+SWnENKDon0tHbf6V2ixzJvl1AlUDiVZmkItgKLR0LLQVwHP7GgGg8Exj1Do5c8AXw4sR3V+kzhezBIYj5/ldxAFKEDGhQgqd6KmyWGTxSg/cv3TYYnrlSkJn2RhXX1PG5qDopsXJXksxKZLZwQ/fQArpIS/tg0Na7ozixUbqGyxSYn2/u34/2f8rgCGPFNVIJPwFsWF0dWM7+rD30O2yneQ5U2b0r5q4YdMr0EapVEaLLT7vlqxupFwiupESbrqy7oljHmjwox5AqY6bdcr0x07xpsFv45zYUdkPqkpm2+3pKjgJlpnlDqrOylGlDATWg2pRp1wCnzrJTpnmCqS/oGNvY4kmcryGiO1/o0dmMcc96VZVO3Ri2IXUa6p13hx33DN6MFFFtWFW4Sp1W5TNxmoDMleZFrX7rLdmycalU+s0RJd7P7cJFsUInieUuxFrdWWsdYGBbKZs02qIldAIexsuSHKVcJ0llMcu1IpCtW+Jz8//+3/9PacZekit2gumU0nLRTRj8JAEeEEQpNxEbRsJ0p61wMlBUoQjjsl6ssI/soIL/IkegVVSnOhW8JC62+GNtOG6tRmw31hZTat1DUyYL7f40y6voj2oBk8dYLRspZ1e9DnvKCbGMnKbNl9/xFeeGCHS7E+kGXJO9VZE75+dxYd5MtWS73V7lZLvdZhVlu91wRWW7UbTpzVRXtttNVVq220ZVlyuw8j+sPrLTJud0M/npDklQg6DoI0VtAsXNJKmbrvZst4FA67HRqbYZ5AZVh7bbjVaKttsA6HlVkLbbcBheV2Vpu93RKtN2G7ApHjqCTTZiIz3BDVeotps3xDwl8E1l8CjqdvzWbwzaDezPWKFwQ4yQg88M5zed5+vZGJ04dEJYHqinai+xuFk6H9mCofGyw1QFyh4leX5Utueebm0j4GvYWjy+eYSCzetkWiSUTsk9Nc9tnVW63DX0Tc9tiSlKesrcJZlZ2jZJNuK69sHVp39+RPepcGby0ODaLqOH0yZPuT6c5bS9Enl6wKOSxGMXyp1KhwoW1WQgtlasHn8Cu+50JTFJGGKuXM69/VDNRWIFLYjPsmxQL5PvATKg+UWsYyWcOh9/sDU6VTof8RWqKX+mlDDQR8+TkyM8e2ZktWGcqS+4+WlOfLUmu9GYeFJKT03JMCJ5kxqS29eO3AXNyC1pRW5BI3LT2pCtNCGeh7BfAzLs/G2i+bgjWg9PiPVrO4ZBbBMtx+1oOAYAyEOzMRxKG2k0bkWb4W0vHqDFGAav69Ze3HHNhecG9GoshgF9A03FrWgpdiWHbaaZwOxrjwu4dd+4q9UPClKo9akEG07LEC8wOTFtDVcaMgVVlH8yiTkl+rIi/zPDrvjapcKNjpE5wRhnFWCmCfN5jFTdCzMYJZ2TaC3qX2JVcbY6cc08XaQSoewMW/jxzZOH0YuWRevAWna9/IDbM13NecRoTAWG4NUP2whYJr/fLrbO9KY2rZEosOapMShDoGpemQIdiQKbeQLt+nueI6dW8BfM/SI9x+jXOZJFSgC5Xki1FSt/+ETldaGEdVMs+4BspsjLGJlFGVBcztfkZmp1icvUMIseoYvheL2M5vk51pXhpZuOMbQamM+ktDJT5AQa9jAljs/pGGCSoawMtPkWMiG55wkKLedI3SkJZmnn0KbRJtFfWhbSngWCG8W8wZpgeuP8bLwqEmu70UnXrHJUC4i298mCBQUGuCRtdGdVfH9sBkOirdC4XrIQfe/JPVY/YeDCLDBrQlrxo/5didI8R2C75sERzBnJfbh9acm1mGYYQmFtG+WH1lA3O4V1kQs8csVHCetjF2BPTFdqI8kuQRg1xaLL6GQisYCI7s1zgGcf9Rlcj9cGvUqH4lTNsXf1WTzlipZNfFE40U80PEjhpz7OzZ8OfmpJMq5c1prZ5P0JDl5EKwlosQLUVUKJppuS4+bxKMfu8oAcm9E6nlt62o43Goq41vc8KhC3PGyfffesxjqFT+XnrvTXLTWUOhNgc30DGxdUubWtcmDrbFSv/BLMIndjklqZXFa67MM+5eZiWio5qlo2pJbC+cAUA+tcA7bNU8ZqPKNhexZZfVlxIZWCc81T0pyty2XfVSG1aqgwRVClqBoxqqoIHofQV+fmBGFnPFpHgVKFcbGqsWwixrWVBBXDTs02uxOyH2KnWahPc+1fjdSXxj67rlqjm9UZHVZmtJsmX2xcftS39Ggv2e8pOeq7QSfXVl+0Vrivr2ifxz3nqvTou1723vUt1lgp/eZaamKKNSJi4IKnFznGnauaijAYolyV492osuIGFRF7gVsCH1ikqxayPQy8qh9Fs4mq6bzlUwBvWQkSeKUKbqIajGNT2T+aqmwrzhhFeCvZZefodPgxg/isSsJT5IJVwDHwxHhO8wKFyrlD64a7+lqth+H9/KfXbxSLTeYGojvMOfz+B1fcX/8OOMs9blzqsa+cY++8XLUTfbHiukoqPkcljimRO6Fx6oVLUXWJO17kZWllbyFR50RxV5zf4jSZYvFxK+ee4Q06J2GyAZ2t59F+CfLuhDRYjQq+B+zaEZ+mc0QpzPKPzNkZHA66ktIF5t6MuzWYPZvlkgQcJRE76wt6cPRt4Ubi2fC864Lqx5pqDzqTV6k1e4XUxgYqA5u3oPJN2TSdqyucOKC2AFmqcmvJyWSl1RP6BGS0KJDy8MhdDKerUMyrjmvKe9VCEjdddEtlKmyNRa/yj0C6JD58nRLTQlditeIxSvbLIulK6+KAR11q7BcKWr5olQyq77XzuRsIDHhoQbjtExfUa42UHElNX/mCNUpn7XVkVpjDkzL8bSpB/EgHc0iuilayQvkrMi4AjqhP2UCNQYUchjqN330SRb8XzLb+L70XWK/Pi+8tdjN+Lrfp4XK7vi037tVyo/4sN+fJsqEPS+9Bcvmt+J6hYb4qt+6l0gsTl2eKL0yGeaPctB+KFwicvidD4DDQ3+SGPU08dBRe3iW+ELk+j5I760vSC2KH/4gvWAf5jNywt0jP+ns8RIb5hnSLcMrw8SedwLSHKW5+oItfcv1cOxWqvNsyfzFbumLYLQPFd98MMlBQdemNiivih1bN2opyiR8a/wGxuXaoRp9MzicqfGMUSYnskV1MexRxwWwslD1I3iKr0EY2JrYnaftSq6EoOmmzMamyfRVNJnenNfLk0IHZzyivoopp4NR/LX3ukdzXUk1kc8uUZ2VHDQDBXKpcBUI2l0jRtkAbbvzBLudqVXXy3Mv2Goy12jh2sahmscVVXJwnOku+cbGhapyukpXG36tRhsfuHtlx1MeVKxSZtZtHe9rWitcR1jVXjPDx0dG/WvbQaQx3NdxRUg4DVeGc2r6NrrSuWk1LCp2RChC16VfJyhrHKKLNt63TpggwXCDNVpd26KwisymStN4BjR8ZWx9yNjr+BS5xVMjZP61PtUZUoRm5fhicQ5lHYSJJ0dGExCCF/OZF0i/WX2UdaO1l0XVHf//1K8rOZGV8J4XTo3y+Xii77bhGuqTYHN8lZUqaD5X9umqhl9H+u8wzmY4uoaK+wN5gNgvlHEH8fHRyrrRKDFZdSas2F2ssQz2m6PjYHLodEjzeq+qPDSLvGFZsAUr8ty6SQ7lmDl+iNgzZRvyHXDmHfMnozYPLpnPKdMNV5vvS+qVvsk0/GphnmU9TugZMNkbnvhHGKccP/tenSj4vnlc1x1djZjMrIFXX4eIvPx3Hc1gnMxRYVXSho3jzZZKdvHz684PXlZ9dVNjeIKGS/LG2OQpFWVLhH7L2WZ83sueSXcMkatQZcsXewwmATKpc60Jq1891aeXc9woCocVhSjYCvWR4jSo3dzUluFMHwcVESkv5Bf+kyzc/x9IKqm+t9xGukqgFujyQfqlN943XQpGQCgu97nR/bCWqz+OaxSJNa1voeYOna6pb3NtDqhUyEEjtCta56V1QZoJXT16/sQtWmaTVhsPt2h+EJoBHhe1qF0mgNKII1xVc8G5ZpKtSFURoi93tTZn+1GF+vyXlUMdutRd963JLa+Ta63RKgzdb3RO38UhzxnJvGcOtIrXbOKSW2G1nzHa/sU2Cm3tWUX1ZC6bi+FsNxC67biO7Gb+jeLWKsQZ16+J2XaG+5tK3iVzwPM1qtWVL7oxuJtYpYd71S5B4lKjW5Jx5/e18Nkl/bTJDpaZqtF/v1US9Wz4xppAnDJoT69BuTaPrBgY+2KEoZqIksOjARoqDSg8ka7QGW5TtctOQmAuvWIvSEWxRNqMt4oocdq9sTvH6cd5Tdm8F/wuN5I3arf3lypWIG7OJl+MQZrCNMP91Wl4Aqq4uEZTau+lvSZFzVXB3gbDNMTIUOQ1FTltbKHL6j1DkNFTG++eujBcydKchQ3fI0N0zwF3K0G3lhgu5ukOu7pCrO+TqDrm6+9cQcnU3W8jVXWkhV3ejhVzdd8ZL0bSQq/vLztUd8ka3t5A3um2pIW90yBsd8kb7zSnkja60uyClh7zRIW+0aSFvdMgbHfJGh7zRIW90yBvd8VXIGx3yRrf2FvJGh7zRIW90yBsd8kaHvNEhb3TIGx3yRoe80SFvdMgbHfJGh7zRm4A35I3eeAdC3uiQNzrkjW7pIeSNDnmjQ97o5kRC3miCY8gbHfJGb+bVEvJGV6AR8kYPh0nIGx3yRlst5I0OeaND3uiQNzrkjQ55o0Pe6JA3OuSN3nneaLGISk/13MJNtwHOC1z9qi/Xcf30aEOEzrJz1aCQHRNqzRP9mLuR35ZFmpPtBTC8MkF780PG6sEZq+9ShvE7lD1bJco+hRVynOQmebI3SY2tOgrJrEMy65DMOiSzrrSQzDoksw7JrC1gh2TWIZl1K0BDMuuQzNoPHthCMmu7hWTWlRaSWYdk1iGZdUhmXW8hmXVIZh2SWffOLySz7mx3IU0WtpDMOiSzDsmsmy0ks1YtJLMOyaxDMmtnC8msay+GZNYhmXVIZh2SWYdk1g54hGTWPWPdvqR+F6T0kMw6JLM2LSSzDsmsQzLrkMw6JLMOyaw7vqLE05gYVbzyd5nPutqtdnK9yC8jlNlq0Yks3MQr9G1acT4fzNdKb2H2D526RUnAjuHh2l+BRHDGYqSRmelcVRPCYmxhdGJCGwBljngq6LtypV8ihgMWkGLSLBciVfzOjpT35VZCVMg4/oVnHMeV/IxxWHAo0J14x/vY0vWW23kZpxROQHlR4cEnGsFFyDhB7yxhb+mJ/y5L13qjpYcNdzqkfw/p30P695D+PaR/9yGFGFGB8Cr/hD5suyCH1R61yqe0XFvtHNGwk2kGK5xJ1uEErwpOlKt4Nk5dZ/JSfuW3g7ajaoKJImCj7ATQcvVFy3lsSDIrxdChWbKelskizjB3H+O+Y+jaNHXkploGpaiTQUeMHHQggEjEs4WZjjpxCC+AwqsKPF0KXBkP1saxfC/z2X8k8Xx1cTWiaNLZem7/aO3CiNNjODpXB1zUm3S0tNu35ZI7YlDzRVOmQkwomIS5i2mKTpT52eoSuji8iIsZ/qHuK4FV+e8uPoPgSNp5xhuV0VAlccU8wUgzgFBgehFxbc+AfpnNIfIwmzHNtBJp5zV4O4HCLGX1erRCm0jpiLuCk1kTSnOc8H0L9P0s69OML83awbLOECy+WKmwZwsBRpgWXXbmeZzF5/iTxgR0nz9LP48YFrA7BDmfkx2dV2fAaR8STLeqs2eiGk3yfo74ZBsoWDt9r2ycG+9pMBwUoUYf8Xgq9x3Gp5/PMWgVJTgztb1HlUNvsORhtBf9W3eiUtNoty+S+ZJJ1wKPayL5vjkRrZ2Zt4xO16enlFMU+BNRt5ul55eo69ZBF4fqDSFTB90T6YzBUq0t2rSC2ibBJUkJklPYxYxEmpRVDoyisTFb4GwccQHS1+FVj/XGkTq5ddUerhWVzi2rCNpiMGf5J4yLm8eUs9osel9l1i8wiAaYT1htns8O+AgSY05ojn2mWW3PTTfz1myl9fa0lpcaOaCkzO6tON3pCFBBn4GVSgdUAlfkTFRt2ot8BUzCH4G8129HNR5RMP0voJp8yB4UM7KCXNn0v3LrxmWdZvRNZxF/Vnb6B8ff9b3sY9TntkStUgE48V/7b+Px347G37/ffzuWv75WPx38Yf//a+9bl9s2snX/6ylQmqmy5U2QkpN4Eu2Tk1IkOVH5ppLkZO/xeHsgEqKwTRLcAChZmZqq8xrn9c6TnF5r9Q1AdwMgqZun+0ciE0Cjsfq2el2+72995/WtZwN209MPe+Ff+W8fQvn3p/7HZ1s/ade2/tzkNWtrmHZx0lAJy2PZtX+2sSSyjjjCJSYw5C+WazKldKpSMknCiEe7JGQW2b+m7bfU66YWTS3sPJ7tqFo825G9fs925NmOPNuRLJ7tyLMdVYpnO3rsbEee6QiLZzryTEee6cjCdFTf2I23eUKkoDshkqGKA0Dog+aMqqblkbzC8Z6DccpduWj/nKZXmBHAM9C/FFqgeT84BmUfWhXrIWKXi3OcNNpBOk/G+UDzOQ3OJ+n5ADIFKPoJFME0Z4vE4Pn282+3f9h5EXIzKIdyCJNZuM92oVBOmv6UPHBTCK8SOfyWLv/XZYPyg6HdYPBUWJ4Ky1NheSosT4WFxVNhQfFUWPXiqbCUHDwVll48FVa9eCosT4XlqbA8FZZRMJ4KixdPhVUqD4IKyxuOtLL8DOHBuQ2zQoTwjrN0Mc954GwsMV513HUKlROmj8S4MTFBa6vhk1w4aWQ07287P+P7rIFEbktJi0lf+8TaMxKkxxFaYlE7LGu+ZYVX1Tp86CqWck/NWeUhorhMs97lHhxQXAMEiisypCZIq6qohY1Udn8tiiOnMI7y8JC+SRe+0yvw3OkRE3AexRVJc1xJmNt9DufLdsdecFQ3lfZkWH7ln+/nZ+mBxRMC5XQYgQH9/bwn/jzAmImTmFyyqJRQkjD8dQw+NANLARRnvLMlNkaaLUUMAoxFcHVG3CbpzugoSVoyXoEh8YSvSDbxtwltbh8uU/vChrjmes1KY76lgBooywXVdIyqWSV6BkrbCBoorYJzGyJpoHTpOxlAA76o2wqugXJGyhhGgIA5GYJA+Le6HtTjs5//5cX3q4qvzXFQlS6SNJwbKyutIiXUjpB6YjQfq9eYU8t0rghCcBfzJtG+xLAE0ufQXmJ8USKXcnYE2HlOcQTYrJr7/8OXj33zMfiHXqWtgJe3wJVtVI1yrRZUMMCpBEuhcDPVlzylm7aZV+azsypT4qbaDbYbR459C6biDumC0mW4ZCKeiG8ZUcVVyzO640yffkWneDD3qDnO0tFiyLOnZTxYdQuHGcvjTOMv0HOS5hCVeZ5ar520cZ207c9UMGaBB5phOn4lDqZriBmUM1GPzqOmRe40rzS1UDXOIugMV4OiLVE77GThHoxt8kdU7ghP7fio5X986u1+fKb98+PWT66kj1aLojuiC8rSUV1OgTdEfEGJ2QnAnYWyCa/bdN+CbXHfw9uyqihdQWhQypxatxRt1iGt6QHmKbVKInfnJ7WMIaNbuZpjvU4LrvWyg03GEYoGpTEvqjEnqikfqmsulKO53VKfGiy4UCoGS+3++uG/bta1ibT1wV8z7crjvaXSar7wLR/4F/yQ20F81UfqElzMwyINQUdrsp/ULKitxKnqt1RblnQgTvJ3JVbrXDNeqP1IuvAuNpB+KNIMjmHaL4tzaTgUXYY4HKr/QMsSXeQgmRcbcvVWIw8837uDf/xzIwzDDS1KCcyoiCuRoy+TO0SvdjYw+iHYR4hiYVk4IKAxdueGzsJYYx9kCiMsIpjaD9UlM5BROIxCOMbvgik7CfObnC1bA/obnIizcQgPUg3SIxay00kfVpXzRTIZUX0iXzK42u7vvOiDmqQz2HH7bp+tRvQ5Ij5uVwct2RAs6RIvpvrchuA9Q2+v5uEG+xQbQTe7we/x+WWafsZfr+lv0ZNERk1WLK13KfdKn67UCpQDryLkd1VuoqgDXXraDXPs/wE1VQxS1fCTGLy0vNfl0AuDqx3tT8EWj0bk3ZocucSElDmrnvh3WBEuD6ApoeLBlvBK/xXYafHKfLLIoonqDJLzZZohjr18xZSQAMAEs5hEmbx/A6ZRCvNRRlWAWftK+96wxGKIUa77APE1k5WXVstjBV/FJfTfbIPXJ6RC2NrQO/K4+nNNVam8SQLnk8YsIts0H+mAe1AH3IE6UC5TQ9toBUA/bblh2i9NbaqnCrMm5ekwQQ8N9wKoZd8iIf5oqRW/lX5ragcCLGJkmvH1U+vrSQg8drU/Uzm31AqoV0vEnWdJivlC8shVa9hIc13J5Zwqu9qJJkzc39DQHF7GU0lOy4bkjB1Lf/vmtPSzywqgYULC7kwPypO8TCLCw672WM21hucGBUMiHWj8/CX9aFmMzjPNZ2U2FNtCW932DPh4Q0o6HxmQh0zfJwzZ0hqmMkZtgXyEJpNrEaSw8mGM/Bi4P0XdMniSh2bg1IekUjQFmKLn4WCfxRgHCjBesj6yQVTbccuxRVJfMGgktfNPPWbR3T0Yn4hmXU6uSuYR2QvCnnRyeHqm0/BKBgzNfGnrH5AmE49gzpCYa2xN49HkSO2QoIlvcT5NCoKJi/PCRJ+xj+oG5ijNRyYC6SNHguM9RVhaestMZW1L/K+RsJp2EQihM4I/VPP92+b6O6hMmy2Z66YuXStlqdsfNnRTlLZ2qN4OJemtUJF2pCBtIB6lDaYt4WgLjvMW9CSrU5O0YdtppiRpb+O/KyqS+6UhuW8KknugH7nTZIu7pR1ZmnKkxeRyU420n1ddKUbuPfWiHV53ezIzp3S60oncPZVIS2E0UIh0k0hn6pA7pw1p5fVoSRfSXja3SRPyYBMzWgnbSQ3SXsAdKUHunA6kHaqGy0nVlQKkfiqSV1pJFTksS1CiZX5LpdkMJ+liFIJZW8Yt0QusAHbLkl5aqtMNN6esa2A6pcFBicfT3JSGbmlDMtpemrdPKrpOMlGnaByj1UkauiJZqKAENTTYRBLqjANpBqWwkYG2BqVYM/nnrZF+doBkMJzlm8WxdlLPJck8GwLqG07Hq52MG1aahhNxu0XmLk7C93cKvs8T8B2ffu/w5HtXp96lTrwNk8Z+0m03X7qccO/5dNsgCfuptp0kupxm7/Yk2+LDHSfY9l/f6eR6p6fWRoy3FqfVdnK4rVPqAz2hNgjWejJtJ8wOJ9I7PY0uq9d3O4E28xo2S/HueQzPLu+Qv/AWeAsdfeuixmuBZ3C7VHh3T4F3f9R390V5d+dUd3dHcXff1HZ3Sml3f1R2a6GwcyxRVg6P5vVpdc6O9XN1WL/Uxm5h5uRwsV64OThWpL/oQn3RmvZiNGJrV24ywDR3snyYzEdi3qqfAUt8DFsxP4G3Xv+H6bw04S0WJaX5LgvAycW1R01W5nUdeFPEKcJ6ZMmV4J+8FLwmPdoq4/5M284dr4SyPtTwN+UX4oMy5e3XNC9Awe2x/ZdCEI+OrT4XJsejmbjrVhC0eRuN19aLjf318KjkrUhUPIGKJ1DxBCqG4glU7oZApU1WuidR8SQqS7bLk6h8JSQqj5cdRbcecDsT+hyDKnVGQWl0E8GhYZRRmVVDKvGCNkX5ixHkj03/81TChUgqDVOj2TCepOMxGm5ZbbSvkmFjTlul+3jHtRm+nsPH4g7FNyPB3CKwHTXzsVGCJRRIidRChoKL5AvsOIsiRWwZtBikZosRKkNPcbIILZgpAaxXYDTDnBFeekFowuOC0mlcIAWxEQj1gq3UEfjb8dXXWSqsNFqXPCG/caB2aS31wei9LRvVe9zaFYGVdrZgowJtQtwfoxvvpI3U1FRYZcWw4h1wLbTOZEYxBWy5Osf0TY6Yx/quQBAcGq2GWuHLemKpkt20YGNlDmuAMkbr30OSMHvWJNe95lVIijyeXLCGojbMtjHe1dMklyk1ZuzOPfAM4MCDaaaPu3TIdtVgtMgU+hCfUHJPf6On9ZYLXysJlTLKaRrLOAQxF7mpnHXfgM8pCQdqqlN+8BOEnpovugUOrZnY554Wq3wxHCazYVGh/LGsUwr0tZH/xy9QfoHyC9R9LlCPjmwKDtHvKV+3oaHanQrgLlfWHAlAr0nf0MzKqd2E4Npsd3H0AIcWaEee1Yo7i6iziCPLYKr28Z8+/tPHf5aLj//08Z8+/tPHf0Lx8Z968fGfldIl/tPTQdUebKSDkqEW90QHtYb4K6GSlL9QU5S1YCzOoWM6e88s+n1f0gjpAVoR/gtP4OeL8/OJZTrPhYdHhvngkaF8CDWJ/AjdCKQpg8WEx4ORHYQ7KMBkwzolBC9b8P4/6CCCYDq8zzv0RDeozAtwSNEvAitT+8kElqmQLDtD+vHACV5TFayuHqhG6G7lp5oA65DYYiQsPnmCRMWQGFm2M9TbINH4xd1QE/va6bzUmr1xGcJPgql6+EIPX7gSfCHtJh6+sFQ8fKGHL/TwhR6+0MMXfnXwhRqgiQcybNUOD2TogQw9kCHKxAMZeiBDD2TogQydInwIboKWwvZAhvoNawYy9CB8HoTP8REehM+D8PkgLB+E5YOwfBCWD8LyQVg+CKuVuB7C6coHYXXR6z0Inwfh8yB8HoTPg/DV3+9B+DwIX/sv9SB8HoTPg/DZXupB+DwInwfh8yB8HoTPWDwInwfh8yB87XvAg/B5ED4PwmeowYPweYwrj3HlMa4sH+9B+DwIn1+g/AL11S5QHoTvIYDwHUHUwxK7g3iW5w/H6AlIRvlgAYEPMLIWs+R/FgCawSVwI43qxtjabiEY6CvE/w7+BE/VamwINdUiWlrEmMCReU97BPKeS6sFNMR+zLQfbcAKbAoIqLUAki/BBW968VKhezI28WQxg3HTPnppv/KkAHUwto39kaWLsS34MeNVAEJBQcbHpzGg3MjmjdhA2Ol/23++tVyEIoygSfuPe4X3uz8J7bpPFhgFGmZPLJ9G3/FNf+dFfzvc7p/P0/63YTQdvfh2yS9hs+E4S7/ctP+YJzosxCvxvPPj+ubPadG2SVx0EDM94G7KMi3hGmCrOWW17LwRlZjbhYHQtLopjbMUjWOpNylnA5RtpnOKHAet6HUcZTM6p+NYY2rU0++2LJXyFoTJiFZONl/Y/X/pp9l4wDTsxRf4ZzgHzRH++m6gHuh/178spqZIg0Y5c7/MbHx6w75l2nINfSeeCuixta2jaX40tXoNSs14dxrgrY6pPYiL4SDNQ46N4pzfB/F5wnSrX96+H7wGYQd/wZD0+I+breWmeY6Cef9+tRF8KmtZ8xBWU6M8ZMvufOk0YGrACXv1r4hXkBc2a6PY8Sltoc9qZCovWkvZrr+YCkCYQTwLF/mAXf7Ern/KF+dSFp/Y0Ga9CrcOdgYwqgfZZT5FbaR7N9gtjmFJdTBcph3dcMGy4RruLO1ZpuuVncByi1qQDTfIddJwrTK3TXfQdDNcUcPXoogaza4eDVoVn4jkE5FU8YlIXA4+EamdJHwikk9E8olIPhHpwSQieTTo2oMeDdqjQbfqiX9xNOg7wv9tasa/Nhj0Q4HkvjdQagHzfM6+h1BslkF57gLsLCrwUMweitlDMXsoZiweinmFI5iHYqbGeijmpph+D8XsoZg9FLNePBSzh2LuIAwPxVwtHorZQzF7KGZbTR6K2UMx67BlHorZQzH7CCgfASWKj4DicvARUO0k4SOgfASUj4DyEVAPJgIKYZQhHJ/7wFdBYy5XIx1Ml+l1AKeBSsgTKdNRUQCKEgGzAKqpFvIi8JTtSaiYtxFEF3T8iHVHdhUuFQKVgj0VLMC6fJuawE5z2Y28CTda1vAEUI9MA+GAIKBRfdjZhuNgyjaDTsq6x79+YPjX0OLfIKCIDeKCjaEV+8VQ1Yrdcx0l6GZHZGR24QrfYD5fo9jx3ZT81LLXeJWy43gNHXvOg4x7kHEPMu5Bxh8nyDggcoI88l8gtmSZZapcgxZprAJYddRb1jPJjH3BiMOpxrBEUxay0GUISkQB7jUABilovFGAWcBM8DqiLd9igvkkUkskGUPiL0XMYRzzeBqxDhrysWt4ZaVZMlpQNJv9fSNe1qNOxoHMJnM0mqpmiJkC8mFffVKSn8kAx9/DvoVix47T0a9xNCkub3oYuThaTPQfNWn3KNbcUKmYiNxsxeGReASg2pShBhCpDq2DPZgDZhF1NgQrpRfFNaticBllI/hD7BcCBOffTfs2ygutpDQeBHKMQJ0ERDyY22xCQ2w+jn2mrLH1RXUCTuPRiNYyDfk3rcjVKARSuarY5xIsFY1KIH1oxAKHKMWdPtdEbFfljma0SVUmiDYX2MdmhUJ8kh3cQ1QP6oE3mEmdaT2Nid7JFwJ2gl5ASblmZjAuvxl7mzLRRSRjDmYWjsrbo5mpvroMR1WdB42vp+8WCyd77yQa8n0GIpjHEwh6hBOJatLmfmnSqlGwG2wG/yYaal2qL+PJnJaaKUy3mAMPEyKmDhGay8wEyEMopxwAjtL1DGHueYDnQNzBlxcDpkAn3PvSEFXo96g1czDTyHEWDMoDXqyBEXkw9L5fBqZb1n22BmzWUmWaNRps3xzWbZ5OIgTBVR/1VEB1ZwCMgLkk4zQdbdGUQYUVhyfUmcwqfaeqAWXD7i4+qgDcggYR57MnPF29B4nrYuwW3AvGRLxwI96yRSAtYkAKYi2t7EbiPbiyyH8RGhibFN9kI7RC3+jrcGmXi/Lq3LY1Yxp9EX7Gb3Ze2G5yOSOpzMFqkbE+/q+nH6Lwj+3wh49PP4T8r2fip62fnv6t77y+9WzAbnr6YS/8K//tQyj//tT/+GzrJ+3a1p9tXohVIGpLY9G0L7ksTUygRzjFg2+eW/QsE1ptxUQFIxLtVJ/jG8P0a2pjvS5687TCleI5ZDyHjOeQ8RwynTlkevbdUjLIqPsP3p7q5DLsn55dZr3sMjD60OwX54df5kl2c8D+XGa+m2sSjY7xF8z5q1oW9Qetk19aW/HkJKB7y+dvaQuqVbISeKZSpDwBjyfg8QQ8leIJeB47AY8n38HiyXc8+Y4n37FoyPWN3XjbnXH0iAiTZTRVGZ1iPNBl8YQ2LSZhQKtmI6JRYQuCdzCfeV6+0iXE6egSDacjLaYH4TFwRaFQCzaKISwBtxQKHuBBA2TJNyHCu3UxGdJyCs/bNbF2s7Bem4zBELoOWXHoYy6UR583Hz+VPYI2GRy7xPlg0154qLMpZiX+MmQ7nEkia+kKocRh6y8jUA5ZFdZegNJOJWuYf9D9L9PsbSXkZS3d11R3vTP1GJnSeJzinkjSsLzN1tV6p1qiepr6lh5AdxmPsEHVX/r6F/kCTX/oqQdn7ekRLIyTWEIL50Ftgy8EEE29YBIOt6JJexOZeoK/92nr7tO35HsFBfn8nbb79Q9PZ5/kdzdWHUu2p07z1GmemcgzE5nsg3fFTGS4T6fHKPsSRvKK2LbGKVf+zomt5Eo2IJjFXwotY64fHCNvAIQx6jH+l4tzPINonrQ8GecDLbhqcD5JzweQukhh7qDLpTk7cw2ebz//dvuHnRchjy8ISaUOk1m4zw71oTyD9KcUWoZLlQCh6WLX9Lxxnjeu3jy/OvvV2a/O9786e9I8T5qniifNc7bAk+Z50jxPmtfcEk+a50nznM3wpHmeNK+xGzxpnifN85BRHjLKUDxklIeM8pBRVkl4yCgPGeUho8rlXxsyypPm1R58+KR5lKnf8IEin3+cpYt5zrPpY0moIoA5lNcFvQUjVFQM38P0Ds39RjG80jH3287P+C5rxmQj84o1w6X2XS7qFZH+UulBLSklL2WeP8nLUVi2if8KgpD15A/QAtAxp8XgosejF7yfn6WQedRT5Cn7nBQGrx/V3SQ9PBTRn7atj90gkTEInA1G0DFE/FpDvY60T6WH9y/j4WecsFE2jjkCgoI26rFhkqeBdu/pYkgRcb3gHSAGnMQ8kH1USvDO+CCytWRPAqZMZO43z5oSTkG1FqAx5BVhi3CwhGO8FccrKrUXKTDXoI5qgmKxHQ+MOCM1QIoGEJJecFgMR9V/v4mnbM3lP5nFYE2rgmJJrZIhwiKFBZx6EFwYwVGisEO6UCmNbkm5BofiE6462HqsmZSnS7ZV7QudmPimmtUuc0v5WFCWy8nqmJS1SvIVlLYJWFBa8Bg0JmJB6dJ3Mv8KXI+3lZsF5YxWLkwgAhMJ5BDxb3U9qANHPP/Li+9XFV8bFUqVLpI06FqVnU1xX2pql45AyMfqNYLdFcF5BEHRi3mTaF9iVgskIw3p1GB8USK3T7aq7zynsB9sVi175MOXj32z6vhDr9LWBIM1YLEa2QOjqaACArZFWAqFtbG+5MXyW9rMK7O+qQrT35LpYrobbDeOHLN6qoo7IxBKl+GSiXQ0vmUgdN04i6YYy6VCHTJ9+hWd0gndo+Y4S0eLIYc3lF6GqtoEM5ZMUSr6TKQ9zUYCyzLnzRGOC3vePhQMzON5ivAJ1TSqrhmKUM5EPdqOEGmJX80rTS3TkUfwObMdoWhL1M7284bB2ARwA0WB3HAMmo8aUM2n3u7HZ9o/P279ZEOngdJqUXQnBEJZOinQKfCGhEEo8Wxh8YhSCYNNeN2m+xZsi/se3pZVRenKYYRSEuRtJSu2xFuC8sAAlVrK2ZV+CKVlCiLdytUc63VacK2XrVmMdNmSyQilkYzJCfKkajADPUHpAvbU0Nz2WE+OD+vGXA9wa/SDIK5Xv7h568Mw3NA8j+CFRIjNHK2b3ER6tbOBvo5gH9l0xBnrgDDIwderEwAjrXGkHVgBiSQkV3kG1SUz+IBwGIVwoNkNhmBUJR/ugP4GA+NsHMKDVIM8y4ZMT+uDfM8XyWRE9QnIrOBqGwKfYMOYROfxRLyeIl/6rF/oc0Qg5q6Oy7ohiMpFgntcMEWv8uiG4C5GE7Bm8AZ7CNOJbnaD3+PzyzT9jL9e099C7EQNTVYTNap4lLk+zKghKApeRcjvqtxErgddgNoNc6RtH1BTxSBSDT+JwYjLO14OjTC42tH+FJztaG3brYmSC00IGkSQZvJsHVbkyz1mElorpkbBFHlVufCa/YYX55NFFk1KvUICv0wzpD+T75ryC2zgLCZRpj+yAZTzKcwd6WoBW+CV9u2hZnE5zjBwfh9yAWey/nJcEUKksx33HBAkwEE6C3nUfKFjFpM9SsTBKItUHosO+W+2YqLjXZ4uAG6TqbFioaTBcFL+sa6HNzQwEgY91banGcYyI8Z0EUDUUQF6F9rrTokxYMvaSFnfiam10ny4bHOpaW3E2HfIkdVhbB5+orVpIy1+US6j9ODVTjSZX0bf0EgbXsZTSXnOhteM6d6/fXNa+tl11FHDXViB6Fl5YtEGPen12sO16H5UkRRkq4zh56qmDOXnAWZafIrZJmaLR3Ef3UAEBhhCPtUANI8+Udjs5MFfYSvZfPJk4sy1EBBY1zAfYzxL/pB1ywgI7rlJOMoZnXowS6ZSM5xhshhDOQB6XNZHx61qO27ZnSh3a4M+UFP16iEI7u7BkAMKnqfsWzoJyl4QR+eTw9MzhaKrsyYqS42tf0CaTDwy1lTkd8ezEY+fwnBUzLRh2sk0KSgzKc4xM6Za7T7qE4jmQckN1RuOHFBA9xQ2YektXUuq3lxHqOSqhqVr1eIBbnMj5mcVn/I0rswpuzH8KyDeJG6A45Qt/00pPnY4E/58Sbxz+kngMMhEE0kvwUmC0Cg+YidlIA2wmFR0op7NE7YypdPNfhD8hkFtmrWHX+sFm2/jazZRNtlf75j+y/6q1Wo2BIQBVWG4QFUaLtAbugi9oj8sI/dKFWJQcfOkpiNwViPcLSk8BKHmwRPHQZ+FR1sZulAnaOqI7eBpjUxVs7ZJTQqMzylE8OUQ9ZkQxPNNPWRes8BaIYjNJlWhCi7H8kDPylkpBSfWB3GHFR0SNwpcs4lWZMS0clCvk/ySCaW4BlQMiSP2R5ylaLBczGRkYCM3lTM8oqOwcjbthmwBX0ZY4lkOqgunRyQ4oTRhTRHFXF8aTop+hwsSGGLMUTavsUKwJqCE9DRYjckH8YpGgsGl4jjGBdS2kFM5Kqq8QGIYA38ZaENo+YaT8RqS4dxhQPSawZ/w/6EQb33Nd/tj8UsOv4DGUTqlOrq3+kgZJpl6VvY2t45NTeqMKARMqO6j+Ii3B7aogPbucCf6o72lIvmRX8FRJJ0jNLR6ROrMCSdmPLie32x9KUJ08U0OKKHVUF3Fm85qam3mRSJq4RDnU0b5/eQnR3M23ywBm6KYVAntaisPKJfa2vyeohc0byf205Ocw6Ox8XqZzCmEnGe3ujuACqkLonoaoUczCL8p4H+HmI+A3XmQxjn7FX9ZWT7UtHVJhy+KCaJToqEWN3ntmJL3BfWDlCS7+whR3uhT3SNCd6BB9bhYnsdovCHflal+Lj32D114S76KvwZ3V7pCZ2DiV+EoA5EwJ9bCGstlGmfjGMx8w0tXXzoXJN7eNt3dbESnYrN/GwM1RWn2U7B5Yr0m+styQ6P7oLt3oOGTcBd6rRmhq0W3NjatoY29026aaW2iLWQazWGK/QN2Chyt/2SDKcmA9E2w/OjXeCKpVo31RXMEnWM9yh6NKWMKIlkIL45iTcu7NBAYASYYrPcyoW+T/Wuz5wgE06fp5tFssydB6EqTT26OmECyidc2+5039haQmmuIXBaq2jJarHhW7KH8vI0bKD19zrd3qRjq8bLi2JSYkmiY/BYXF0zThx6UZ4uIYDgw2sGI31lJkEKtf4heJA32FWrRiHrEZ3ROoTPbV9rLD8opIBVH2YgL70kua72n9ALxeuPbmxWwmjfOeFOH1QhKq/2i/eavtZHv/+wMKUKJR7gokJ0SVhZwcXLKV2TNkjZKxD26MXNfisI5ICVvXpGmExyTWCsuH0C1nMRXOuCwHAGwZtzgcGUNdrwGj45kI5iNNPMDqn2IeonGIYxLx/BLfmxybeOVYWY+nQFMd8gO6CM2lJRQrbU2boyByHuIzaZAUdr3tV4f72zBLSRp8gTDECn9xK/H+kg8yrqdssgdr0Eb5Lu3r/8zOHqJ9eD7aGsBMFAyKbM+EAS8LtEfXVRgE6CBPWXrZENmkWmUO9y4LdZVyQbtmlGX0UxVOI/yXCa409AnJnIIY0fTAOBvqVnAk+pxhf7i+hLY8yTlMFUM0kBBw4sxm5aHZC4myCZUkZ5L8cU4NwpcZbN3RghTvB8naMMVZmFqqWKwZYKbRpx+E5vleAv/WM5XSePDCIBl7T6VuSr0BTG0RiR/yuDuaS+wsb2K8vbdGR8GrDu+3f4Beakw01nR0cUJBvLx255v7wT7fNNjKsx329vUmyeuIBoo5GeR6L4q5lGOA/yGoQ6ud5EuZhLRC0O2o8kkLQoYxhK4F0eta/GkdYy46J9qjGCK3B6rFsh48oUn8ES4h3ddMpEgD6PjRXt4vud0nslFINYK+BinbVGUW96S2eyZzlPK7HO0wgLARssPQAIOcaK5IdiiktfW/tEttuSJ4zwC5Z61gDd0HOEnfqOxVKdUZJJKs3EEnlpicebRJ3+41o6nGAdCuzJak7bk1svef8NNp9JcSaEIqOvKtBVO79iwDPJ4nbXu6BPXoavVZm7P04bSvqtwgRE2Db7oSKADGZjUD440knJiqIUFD7pXKv+Qm1VcOtC6oGCyvzovwB4D69c1IC3QXousAuhD1tdzFVIQzUFVziDFCxvo6j4dJrQvFx/28DTKEliRZsBBzSnI6YsgIFUuCrFgFVf4nU4bmYiic42VRi+4XroOLBVCn/NU+Ee0qjWk4EPpNrApFV/3+NIvfIDHwB5hmAD9YE8k66hajGCwopQNJPCizRE5xzZVFZR9oi7woz1bCdMZDNFKBI1rWLxlAwjyZfmKxzmllQYGILywPI7IAK2+IlR6mQzcoV6/sNrcoBAhuHidUId5moBr/HLBRsHB29NPr/d+Pnx9b3NDwSM8pkmRUlKrsLqsY2q85i400Z2jeE6roHBO8qgtULf3Xr+W93EdED1wkOTqeAUeyCh6QmDlcBOWGDtjdiiHRLshbMJodJLavcAXgu0BQo05XbmGJ+wcqfGM4xFlNxKMBttcBX5Kcr1OlSyu4RBzeOuYnsgWzgSEM4TwGcoxjAh8eBxMkXyRfQtP0JSQAg9lIDZ6Frr4f96Vhqwy2sYzUA5KXEKswYDjeJMuVPQNyOt65vZfBHKM7om7xbARazkfrXgYVgtgJAKrcMgDoJRz3QvwjM5jn2lJFURqGT/IaJU7aU2gtPGyQmlCEFNlNSwxVVr6jZg8JunwM/bwgZVhytHEhqEDBZYBzKbae3sg4bnghdLAsckGUAyB7LORaMQmEz477rAzQ0aJzY2vUdWqGctXLBXpyM4uIU+xQ7MiYO9NcOlorL8EbsOnZFMvgEkgbhWzUTrY8rU05GspE8fgT0pEoSDLaXw5aMGXTBdHvbu8PmNeFpsEEe3/xaWuO8AaFMOsHnI1S71cMvU0f7oeTnThIvtT5SyltVklYYLpJAdoszge5aBsQYduBnOI6M/1iYFd7/b9QsGc/OuEKT/fPn8ePH0/Y1MYIOnQJHzIRkNxs6XFapP1sN1kM6OEl4vaKzrNMjmFKjBLuPnJqGqxIzUKwQWCs+yX2SHXLN/UYuXoAsOmyj0DsqnSeg12H/6pdJVdF+A2VdYPOOVAcFOltaSs0FuqdBVUBzguVW5BTlZcLlVaiqkpYgNKqOkkzttgoDtvaLDZhIENcpdKC9sYlC6O+mrl9uiRhpfXA/1F6QabJ81deg7AeczOXEmaVdjh78mXDZ+K2HiOVOBmbfdcAFCt41grK6OYGLXroQ2Eqa3I2w6+aB5kzi5G83yBAQqOegUgWSoNgeTd4iG8/+///N9cvXsOJ5FpDJg5ST61LwztTgJDjstlgDZeTkalSo1yUlIUybVhXkVzbFp2LhGvG4RWpj4SNC88YEfTj6XjuKhTcZQLWYuRxHqg4iTB74+tvFGgZv2DqIhQV00XrqWCmhyjykjga231nbbHuS4HuvUd6Tpsk42w0db2tdgw7wZOWi/3By2tl/uEmdbLHUNO6+UO4af1cldQ1HpZCpa6JKv2k7XN2WmZebrc+ekBnaA6SbHNKWoZKS53krprOGy9dBRag49OlOUk1wk+Wy93CqWtlw7SawWxrZfuMrwt6G29PFAYbr106JQWNoJlOmIpO8EdQ3jrpbXEWp7Alz2DB4E98Fve0ak3oD7lhYIOUYccuKY0v+EkXYxCCOKQqJ/0ooa0LVRxZ8mkpx8MVZQdEGUKfxRH3BZwzg3V6k7AU9a1MH3TAA42p/EwixE3x920lt06KlW5bumrmk3IAjle5Rm54GYxdRLviNvqB1ed7UHw3LPCCcUgxbUaJIPTJ49gDc58ylZojS3kwZmvD1IQ+TqMO6UKhSz4j8GIftXTYWqZME4H1BuVbB1R6irV9lJ/a64nLaRlLr4mJb+FyKrstA6bT3ux1SoVNh8eK1Qx/lTyeRwVpxgIT5EZs8prHPy4orSznLS1mqzHYtJypWxpKem2SN6lheT+rSMPwTJyT1aRe7CI3LU1ZCVLSMtJ2GwB6Tb/lrF8PBCrR0uJNVs7uklsGSvH/Vg4OgiohWWju5SWsmjcizWjtb+4gxWjm7xu23rxwC0XLTug0WLRTehLWCruxUqxrnPYcpYJAIU7yNiuy/P11pKkUKlTHGwKBFGNpoBChV1DdDKKNUPEJ+MxJ4dYVtB/RlAVbbt2BnQqZxhZgAF3XGlir97uCXID9TLktebZWlg/z1WF1rIJR02bJNOEZyg70xbenR3uIlNU9aNlYi2FXv4dumdYTOiNQYgsMuzWv69ywBKnEhs1NpT2XadqE51WJsAO1KQSZ1KZrssTaZuPSWV+hjIimHgaXoTkKai+qT7jCnWZ21jEvTcEj1TenGjJX6ztl8kYsl8nsCwint5iyik1NJTofnBIGj746tkAynGEifMyZGYBmKKDeoSTp2hVwmdKmQX7EGIYLubBJB0DeQh9uqoYUquZ8hnnGuZbqqAdL1DjcwYGyOfYVJDSpl1IpeSOYzi0jGF1zwj04pVcWuht/eB3w4eYUSCoYM4b+ybWvDC9CIss1robUZ7lV/YqCdF6P2mywMQA10kbwlmF3h+pl8GiLYaxQF4TYoHYewyPlVdIuKwVgJqQlOKov8/hNE8Z2K52UAbzDM990H1JToQ7I0ih0LoN4X2l1FVPAUpaBlMu+8zT+igEuOVIF2Yjji6BIwpJFBGMi3IBYbjX5wHMfbBn4OGzJHoBzOI0zVF09UWEpybTwBdjonnRaLEUXjVpbu3XwSsDRrQIWdNmgpV4UZXyggMbUcETWrQEdQEoUQ9Tcuw8jRJxR0CG6m2W65qd1nJHzRBnvG85YCJz6+2tCmVadOlnG3qxgSjHhl9MJDn6UBCUWqtAGNcQ6hsQlc5KGKkK5VViHRnw8g3dUUXQV3xPLvDO5VFPuTX7jY3szjGK+aMnFrau5tl8NFOWKan7ZZwij9MhAKpLyuQ4RaD22TCZcIxxQ31C1D02ddha9lJvH66jL0sfq6+7/fLdhsrFzfN0jsGbEjwlXwzZ+jkUGm2+SJCrEDuObxGG6nDlnWcxKbCAX5ZMYmMDlckUU/vYmnae5qYqOfJBqQFMTcH0P/h6Ih2kvWRO2TGGWtg4ziUfLrfa8kQl2J9wOHK6H7Zrx1mGkZDQeSblQs9qjIYChwE2S0lyRqvtRfIFFBk9dx6xcw11ovL/FHc8DpMAezOTV75F2c7CZC2ARLiTL53GYModm7OqLxazUQRGZ3z1dZaKLVFz6p0pHFywkAaKGU6LNzWaKnWNXE//JNUDoadmCzbYcVjww72uWUnF1tR0UJXEbOEdci0go5IZGdoJ8keR/bK+LJBPjlRY03BiX9grwWdEmIuWL+bzNNOgeUzfRZIxzlE4FuSJRiWiD5KkYLvEBWs45qxmiRgK0ySXcdAj47jdg2MhDkxYTfRxmQ6Hi0yAY5K9ga8kMuRdsO2aRjCdQokMmi3juFpJ47zGwcGPPqxHB3ziSQQb58R4gsSO84VhWXctvgsmFoRRjEdL7VByX6LAaVDBCSCETnv2VZbfVTlmSuxA/vvt7Fbr4GXP4osJZpbXgT7wg1LjvszGDBF6St2i5Rd2JGkvsc507FBQL2S3mvSGYM+1I+U6TD3VJol58XAPmbCYYy/82zwNfBM1ls11dnRL5PoqSD10nqGr6qP+IQLHy8TxSIewlnfQzkZ30U5PTUaH5VWawGLDlhRkfTXnS7H1muBueDIEr0ZoNnruOq+atwTxCEN2MI6m3HvnBIDnpMXl9uedUIoagd+tS2M35jtM+aVfBPWd9pOJ+w7O16qnsZmnvJVl/qjacQd6RsxscSv4WSuEXeLwU73VyO6lUfF1JiHjgTy8Jp0AC72/tXMccViVn6p1Q5WYC3S1kVCN8gShGQTkUelcVm+GhM0UD0Bl7IOn81KD9sZlmjBJj+w51zznmuRco13Yc655zjXPuVbvH8+55jnXPOea51zznGu83M7JFdtrmhOejs3TsVWLp2PzdGyejo0XT8fm6dgq33Tp6dhs7fV0bJ6OzdOxeTo2T8fm6dg8HZunY1PFc/j8a3P4eCxRjyXqsUQfE5aohmLjUUU9qqhHFfWooh5VtPkbPKpovXhU0VLxqKK14lFFHxg2BxSPKvq4UUU9wqW5eIRL06d6hEuPcOkRLtu1ySNclspDOKV7hEuPcKmKR7j0CJce4dIjXHqES49waXnKI1x6hEtjbR7h0iNceoRLj3DpES49wqVHuPQIl8smksJbEkvEdNkrIG+UoqZTRyFxBqW0myDOrFk6ZQQe8Ub5QjTnwNsUtoZ0R4AF1mlCpmgyCkOz+l+aTMQT1mtnHOCRIHdWzX58DSg1XNWOlZQljCRijOCWBpsRzQvKMcFt0L7+kK1NhmNLsLLFjK1bE4zEVm+DgMYxACliUliE6jEoGp9n6fWsR7vjIhdgGthcqNC++LG7oEdoZeW1oxtgCIczmBm2louxDNAYqIJb7mtcX6c21FYq7dNTCRoUpi/hDXH8UQ6gCUIRzIQE7YUikt3X0ENczcZgfp4yt+wHZxas2W7fS8GbiAp7oSA8aZxgTjWMV/l1oAJbwUrKlco4UxgY8MHDyxTyoNhAQoWOvQyGXFm11HEKgvEiYi8uIHwT0YNaCpajrawm3JwpXFlSWPN724pX1CNUCFzVJLDAkIk3L8WIc4DeYQr2ppxcAhgeG6Rarj6clZMpUxETNmsmdnsPTv68EKljcgVPQN1MOBBwBECdQ3aGg9PbxGHegl49Fd9D8n7z/vRM6LJo18d1h/boH18CeNzyPWDQCSzy58uk8prQ8O0J7KizDHCTsDm94P0MV7ml24U3rDgqEOsKzrJyRdbnFXptYDqmfe7B6rODyqDFvHsD1pK+rLWP79FgWKSNEHo8S/Ncy1TDM4UEPiPw4PN4GMHRWuULKb3A2giVlHKxmARPc3aw7KOpiOOaqSq2KIYiOk8mMKQQegZizNnkwC0pmQK4bmQ3FTZ0lkvlDgNrrkOI9RoutFCdTYm2Hlbcw4qXiocV97DiNJw8rDiOYA8rXi4eVtzDintYca14WHEqHlbcw4o3YU9LK4HMNW+D3W2QEjXmgGrhv82zJEW7SLCzXWpfB3DsBw82fp/o3Y8cB/3hQNzXHYNsqc3TYaIOlpW92zIrhNpF/+J1lZr0W+m32nwV2Ovn7AMp42EZ6PXuaOuiGo+P7vHRPT66x0fXisdH9/jojxEfHeI6SdNpB5XO/rhIM4V/rsxTBGst1Z9bwFSH92B77xpZ/XHAp7sFbnLZPBN5XJpqpwXBsRHENE6OfjaNvoh/KAA+mGlMPbJFYLHaE0BFxLGlLao9DC8V1dsf1gaW8EfzVTKdjCr62/+S9d1G7f9bfj+vnf9rPbVzI8ZT9QWi/q0gg9CPXvA5jueBRCtVOgKr7M2psWsxvOU6ySmW15QY/DYt8DiKY0Q3qmSLGS7G4Jo2fQgPbrH0/LNgr9LfaKbj6wqeE2R9vBrTtHgWvJuRb5+mgl6foU3X+FeWY33CyDcDLKyZ5QVniCILQc40kGOcS2i5B0qkKwhlFEeBixRwtaAV5qkiwqWN7nW3QAhHkn+LWm2n0SwaK3+FM/aavcAsJ1rl2UZQ0HcxIc2eFDW2gIbqA61ZcETIulVw/0ZKz9LgWRq0ctYRzNmzNJSLZ2mo1udZGuy1eZYGz9JgKp6lwbM01IpnaTA/61ka6tc8S8PDhdr3LA2epaFUPEuD/YM9S4NnaahV5lkanMWzNLgb71kaPEuDZ2nwLA2epcGzNOjFszSUimdpqBXP0vDA8CWheJYGz9LQVLNnafAsDZaP9SwNnqWhXDxLg2dp8CwNnqWhXjxLgyyepcGzNHiWBs/SoBfP0nBLLA2QA8hz1NdJ1FCuVuYlXqbXAZzZpMKhczNEBQQsFVpqokw9k6HLb6yYNKKwbR9C0C4KnkQjzsw4r8pI54BrFuypPH82ZLapKRC7ciNvQoXjAvI5YheuZDnTbmdbZP6tdIjyVBqPnEoDvuQ3gFZhk6JgY3HN/WioesXuvI6SgkMGgcc8uMI3uBYySrMZYRsAf651L/OqZUfzGpbsac9r4nlNyklxntfE85p4XhPzLZDKD/LKf4EYtnUsh+Uapckn10JbdT4GwKSYsS8ccQiKGLaKSM+lJYgp9Ywx2V4UrQf1QNW4P+5DR+mEC3zrC+aTSC3JZBSDgGae+pDH04h16JCPfcerK82U6ctvZHJAfCNe2qPBgROCLRLRaKqaI2YcyItJ4aQkT5cBl7+PfRuB2xyno1/jaFJc3vQQXWm0mOg/ar3QC+Ji6JSrmODcvMkBeXnYtxaS2yNR66Ct2MM5oOQGPMk7yNOL4ppVMbiMshH8IfYrAav67y49A+WI1nkaNwRwqEDTMbOcrRlsoYA8FB7aDkngqnNweRiNaM3UiCvSirydQiGV8syG+Y9GR+gVaMwChzTBZj3XRN+ssh7NaNOsTCxtDrGPzwqFPSwHQA9oSHjPvMGU9kwbCRA+f5F84VmtrHdQcm1mdjAutwBHQxYDyK+AJEFMSE420aOZraSg9fSTvDZvWjeD5CBxE0TaH+x3IuGKDYDsRmva5n5p0qtRshtsBv8mGty4RVzGkzktXVOYrjHn1yDgdx0JPw/OF+fniEC+mFcggAHG9xps3TLpYiDu4MvUlr0hjVmIJvil0tBWeVx4SuAY/i5lJJBLWWnCiDU2Ig+cPkZcgmwb8CrfdeagKjB+dYvQilLlmlcEfDEcsHyeTiLkiFAf/VQw2WSQRMOUT/a1aTraoimo0JChzmRW6XNVzaQha5jKUYUHAjSgGJEkEHSix4aCnANa1tfCTQyhCgGR/Az495XdUbwPVzD5L8K1ZpPsm2yEXpAbff0v7bpRXl0zmpozjb4IP/03Oy+abm7j1KcyB6tSxsbEfz39EIV/bIc/fHz6IeR/PRM/bf309G995/WtZwN209MPe+Ff+W8fQvn3p/7HZ1s/ade2/tzkNWtrmHZn80IJy2PZtX+2sSSyjjjCJSYwwIaUa3InMNdzfcEuCZlF9q9p+y22POKphXbO0/hVi6fxs9fvafw8jZ+n8fM0fp7Gr8MHexq/WxKsp/AzydhT+HkKv6+Gwq++sRtvezBMf6XB9eQAUNgAAGJUNYmO5BUBDTpOyQVpaCta8qbplaTCCmbxl0ILme4Hx6C4whSP9WCny8U5jkrtSJgn43ygeU8G55P0fAAx7xTHA5pWmrNZOHi+/fzb7R92XoTcoMdBCcJkFu6zZT6Uo7I/NUXCInNfSuA9mJ/+xCJmT4voaRE9LaKnRfS0iLdKi2i4b5nt6RFsRvWtp9PO050T0rgBlQ1P7Ygil6CF9N2q953nxPScmJ4TU3/Wc2KuixMzEJEqDd0h4lnGWbqY5zyKRGq9JThU2vhxWRthDqBRmdcm2pNc2FGk+vjbzs/4OqtTzW07b+FPqX1h7Zk6z0zd0WI3KztWk6qpUdbqsHKrsAJpKNFtOBSiYDZWuKcqFNd0heLy29TkaDU+aU4dDchdudCUqh2VB4c0HrqQDl6BaU13aUD2ISrgQlXFZbcn//l+fpYesAohUAqJsN7P5Z8H6Ig4icnOyX7oBZTiAn8dg2FqZRID5XCS4TnCsA+jB+yHES5OTfGIJelIAkMwe59wPWMVFoL2PqjaFzZE5dRrVhQGt+SlgrKcp6qjq2oVlxSUtm4pKK1CSxrcU1C69J30SoHd6bY8VlDOKHMB3SrgvgDPCv9W14N6dNHzv7z4flXxtVGkVenEbWHSuEuLoyKY1bRvPa2Hj9VrzAgpgvMIAkgW8ybRvkRbP7hohpR9anxRIpdfpiHuPCdzETarZlP/8OVj3/A5rIYfepW2JniCR+o2QYNrK5zJipZCbkMwLHmx/JY288p80FCFs/rtBtuNI8e+a1Jx+0mhdBkumXDS8S0D8zbGTNFEG6DMRwK7kJp+RScnq3vUHGfpaDHkuT/SyVrddmHGUhyFsloKZxCw3FFimHbqwnXSzQ0CDwrvLSaTVZxLXf22UM5EPdqOEGnusOaVpub/5ZZfpw8YirZE7Ww/bxiMbaIfVeQjD0z8qEUvfurtfnym/fPj1k+ukMVWi6LbTQplaVepU+ANblQoZq5RVcJgE15XJykt3YJtcd/D27KqKF2eXSglQd6WC7dDUO4DjLJtlQLVxJXTyjFLt3I1x3o9s7nF6LIDC93h34XSGNXbGNHbnbXHHcnraG63wN0Gax6Uij1Lu79+XK+b+GwibXtU18x88kBuqbOa7HLLR/QFP812kF71kboAF/OwSENQ0dZq8NCqbWXxECf1u5KmdYYZL9R+JA14FxtIPxRpBocv7ZfFuXQCiJ7C3FHVbWjRO+UGPURrkyp3LbYZ9DDRi+JWQN2qdRpVUL2Vaq3czHf34B//3AjDcENDsguudjYQvio4JWfy3hAJPDd0GiGd/oQ7TfpsMSCYGhHQvqtnvG5wiKdgCLg0RMyabeiwRnQlv2FPTGuNys6jYT9aFJfASoInDwGKI5t7kk7itTZywuY4+x27g70wzOAF1hZniwn0dgjup1/QjApvZnoGqBil4RByn+kGJh+c89/IjVB/fphiAJ3+zfUK0ctVqXAcF3QtyemPa/Da6e+CPxfzkfhzLq9ThjV1wnicxWN8+8mCRjAXGMj7VNqz8TkDv1tN8KLCGFYJPg52g80CFbaOXb6vWrLWnpdtHIkWUudTHwcfPi4zPpdqrFNaK84+/ZvajVsF1NVqqNXqjEYjSJWttrn+In6H/DUu8sEFxHMkfxBfkPkWqXYZ2qZGNx/yHVqnJdCYL/PoBcxGNd9Rzp9pIYInz54YFwhtfhpFX/tOV3/ME0yRR7JB6+JCqKviR46dxCM1lxkEC7CrFjw22frWIv0cz7IY8CparpSm6Vevl23OsJcTgGin+lsPW4y+jnPDT2qEyivlf1hGeelBrnZdYvr/8DIefq49ZrrFNTmWGj3N8uDNGDHdI72Z8j3P9LOl/fodbgHov8+Bva72g+UVdK1eefkfloeND8ZF7d+2x21r1i1M9fadBWhZuCksN71N+waFqrFT4TqHX0fFSlXfqiYCfb/9fknm0bTFbsBuG42AFpYtJMl0ya7JmBqfTNtsPnJXoJ7LjT+uvqIsp+T/nCD01a3r+uf8PXaVP50IIHQhacdHbHBYYDqoNJ80+EaFupnxQHbrJypNY70NmetqqJD1kiLVdetWmvwtC7d6hl6r3K7j88s0/RzyYG97qwQLJYQn8+kJf+4G3377Db69iDI2X4/xN71W/NRyJFfLhlYFEc3nuRpQB3I/X10gMmQ4RK17V4sgrvQXF4r1ukNyMvIOfTNlibQ57Nob3675ZdrrKpFzlYS20+vbNaBMZapw3sUvbI/JxloTwiAsrWalC6MkGs/SnKn+eci3sx///A8Imv10cLT3y9t3p2dH+6ef9g4OTg5PT3d/3P2eDdR/lqpIZmxjZgcovS5Rx9Hb08P99yeHemW7P16Am6dcySJnz8uw4hCPZiFXf0I2IthCJOp8f8qqOzw+OdzfOzs8YK94ebL36c3e/q9Hbw8/vd17c/T2F+MrLpiiAM1EtJQfubHzmOmarOLD/ziWVRy/e/d690c4zv+zJxYxvhWfxgW/ef/1+9Ozw5NPTCrv3p/sH346PTyrPHSWztNJOr6BdvO7z94dv3v97pf/FO3rndD2f3rwitd78v7t2dEbVt3BK3mTsvAeQ2xwMr4s9lHDrjScNeETE8vL10e//Hr2af/Xw/1Xp6JNvI7fo6R4mWY6puk+NxPTb3sF/IbqfaX23/eOzl6+O/nt3ev3bw4PDs/Yz5/23709PTpgH0a/7p3Br28O356J92oDe8pG8EgflQN9SEOJZ1f6dVonjt8dQKcenh7v7R/KqwE5kV9macXriG5hAxOKouBQHNlyobG+dP3vM77q/dHBet+0SFQIaDJFSzgBOWY3/SyaDSFmC3yU/G89yF5bk3evdvo/9L8r13S8mEyOU7YC3+wGRxdvUxiTEDoj75okTOFny8hxlp6XXKwQXftLXMHlnWPDB3Ru/KN8CffA6hWSWnXoyO1UCFcui7ST/iC2V72S2vYqa8vSIh2mk93gbP/YWel2rdL6l7Ss7XtTE6dA8T7MG2uTWFCdpI7OtTZCxwU+KW4A4o0dOfTKkPL3OEuukkk8jg/Bp0LhWgGuXtqdbDOn7N9a+OMoSysk02Gw9/p16av5C0b1etkRai/naumL774rOaDw2vscttvyJZ6MBi3lmYxiUL9kX8SU289n6et0nL+bHUKalnyOAJXfgD5aGm+IAU2zcFBM5wO224fl8TVA3XA2DodxVuS1noZf9Yazrnk3m9xoLixHN+Bnvk1nJ2lalJ7AZwCKj42Li2RSGhnkRuM7EAdWly/SFe+3Jq27IsRfMraOHsdZko44tg1E2Yj7mHpPsWmakhJfXDBlBGDDBWyibNvnmH03ZHTgwaBfjsefRrBUrVxNSdPa0DtXa6Oha8gIocsxVxx4xsMAdnhNC4cfhTjLJzwIEEaYiPUeUfTh16xlj2Y5EpFwI4vhs/raY/38atj6RmnrQNb3DUjsyRegY/GtjcRwhD9uaBOEPmJykSfjGaiI4oZ28g+ElZlekmbjaMZPrlyoIQAoQ9JZKGQ4SdjYuhlO4va9x5u93o6rf3ND78Ejp/iI0Z0cjaasJvYnVwrMpoY3iwKjGX8nce7rGcSlD4xms7TQJVmVTjIDwYfDKIQY8lKTB6axubIVg7dcjoRS9vMG/5U8bEIUJ+h24CLiw/5qh/8PMnHgb8pOIklQ8/gYE+uB0yQgbjB0HF3k2zI2P5ajEL88TNKQt0Nc2JDwBmrrSmA+4SlY/Hb4P4uEaZSxZj/hzAFyHppsj+SB5A4pZbC0mK113j15nxKbhs4lr+6fsOPCIf/H++MD8Y9KlEbJJwPnlENc73NY8Gfx4+5AdECtqxexssfRlcoX97V0qEpaXa0vBWPEw+5GzR33lXWgcm6uqytVjY+jU8t+4a+sezXv9Lr6V6vycXRwxUP/lfVwHq9t5gLi0qPoUR7d8Mh6kju+TT0aTeaXrEsrvu2V+7VSX1+43h0RcI6+djjuLX1On7VqpxvCAB5ZzzfNYQj/WdckhroexywWEVKPrDNp8jQedbSQ0JW7tl7lklPY/tQdHIL0IFlzty9ltPkNkNQeqdnmSrb9kRpu+AfcoulGiIj1/IO03oTBweHrw6/IlNO6S1cz5tT79QHac1p17uMz7jR38armHa13vYXnvntxDTaeen96M8/D6mMRML/OLhZ1PpIe1nMGvroOXoclr97F3pj3wLp5leNivXu9Re+Wu/PubHpa59rMet6e92Cm8UoWvfo89ka9W+/ROzTr1Y++X71l72vre5WVdwtDgFf+yEcC/4pHOSAgH9Y+HGQa7Dq6X1bWtybhOjrb9syd2cBk8x/nqatlR2O+81p7G2t85F0us8Dr3f7/AXZhbEIgJwwA + components: H4sICOIXxGgAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9+XbcRpYvCv/vp8BidR+R7swkKdmusvrUqY8lydU8ZclaEm3f05LaBDORJFqZQBaQSYrlz2vd17ivd5/k7ikGTIFADiRtI1Z3mUoAMceOPf52uIh/iLI8TpOnwfXxZx/jZPI0eBXOo3wRjqPP5tEynITL8OlnQTALL6JZjn8FwXi2ypdRNvo0/PinfBSnh4ssvY4nUfZUPRqGi5hfTZNlls6Gi1mYRE/VP2fwxjxMwssog7cSaBAewSfD/Ba+nn82HA4/C62+wd/Rp2WU4L/ykTSqO/wMmkznb6I8XWXj6Hk0jZN4CW8W+h8mSboM8Wc1iChbqk5gdXHy39F4ORyHw2mWzgv9OeS/o+w6Ti6H+KE9NhzMZZSMPq4uootVPJtwfdd6Yo9Gx38cPV53DmV2+LfxLMzzKB+Vv/4sX0RjrBj6pBqmZvJlFi6jy9unwY/RxVWafqRfb/hvfgX7EkfJ8lmaTONL9Rt8iuMdR+aHwkpJFUN5q/QS7Z/impoXFuHy6mlwyF1dqj7ojr+JruPoRtY+V80PcYOaPy9gafHfl1m6WjytzKbMm5prnII0i9W/h5VtKhuJf32Gk0w/z+J8+ffKo2/hV3q8mK2ycFZeHJ73qzRbvjJdgCbH/AC20GoWZsWv4FE+TheRdfom8Nu1NQnDIJxMaF+Hs9dZnGBv0tlqnugWJlE+zuLFknbdWTyPggn0D/+JrY6jYJxF/M90Wh1rEPx3niavaW1G6uSM1CdYXb4M54vP7J1wcqkWfnmLnYdP+IdJtMginHaYumW24h/5m+vjcLa4Cr/g2RhfRfNQrTFMQHLy+vSHJ28LPwfFkf3/h9ZesocRxHkQBrDXgNgso+DmKh5fwdonwUUUrPJoEixTnoIo4HOPvyzSWXoJO2P0mVXrc6v7Z1dQLQ4vuIlnM6wri+bpNXwcw0QmEU7m8ioKEqBQ8GgWhXhAdWVwrBewy/Xe42IRN+tX10Cx4NzwV/AiULkop5Zll0CPeDq5R9DrDIeRw9HWqw6TkV4gnRuVqn4LxxiqwX27mk3kNOJ4xullEv9T153jJGKjOMX5MqB9CDsyuA5nq2gADUxKNc/DW6gG2wxWiVUffZCX+/EyzSKodJo+Da6Wy0X+9PDwMl4qkj9O5/MVEPfbQ6K98cVqmWb54SS6jmaHeXw5DLPxVbyEtlZZdIjEhwaSENkfzSd/yOSSyAvN8uYFUgln03pARKHD8iCl4D3IVfEQzSrgTzh1b168PQtUT3ileFHMq5V5UeuDswnTE2X8HV5VVGeUTBYpLAb9g+l5kK8u5vESt8E/YKaXuHTlap/RtUgHZIGHd1J+4TSBd+bR7Bns6jteK1yVfIiL4LVa9mVffpmn13qgrsuGpcXHuJI4mfAgznD/L5FwlChncUrqzzoWYRVeExdUeta2rcrf8xbLItgEEVJ1OJBhMEvHcAhhUlZj3APhMrhKZxM1gmUYz/KaaqdpFhDfgfRDbc9n3FbAjeEr9KvcsJVamgdNqxLCIifRaTLNQu4drHbdiz6z0FhhgRyqjYC0CLen/R7u1mxO5LChfhyvzHZATKtqsXhD2IVuiGkczej056vFAu5+vB+m1IU0md3i33QyCzUrlk/fWQ0N6LWeBOEFXD3YzEvuVXAR4s2G7UjD0INoSbQGqMksHocVWsLFvW7SbNMj39WSatSW/ceKjlJp746Jf9cU0VFVOsUPJ8HFLXymZq9+eH5DxNJ0FztHDFexuncVAyCjqlytxdJAvcqFthMxY/59cq4CltMpd5IuJ5p6kKvGUYExgCMC5zycyI9Ij+Hc8LMBXzqtncdiGAkgPgk0BZdhPAn+99vvXh3+LZXjEo7hKs6ZtM6hqQFsYuDZgMsQqvsWn4yAW4uncIONpDaY93ePP7jnOQi+gZMcfQKWdQZ8iZw/fc+qDRjnsgdVzcDlwSCxw4t0IgO+oaEsw49QgQwF7vVZ/LGBkpmyhzeJ1e2fkQf+ZS/Yv7mCDgR7+M897o7mrPA3tadMt4imw8RfXuIJaGmWOAK8Sw8CmAQYe5JaVVEDuI7QtxgWYlLpJswu9LE4Jy1NwjUdfQoeI1NMcwazdzBi0pjfQj2fsMXxVQrcDVNEGO1VCLQsT6E3N9FsNmQiPglugMdJpy3tqSXErQxrFQKz6uJvS/PjdwirDGC5dDt/xCB2ohb3xmSVi+eMkYi3xRl7ZZ2FDWYMVTNZEoHEgpM2Scc5ztc4WizzQ7hPM1Q4HN6k2UfU7+BmH/Iuyg9Ji3D4B/rPtiaIlSNbniWq9P6nCnuRH25jphQ70P1ubp2vt0z4xuU2kCax1kDEZ+uWmIcTvkbC5PaezyyuxyrDnt0OlX4VGED8O4/h8obft7EAq3irxO/70+f3vz0P/wCj2sJBbhAri+XT0PR2OA8XQ/4qBGY3Htd+pTjk+nkf4sTVPmnpTr1orIqn3KWkqrgsZS1AymDlGv0u0pJa62eW5Nq03ifAka1gf89FG2K3NY8yVNThUgpHBDs/X6TJBG9+/aZWhIhG7/ZBSGtlOW1dSaxivKh9yVIP+8g9Xhvd/4xbfSRxLwlWiRa8J8HH6Fb4ZjgJ0GqaqVUNbV0YMLmo4rpwSYEg36IEiBYhUj0u03RG3DPVSquYRTAsIKhBmF3EyyzMbvVWQaYU+hLCm9BhRzP/WEXZbXgx4xpFnrnAfRCh0QO7fwXM7DydxNNb3IxCaVxUrUTR6gnaKkeLEhAqoP5mUjehRbbhqa7c89bh7rGSAHcHkA7RoMKuyWn6WVvMG6Sk0k+zyxBVyvSeMvX807WB9snWwssazWDaDvTawXmFrRIugQfgR3A1Y39El0J6dGP3c90kXDsZx7a6JXiy1t8NLS80Kn38lnNLyp4Oih4P6umh4NlcueNxJjyUOv6H5q6UOferyLlvJc49KHDuWHlzl4qbtZU2HofLrazxP1ddlTQPQEHjMTtuxYz/7HRVyNy9MsZzMlqUMN1mpLPy5c4VLx6z4q1w8Z+bXSpaHrCSxWOyncoV/wnuqFS5c4VK60y0sqvdlCjNCpR65Ymj+bjFZN2+SGXbc43ZXrG2w1ydFO2+ZIz4NVVbZv2qEb/Urq5aHM5qqlNG/hXwAtmMhFkX031W/2pARxl1M3mMYrOqNUbuba7ckGrqkx1shp4iT1Aaxng9B4RenunlmULp5Zlenunlmeb3e3mml2d6eaa+9PJML8/8WuUZHDPs1nUEGflU3rwQP1v+FW5z+Fnz+o1cOjB4S+akx2g6GauIBPycup27AjYaRKBCFxSHspGj8vNoMUtvkeVrYL87eSlbtfHYMaAIOyrPMU5GXggkeqjWxNU4CVhCMohCpfZs1J8aIBDzRrHC95S+LI+Ng2/IJpojixwWJDlmpup7WVqzxia1eAvTscqVo/q57Yl/3kQnfJyAae5dbHMXVxeqDL5I0mVEk4GxQ8WBBxLmwUyqHv/AWS9dLcQuv/z+7RltjyT+xyoywkEhGIqtoQkHLCmPBGcD0hmpxYqWCnW8VGXtXdTZz5NGtsq2Zl9vPT5vdliEiBDMrBepkPqKCZkVJ+dsqzIbyoxcjPnpcEC5+PmtB8FFmi4xwHPR5obczVPLqljNGVN887Oe5YI2RChWa/X6srDiEWVuXupgC3cVvlOExRnHYErXSZKqtxXbYErHKAdTukwKFt/IB1O2EwNhiqcroimecRENPfZcVSx3GSthyv1HTZhy36qqYrmnSApT7iGmwpS7jq4wZaM4C2v2uh709tgLU9Y94+vEY5jyABRlxdJ5jtujNUxZd47XieAw5X5iOUxZa0o94jtM2WRe14r5MOVeoj9M6Ty3nSJCTFl3hncdJWLKA1b9FUvnJWuNITFl3WVaI67ElHuJMDGl43x6RZ2Y0j3+xBR3JIopzTEpa3S7zeWiWLpumLI/gS3Zlp714q2uuhdve/G2F2978bYXb52z14u3vXj7MNjPXryV0ou3ztKLt5XSi7e9eFssWxVv3TAMpnTdKutCM3Qy5nPZDVKDu80uYp8XUIL1ese4d1M6bu11Tv/dASqYckfQCqbsAmTBlF3ALZjSiV61QTCY8qA35V1DNZhyJ6ANpvjCN5iyZSAHUzrsM89Xfa6/oXH3cb5VVJ06XvXoW1u/hsHYwiuvPm1B5vHExgizLKyyjI0f1z6o/MjU7GkwDWc59w9JangZFX5aXWiE6qfBz7989iuDfVcI7wqdfz2A980w3a21sdHd1W89HnuPx97jsf/e8djD6zCG+zeewXz8DU/OOmERlUq0ejy3iDaeXf6bzipQ5NlqEjFbG+GODGkjKq/rE650FpnvaqHsXn139uKpbDoFZkcajwkZ10hLzljm88WKWmCy/NjqTx1fw/WeTo07OdasnO7hT3u6ib4UftaEUNsGVchDZbbqvN3J0sNfXKNxCmMEqtOsdP3KXEATUB1MY7RD3W1zUmqlaB9WPvx6UmrZBz2zlrWYAiKsuoNLNF7VfN4m5urKz/AINXA4vix9oTLLrBRaYyBZkrhqWnt8sRgh8Ci33sZFa+aTT7WVSh2FSRrlyaMliJrw4QDWSqdXWdJ1ThO3Sj4m6U3SXO+rdAnk5K8p9FQfoNendjsM56/+BceSLc9PsglZe25twaDAWNStW6MkMA8/fRsll8hEPTn+qumlOFEvHTe8sgiXeH8/Df5r/104/OfR8OsP+++G8tfn6qeDv+y/HzmfH3x+CC/tvzsZ/qf89m6o//5p9OHzg79Yzw7+xckwOwRK4K/CDGZn0/2o6rHMmdb+NFZHdeLLNKF5h/xAFmaRSVEz8TrNoeZr4I1eRbCm8TXLlClczTX3rSk/IsGWtwZyE03D1Qxv66vwOgbuQW9h1UZzbScwZH7HjH0ehYnIzYU5UEwgcCMp8IAhZVSi+2+VMw5HkGBWi1kLaVctJ2rc3VsmUWXNpqNkNW8W7NSUNb6gVmu9reqSLIfF7VbzhlNwhLN/SjdN8ORxg9RYL1EWFNhIP0mLjXqUunBPdx+rdXHL84r0/ntPRfMfUThbXj27isYf63djpwhPqzaL9XlZfcidR0bJmr8antWUDkDFdp0PPasMHJfvkyuamcZrA9Vvt9853NqGcrBQ3L10BI4O/XSi/ppQu/cWu8/mlU/xfDUPgMzBScSbbKXf1KaXcDZLb1zXDBDoBDj3VQZVZjDZ82gSs7oAxVJcc6mC9sEymKfALO/Z3dozrbE2lDgeR4N7Smm6p1T3gVTV3M0CvYFVGKbZkCfZSvhXLRj6+HYJfNdqgaqldLXcBmpAtVaeJLZcRMvC8pDxCk9j9ZC6lJeplq7M+bYWGBejZPF6hYG+MTG5cMrTcYxcrauJqyxdXaL55hxt86PXco5Pn58rCcfxNWJyGb1ftCwKRywdzoHjNebAS+KzSThz64ENu19yk4UKJre21KO0hcG+ECmSckMl0h64m7GJPTUGtQL3hsqpbbUhC7froZhmtNlTK2F1za7VfM6sJW3g4yOUHFYO6QMLSFi36Qo40PyKou7jnJQIvAWgaRjkQJ8FVoRFn5CSx0v2pzvaCK3IIlRnrRHdXXKHVaqt5TlsOtly7WGRK5J9kCtIc8Yn2XneymdrBrQQpjJdsN5nwDtmCiKBEhhq2AIjfTraYgU3DjuJbpRu0tjRK87qfHNfwf+gGWxamB0RsBQAxTJ1tBta3WNObhYjxgMQWKSElvINpe4+D1ufh62uPARH6z4PW5+HzZQ+D1ufh63Pw9bnYevzsPV52Bq+0pL9M63X3oY8U1OtMTQaeLiSrYx4jgl0PwNB0CXXADdDaqOQUcaKJmHdNrlpFqxiFA47v1BG1dDRBPrToH73uzdwCkfRSI5iTa/ZPZglH9Ud04fGJpwYdd1mGzZ7Zb4tnw6YJtLRWFL/rXgYMmcp3rRL1ik5GzI8HAHgKU3MSOxGip+0NRlX8OZFFCXKqnoJslVTVnJphO0uqLxCWSwCmZUlQFF6KZ8f9+q75WIvh1PuSCc/dul7eZsMgAml6/Isw65/g/YlNwwelu/b7MJcPAyuqni7zi7b1JZcuvrWqiVUTi5Kk0dHXxZ0DqI2WhdJKqLdYu2I9kkLpyioq3s1WnuTcClIdXJQ+NTAYu4dX+1ZB586zv65+Bt3urWFwjY/Dq7QwHoRTfEuuohQ3Fin4/7r7PCyUKWwyMpFpEhS7nyH+rn2ti7B0IPqsXHFpdH2uZ2N+fT46Kjloq+3o3LRW+BNmFxuRflYrLFk7cnot7sw8tAx0jalOttOwYKT2wYcRw9Qn8IqlsJw9oqj3gNmIfwIzcGlOY4mxIUjf1cwhLkG+uJyFOy9ezL88sMebJgzDhrS3gb20JXzhBo6zQPqUF1beT88wP5jbAr+vyIXT+qWZR9udpfefv+iVBfZ1r6sqcq1mbUfUNUZQL/lc+qNK9D7d+/QS+ffhvyf9x+a3HU2x6eWAZ56ALF0MpMXKyx4S5toNfTWLaXMAZkjmzeljcHCLo52mt65hljZ3K5erPmBG9adODBdTC5bw3zpiPTSmwmKpTcT9GaC3kwQ9GaC3kzQmwmw9GaC3kzQWHozwZ2bCdy6lmbskDYhzIkT4il3eWKCFDyHOZhL+ylpba39UkN7NY7IZzV+SXQyLUlohExuknIAEEod0jvFckCdDQ3aLTVtzN2glTwAsbIsUK6dSdQHLqUrHsWWPa7vDgbljsBPdgF5sgugEw+i2QZqcs9b567BSu4EosQXmGTLcCSe2BmNL8B9DhP/Fs4MTGRD4EdhZYsfKIf+8VWYXKrwIH5FaUqb7AK5OlHsgi3fNtBglzjaTk/bk1n5b17t1msrS+3EajAwUn9eRiDzm4HZ+ojC7d4uafNdrMKrTVDuFCb/Ihx/xFbPf/45GKkce9TWL78M8bcMNibclb/80piJTZqwxzFRBzL6NI6iSR589QSXOAvHUH1eCguO53M+mV/+yXqJnfPhJUerlxFl/8JDnFCr6oLgPuer6TT+hJM2I7V88KVrCGem/8wq4J6M87naRLxS0xQ3LKk7ssuVI6Egl8+D88Ksnj+ldgrKJXG1bl9HrIyHBtWcqFGGswV0FLqSgSjF086WW3IdSG/g9A/85sCychwfPf5iMzvHpiYLtDA/B5Kq4GoajfN+R6+mOn0Cr9KbYJYWCcgskrBfJELzxZJTHmIsAL1F1mAdWCtMW0PTVymCgrCZ3nqbmebsI2xbPO4T6dwIVla7CcCyHXE3kEO51S+Rnm+KkTTRrFEOLgWb5BFarxvvFgaIIG6X+S65NgWwYQKEFoTymdAt1vepiM0zJ+Rfy06glcnCeGurbNWlxKQlcEWwlPN0lbAjFssOJi66sOT5IiLOPphkOq8g1twc0WmCxnnuoNmjARlEmXxLQ+Q1IfNKdQvJosi25Ja7NYvnsfBw7rV6VTNY4C1ZqGcJ5xx5g/Fyxq0Fw6FY/88f4ib4AfGv4JAu4XxsaS/UVLnhlrgJY7oeyIsFHlxTC038FeOFTKh9lIq9d4pUqzeL1LDBbrmHRcXgOySweQMUj/9aFmvaBI9HEd83xcBAH/HfliOi0eWIm9EB8Sb4yo6uMj1ROWEJuIfJuxWu+ijnWMWGbthfhbabncrgyhFvWsa1ZI6BwDwoRtJ47NE0Ykx/Ol3egIB7CMzXBP+gYYUY4BakiX1nNU6Ttce2Cltk6i5AFzWiEZU2ik7ZYksFTS51dSBFpfo8EYrsfmstd4NkEqNldK7A44AliC+v4HyvYFTwyxhWgVUXosOrH+i/N3SBtyl8hvdAOJmbTqjm4QDldBhqZu3k9Snjob1OJxzceDsIEOJvsprZP1prOAii5XjTJNWy2Qq9asJtcrNeDuwmM4ON0E1YvNJM+0A4VUbZlm56IygnQ1V8oZyw7ArOCctuIZ2Ki+lUoHhhOtGLfk6cDwzbCYuXvq0N4wlLlw3bFeupQMHce2drYE9Ytgv4hOX+QJ+49XsCfsLiAn/C0goAxS+1gEBh8QIraIUZbgGEMg05NKJOYChTQ7NTcxeAKN9++wNFYWn0KfRlx7fiS9jBj9DD5uXhP7i576DHLvTwGfQnq3flK3i/foL37SN4D/6Bd+wbeJd+gWv7BHocLrcvoP+56uoD+AD8/zxmx+335z87Xf397t7Xz3MyWnz8us1IZ9++O/fr8+KRPP35/Odml358D9iHz2Oynb57/hPc0Wfvzv31NjX1dfXRa+bz633zHM23paZuX6RyaFMNiplibYe5OinG3q9xVGuqtpBVqziqpXZ11eNGIHOl1iMxb0YuSC6m+6z+1YCOMnrU5TE6O6lai3rMmvrSoosATU0Fo228HgZsL8/08kyh9PJML8/08kzz+70808szvTxTX3p5ppdnfhvyzKsW5+zCkrk+dbhp14xfLKJNLtollr/pFnWzyG6XbL+9uA1X7FO/wXDZsSP23Tthb80Be+vO11tzvN6l07WPw3WrF4KTWjlIxQL9RtbLkCefFs6N+o1vSELaMSGJLD/XR9lY8W9q5+aFnGyN2VTYpeS1aljhDEmz4gmTZhNGWMJ/kE12w4xy1B1q1HJDo9HL2E28Y/16WdNh34GFCVgnk5x4hLui/nzvaKsqGSRM5wz/I8vclrptC4tSrPDFJ6BICMPPsILPrQ4CgX6h/B4Vll4eNR7oFiDKwhTRMExb6y04l7WXnYsfiI7k/K0/142jbA0at6p1nHkT8mjCfQsXUhs2oPFkQzdVCadri07f+n7D0gpWiqUwh6hZKhMF/I3nqG0QvgCdWNKFT9b4dZLAp4vC6mKXCsklvIbChVflO9S8nIeTyfkgOMeQSBD3zomngH/NgVE/p4tCB1X71N3mcaQKJdj2ek865vkudtvjVW9ASiyLVoQpLussKtZdPrRXm60oHU9M3Uu3tGaYxSWTiQIpMFdWi1ehxFyj/ozYxEOs47BL66hXTdIb3p02nCIdaQ6tlqhb9hM8BzoQJRPZcwtYafwXIxz7TDiyfygAwJnjffxUAv5J/XgU7EuVB9TAMNjn9g6Y/+HOdW1GnxP4QR2Tp6hOpUbFAdK/bovH/PK4GbvQ+sAfuxRLp41O6utd7XTWjRcytivg2rX2+ouYYDx/4Erkj28wrCrOjaWIAoEmE4ER8KUkgaGu+YhPlXA20CY1oLY2u60jhoE4c+YowmDsT5ex/Bix+luE2nARU0wBqrXy6+MR3VSW2QV9YOk3XN12CGIsF9E4xKqNk/aQgRauyNseQ0uG43SiM9zzxNX0w6s15jjGOq06XKCT1VjFwaS0cOQPv79KKDsW/k1WnwO/aXsTTQsquqvVxWiczi3N0zCPL/PD8nAPL2bpxeHkKDp6Eh5/8Rj+GE8mX37x9fGXXz+Jvv7iOIqOJ19dfDn5+nhyEX51uPh4eTjOJofkQP8Tqc1Hl+kfvj0++mr47fGxzwEs6JoU2MRQfPKHNObcmbzPlGu1w3d6ROkI9cfULl34PyztgATFss5a2e2ooMm/pQX9mIWqMQ5n45W4NMiK+i0ilpMiE2E069dhFiOkSiHyakSmQ/MIl/RiFc+W8Ez/6t847yJLASXA5hI0KB4AbD/+Pycvv8U9RrSx0yBLqp5mROzSZ90uYyydLmQsas52vZlUO2oz6X8XI7M67p0fVC0qqlWfT7/dg3Shsn3WWNXHX7piiQof7XxNvXDRuPjgymMZAiVsfQUZ/ZaXvLvmhx9vqnRhyGNR+oQOehH1ib6s0kQZALWiUl9ZLeOuKEfcW8z/QvDFTa6MznyIySxJ22+GhWyUft5+GjoKGZ1OQIe9344Ui6UwC/hJ/fjxSaeR+1CAXY2cVGdvxF7twUQU5qD4sWz7wmwgGJ0H3aHzgR5GSwWZZpSc7VPZjQkaO/Pdt47Z+96y26mZGhu9T10uPhiG5cJcCPt8oQ7TpFUpdAB5nXCWp5Un3hdWHW7//oS0GARKxwpTOhbUmKYCnoITb9oLkIWisC1NCpaiNVhsLGssaG091QXznKe6ZS22sJvZkPV5DhJKeosGTrI27XJ/17fYutO1v/HL2u8jzMTt2QOeXfTWgI02qvTHk5XvKkKJQ5Xvy1UUu3pKeRuMcfzetUo3/PldL9OEXdbiUenD7nwqls7yh3TSk9urNtXG+ZXf9+KLuVO0FV/D6b2rY6jb6nwA9ZcbHz2sqT90hdIfunJTOzp03i/7ya1Di39peRE5npZXinyyh0zaMo72MQxt07vjLSWpNr7i0R+f3dC29vZxbaiicKKtf3AAztVqHiZDhAYhnY793OGjzyEALsWxH7Slx+FrPWhRgj2fnDYmbfK9H3RFPDM+qlf0PxbPFKNvkHqaid3p8g60rmdKT6JdNKRfKj5GD07pXclcfI52i/NBQBadmziPlNdiY0OIlhfnbUOeBi/s6UUrUq6S2tZ3c8GwYwgU47HJmon+VvaYuDttvMWU25T2WbEg5FoMMdt2y/JhJWBhx+jerXS++QtlPPQGMWquwhwAPQ9J672hHcDGDJeHKLHSgp8twltz5skYeDEC4s8cdZ++ypdNs8Yz45y7wqypitsdDO9pziSdnzuHXUdcfG++rYtMoTqqD7VJpbAIYw74IzedPDf5QowVvhWJa2XdC6zsw+jEch5RbQUsgSa6FVXFbB16kz1Lk2l86eqZF79FNry1tn3ly21te1VxUMxF0vz1Pez91rl1helVBDgvO/8d3aQuBnxIva154JyOAhNd5aKb+Wd9Wazjj19m2PKS+VN7y+DBH9NhWtWH84q/rFKfqh3JqmBW7EtcD7zZSKr9/Okb6JjtZq+Nu8apVluN9aBqaykM1Dms1tG08ybuzE7+5LsxuxM5WrYbp08ryU7I5cVgJHPuI+DMruJLdJqZYWShTojTWG9YuyiNYMAIPY/3AUYElUGBJ/oJJwbOg8tUsAAuInGv1euVAF217ZDBa0wDTaML/q+XerIS8sd4S25lePHmypVtE17TK4fSA7nyO+VSqsuJozMhtehcmrMkOT+0MyiZPEkb3+dtaYoeyOrcdbqi2oRFXsKIx6zvhhloI213Jlm3qeR81137HRqo+rg4VNs7sU3KJv0W+41ovA5dD7nX3lylM5Xoj73um5Vl6WLIdF8gSYr8ubjncga/KEdCzT6keIBbxzuwTNgXRdRfxIK3G3Aukctiyt97rZC4GttckfzkufF8bgp4Izl5ffrDk7fOjlU610I2StU2DMJiiK7jMPiOPwqun7hlRFnjM1MXkad8dYEurDI58kQYJGeFf9cuyMGzN8+dRMbXZtSddne3vdW1YR3Z4lQLkSaEHqTj+0y+KRrjJrxVqES5h6MEpwZ4Fgo4jXgOI4UgDPfcK322qeikbhiISrFariSBAAY7I0Q0Rd6Yt3xbsJi4FVoYX4uf+ffsZv6NUAigP7xb4aLJ2+MGVMwAcISrjLon8rDYA5BdWKQ5AY219XRLbvAwXd81qu5V6bzNsNLCvlJpXtTZJQWpVgaEl5jpYEkJZtRZhJNJM5srOu0Rxojl97Z+ye0O1g8rXWP9SCueBXNkrvt17LSOYmrZ9koqqH8RsIu5mDx5AlMMGRcKrrJCcSDPXc1Uq8217tUuttfWiaCZo/xSflNn8fNfHH3d5h/RwSfC2w/CJ4y46+bCOtXOUnl6ru3UFXe8wTy9VrYWQNbFn8TXi0RgFDstlXwjqhD1LwYq7bBJtzQvmvd6GX6K5zvYdaX6qyKnegBj1y9vgUeNk2V0ibAKWQAb/6IJ6tQUf2dYM6Y42e2ccf01cyYPfj1zNsW8LVu/MLlWOUpGulS/M6UdBcJ/yM8sFcWXSepUbqjyDcVgKYqp0SB0ZQvW+uYRzMS+0FBBzCsEEA/hX3RIMw2EexM9QlRhwsRDPwVYx+TyoLVHzsDfpkY59Bc4uyX8jYG95olhpw5lUKPLZnW7Kq27SWbf/7JtSFhjvbuDq7Y7mIrHvqRKrWMrOioGZu3EUjvmt2fN64q+5re8pKpebf0KPyn8NGtZ1+KeNllfoatIur9qzonNhc+EEPm2SZSDtv1Z5IobplHZHrY4jX5kaGfzuDv1YKFyaz6JMzCpgyPEarU1g4zVr79LfMCiVdmSanBns70LdmxuGFR7hvnUV1imDlsX/TzL7DFSacx6N6iYY1hWg6mOieFBYAdCQE8G2Hj0j1WItnL1nWgMpNq1+4LktrUreMLIz9L0ac1ebJ9D3dFOi5PdXDJSr95rcDp/u5eM5ua2P4ulS6Y4jb+1SyZOdnjJ2JVb8/n7vWR2I/PPjURvz/CWLxnTiN8lc0lplD2uGa547d50u2bsXq3Zj1/LRQMC1LZ3GkWTtBmL8KWKwahgIeoFz1JJk2j7tj2qdA3bXlSMfOlte/7rqDKmb3klVdoBIfAZHP1PCo68zJDwos79sOa2r4drB8nZhSLOP1q789TXec8UVHJ3zJmoivz8Yer8Z/pTWyq+SGFd906NqyQf2pr9I5hCbV6TqmxpM3naUR8MFJQzBKWu3nYzLL235YVXi0ChT/h3Z/P4D7ZxHbbGU50lkEY00Jk5hBEcKOYeeE4xqbU14uMnMPRDNxh6gSYM/VZ56MXcUhgTDbn1NT+MIu99uErif6yinahwrKqLdlu2CbEkLIjgEnfMn9yVMsffZlsgzbCgwzQb8uRue9KaW6ryvrGAcMKA2y3pjL5bFKFDbRc+FccgLYGiQ8Z8sWyHDtEzriDe0bcdfwsxDVU8k/Sg6JiH4A9RNo+B/WtHqYPFNGmELObd/Ch8JOzb1sqOD/wcDqkMO0ilpU88gV0eH/j5r0rd/l1fq/Odu09fjEaj4J9RlirHyd2ctSY2aJenrqFNlVtN4rYV2yNZa0Vc8YTPMcmXrDxjShjVlRnvfzxf0ynBKUmzmuGc3bZzqZhYbEH0USJFLDmA8barbulhVgwL8QgJUWXNtTacc7f1bapE3rqgcFT0WmnXMUxt9j1bUUxuhvQq0aGpL76F6cQt0oo5gWUWJper8LL1SvNkXQvj/kF39c1K+4FeSPCteuRxmHGc7mF6D6Mr0phHzurG4XtDtulGEFAez3aylDR1JA0u+MlylSUqDaJoUtVGmGJmd18QstOl5mYwTzkmygOpUKUYugr2MaeJ5N8j3keFhB4EFA2ooR5m6djK6gMUoHGfG1SDwjEVDP0pBVKzhyUcAk26fAcUjYA/oGmxpgQaGH/MGchII9zBfUy5UKPgfJqm55yVXqwg59Dp5ctwcT4wU09rMlb4R5T+IQ3OR/LmCOvwnfRpec2kg8ublI5+zotCuTWYyTS9zdu6JLyTMCBY3VOeFe7rt/CDd0eB2qeRABmxAx071KkchZQ8psNek0o0r6VzQUG/m9feeNqNMIMGv/VOcmNd6Z7BdjIBYx/2HVldNcwGPRwvZ4cIiIYb/vCAPHrnKjmsN9CuPSHEQ9JpiQtz55eKCgv6LvLQKZ5VQAk4jbmIJ+GskHYT1Trn7x7JI0zE/OjDuTWtmoBghZ0OEzmHF87K6MkX/3KOkaNRmAlLQbviXO8vv2ODr757JBVCd7161Tnz0Brohx35yzncO3Dd7BTIk5so3wnq50mcL2bhrboRKrcBhWSql+0EJuKXTFey2l+eXaLEjRdZFH4s1a8NUVJh4U1/EkkpdgaFYULP93BA0HFkA54GP2PHf9nrtJ/3zIX3/Ztv+W7DRq5SpbtX4usIf9r7le/KF5ovuoP9aRqDesYz4MqRvyuxZ6QPKODx1XAwCCCulp0+oF1bZHvwJ9y4nTietzGiSVX7C5WpXCFhuQeU1bgmfYufhUYV2NMXKWw2NSxkeKr9QElGzjjCpoc0xAFD5FTfViHxHE097cZKYxH6AH2rVg7/Xc2WQuGzVYJ5h4Ioy9Js0LZkqDyR5FmeHQl1kES1I3xz3SAsGFGFhv4W9pRSCWltrbbW0YknTVy+CMfIUFnKJc/eMqaGupAtAicr1TI9tGyEuG9nGes0BWsfTMqcNoZx8zRh2JdKLGXhcIq1E/bevwc6MeIknio0T20OxSNJpMm3Ry/8Yq9U2fukJZQZ9RmdR9D7eH/v33jJ9vNoNh3BTwf/tnfQmVw7gFtL3+yYXsP2yf2JNMexBmQIJPi804T22w5pPHfQ5E4PFby4ie6s2fLyVYWGC9kn0LqMKXpIfAkwhkyVtM7YVnH47jJkSEyAjon+4e6IXWevMn17A/tHYMMv4skkSoo/vxHuqfjr89VihmlCI292BLFQFESsihmWVIo1PfOt9QRO9HRFGTjCycQasuZ7xqhf46yG41lMzCTNPy4jJ0rWunqCMpMoLFWPAQFekkMXEa5Kf/2665t3F3W46+11+zu9np2/VEve+UO9K3ZCMla+dLRw4veIayqJEhaD1o42aYoGNJa7l3YVMHyj90nWkOzyMk0vZ9HhOJoNkct+n5y14HeaQnIKusY4dE9Ro+rJV0qoV1CNqKPBOd425/qq9KyzXlEJI7lIV4keCA/Ls0rOaPc+ObVEuMLUGP8G5Hg8azUaUebxmFNAh5CCGn7aCrpqiuVkwVwMo4fh7L1PEF6IpnREz3w1U2EyUQpR2sRjnamPVGkwAVQx8Dr7pvKDc5oubxavfVJrjRGe9bNqlfSNB0VvWI5WWbxPCAVIL4DvvlAz+g7q+Ht0++F8QDpN4VYx+U1prrpUzHVSqhA6B5w6aqYdyTvtjJpBUit4TIC3yFJ2cZquknGXA5yv0FyVy76C3u2PRiNZ/Jpl9d0PqfYA4KMBu5gyCaklY5XfhmsWf1BzisLBrTUN7xM9D1vYxvB3CPL5QNEzRYr8J4MJFlaiSZGw9vnT98mQG+08wwrLkA9Z/jT4+T1dV+/3ngbv92hB4Q5ZpAnO/LtHP8aTy2j56MNokcVpFnt4AHD5n8D3v9/7pdRP7oEKGRejtHeGlmpP2YeIdiD9OZAz/r/+7FnlUfA//od8gz0+OmjqcyfhlfOl1/Q3X4bZMv8RCNv+I7xCH3F77xNxO/Ssn/BTlV2arLFjYD3TOSoUJBsgbngfM7bv9cp6douMQKNARd4n5rbN2TTtfWGPZ6uJbGWNQ0A3jg2rqbU1OFLPquFUyxWi/LrpKvGZDjhjvtLad9yEdWnrJIrqx1vpgP8ks9fk+z0lEiC/+n5vFJxUf/Sv1HIO0M4FIU48ctInyjzYgYdJUvHpATq6xU0mtgv0OJK+KYcwM7MCILCVadWNKIYDW+lA9ethCDUuY6lR34qla+8TyluudxJn0dJeT9k8OH8XDv95MvzPn0bDww/y99Hwa/rn5958XuE2he1/UuFHVdsuINFiAVkoRMoJFafZRHCii95a4k1x5SkqBtJJ43ti6A5RkEc//fRI2vXdbtAn+Iqs0kDpoTKogqoa6ZrknUm65GeeNT8aVmoI8ytV/aH90LfGn37KZ6aO18WVYYW/RLbMPdIaq8Kc4JsXb1+8+eHFcwQ2voEFk+5J13+WX3+Btrsoh+Qz1gTBfl4GcBbobO8N4C+Ks4M/PWt8v5esZjP+NE74v2HO/yXFMP8JPHi+7FIrMu1xojoVcZ+we2kmfwhP2KXSeApvqyHHc9SMcWWzSP2RposuNS7C8cfwUvpGi46adf4na/zglijwh75VB8LsCBGAoxkWD/6k2OL6zNpPP+lqfvop+F8B84dAgrvoJpzd/DTEnzbp4yd1VLGinfQxiyZwTqGZTbqpKikQr4nubwfp5RxrPgei8TEi+5y6Yc7T2eRtQREDV6//hQubfhaPY6RH4fvkfJmFSR5rHTNKiu+Tv94qpazvOWjqWG4sLMrXmKUuaudMN+6rh6e76UJ3jy9Jzv/OdhoYx/evn5+cvfDW7JPaPVcJOd4n+cd4sWCTImo8FNfLjhzebBipm6coVo4622U8EBzlm53aZXzjk5BVw4Vpfa1D4spdIB+WvFhR1h2CyD1E1On2iBSPEVar565BI84vPw3b8p2o0t1d2i8DCpuBbXR6EjoKLtMekfIbZEtpq72Lu6pnphH9+hq46Fw62izWsT3eUSYSVdbOSKJK98wkqnRKa9ueqUSVB726d5/JRJV1M5qo0mG1PF/1eK3tRhqWczw0vNfS1FpZzIb6s9qHjXqR3WQ/kwzk6+Q+k0+tMAW8N/hXONXo/sDIv8AScRKruv1yyhCnwDXNcHeJiRI/Z6jlYgo1nXmXrOp1s1TugjDDjT1w3xfivfE8WszSW7Jk1G8pvzNdrY3HrrTp8hxTdckLnF694Vg3TgKWMJB8IvZs1B9YZ6iKL7V6WR4bZSwLSJeYs8egnUWZlZj1vSytWWOT5GWD6qNowvCyLF3YGdPON0kvQ3O/raQyVBl8Adcd+QWpuGtr4NqnUfRjMn63aEWOKOQB//L7t2cm5NbwZfZ8yA2QcMo3cVRz3/iVDH6y7+gmSsJLmPzK2nvm0XQH628zh6x4Wj1P52Hsn3y0ZUkLlSq+Wfl0TfhXtlPT9JjkTGPxCYpbguBfaqgUmOyPbFLGCr+xG86JISDuDUVbe+d4oSxYYBoiv/L2wGSyGXkCIQlWmSBZJSKbYXSm0jmq4weV1BOCB7cjZFH+Iwpny6tnaOT33hbVT60smS8rD917SGHjd582X0kHpvf75Ir6c9vG0HoFJneLSO4UirwGfqkeWyl9lMIyVcATGC2h3tQnUmLc2xnZk+Q2mK4yChvLonk0iTUiDKmTVLA8KoPgzGKcxJ7duT3TJrPR5AXW2uwev5xme1pWkgo7Yc8UAQ7aEWfwNnqLhu7V4iyeR+lqB0ht5RZUNDaKotGysITkVI8npePhwoL3VUop8DJzOq2tQAGPxezXr/AujvPkEfQpz9NxHPrAGyyvsnR1iZT6/C0GxrxmH+Ds9Pm5Cs9srQONLpOVxPsRAIbEcOgsrujYEWbGr4/xAol99FG/CeF+hAEL0yzUCgLya73FmWIhmKY8X4bzRbBP+k0JKAmv4epB2a8dyR8aS5Nlls6C17MwiahJqDucgeQ52XJLsqx3MyzTmNaR0YVeqL99rZ+zZpo2/PER3m0YueoFM3mbroCXyK+IkY5zUszxNoFuwLAH+gTxjR590qp8+OLIL9rfg15bhPBMePvtY1RVmmCZSXOv7Nxj02QlZ7RWLm765I9LOCqFvSNPM69zWz6jM6C7aGVYsEppwPtsGmP6eXaNq9Iycj/MUA5uR/lgFjInZeyN8n6YZumcQZ3UVBkenzb7FfwPilfTwnxpd0qmjR4W7dDqKoumsxjFPCDjlGwUalTywsnr062qbHVOah/dXGG3Uf4UyU4iQ5bp8YoU6qTl6wSDsI5C8HTKnc/ENSMMFnE0joqYbZKMW36EccZZpIG6iGB08ImTkAYVsCqQFISDcPi3VHa/BE0BCVyS4+dAO5rCIFHn9RafjEBwjKdAKEdSG6zKu8cf/BTHGPctmaUGKhZMxmtoQsyBW4Gu34jDi1TnyqUBLcOPEUcRMrGcxR89Awb2KADWDOFnFMN/2Qv22deJTO573CkdwmnnXjadY/inLL4EdtrTR44caK5hig/QJoNAMKlVITUT5xbeS7mzMN/Q0+L8eDXM4fuPNWsC83kgiDb5LdT2iUjgVZpHguUFIyeUhjzFMP1oNhsqD7abECikn5lbLa2Y5IFx7Ahv2fEAf4Rh7urs/h3qXocCBcFLhblQCBoZSUomuHfmK+Cxbg+JOiMYQZrlhxM0nh3m8eUwzIDCLyO63jBH0hDewy1Enp/zyR9I4TrEofs4YHWaT1dycrusM5+vrDO18XzWQGHALGE0WH6IKpHrOLo5RKUdjHqIh2YobtiH5Bpz+Af6zy6mj9xudjmH1MBDmUgKOz7c9jwq7+p1eQjP2XyrAHRK7SEtZHsGR+bb99U8nPCFFiYewNVYdkwNcLUoOnR8OxR2bwj845DEaWAs4PdtL88q3hnR/f70+UPZ2od/gHFumUR0MLMWNEPo1yLWwWU6j8fOb7XW5JkSqHcAMVppwmAIGEuZsE/qDeKfJjCgDMTodrkP+DPGzmSzC4lsrCJCS5LqASO2WK2gBg5O1YWC9mv3Xp+ll/E4nAXfvYGTjaFsfLxrRhCTNoElQ9Up05OWhtbBmvM6Nt9XVsMOiQ1ZU2ZpV1REAXPSHP1HOhEQDD2aM9wq2QuVJmwUBD8qwAj2wTRNIlLDRWRg7i5BDvVxEkQJZZULcFOAaS5ZYSKdDSQWqWWH+GgYOriScKfWiFaW0ZS31UDBrJ4hAqxXtSBfcfYUiefxo5G7xn1Y+imhuayH3KAWXuUnV1pYDmHibaDQAUiOpJ1m7SPf+Q2nSwJzYC4g2nCDcSnIxHLsdKjs3vHVnkVYTP4FdrmlAXi2Uzgux8EV8DYwH1O8IS8iFM3WH0TXHeEBi86lsB2U1b1IuB7AHu/iQ+u5ZENvyssmunYLx/265eoN9SZM2pHk1mY8qPaSLTGj3+7OhEiHVdst6yyHBctgbhsGW/sR50oZVhjaXnEG9oD9oYgCuO7H0YSkFORtCybX9kG/QDS5d0+GX37Yg21GWqJ5FCqWzZ4G5RyhpoHmBLXm7UdiPyR0AHRfxf9XBOpJ3XLtA3/SbuXZvyjVSBbdL2sqbD8Iu0gBrRL5BP/1/t27o+HXH/5tyP95/+FftmPd8Trs0OM3aGF7GyEt3ZqvVKnacuI4czJyeQHvJZVvKIluYOMoFxtl1GDttbPVCzEXuje1bbY7CvZV/dq1x1yA2qiIBzRPUcWct0XgkFIA+uDeoffvsmNlhHNuaz9HEWDqoS9vlxm6Jjt9VAq7qPiZ8h8YXwH5Us6A/Io6Lu7rJVeoiWzNlRo6+bb5svvLHVlLtd1P+SMVjIGCm4WH5TJKCFbYTJNW/FUG7K1iF6wu0e4TICQdiymszEU4/kiotj//HIyUMy41+8svQ/yt4hs7WspOfWW9BbfVJJ3DvxodOwvdsYc/UR7ziJ0fAdH46kkBHVj1ljC74vmcfSy+/JP1EjsMwEutbV9GBH2IvvYJtS1MufQ/X02nMWEgS+rWL9uHc2bGgqOYR7jR43xuwOaK4dlhdrlyeCzb5fPgvLAm50+ptYKtqoNHoaqSBwuVnahxh7MFdFpwoBXoJE4Nidxw7c8QabLLrGA77q1TM5jqFlcfBPuKTpK5TP08El/3alP5uw80ZQcdctB5wCluPwmd132OAuJz4CvJ3aJd5u5Cnmqq1lTqKr0JZqnQIsuzgCFAl7jrl+w0jm4V9BYJcDpjpCyoswMIVJyL9G19w6r3DOGwkDBOpIsj2LRaBwDb5og7g2FPt/olsoXiDYu+Hv5sw/GRYlweumeu196ilc3CeCc7xqpXZyxLl+HMys9M3oF6K5S3D5zjhPyiJ1gVTxLW7J56csST0GGVkSk4GpDswvMpzZFKRdaFWhBaTw6NIPBR52bxPJbYPJ8Vf1UzcAUrK04+5wLKz20Gw6GI+m7MkF/RhvohncE18TxaQhM72Fc11W+4vW7CmLMxoIoMHlxTC27xcEnYxhPqRTQZ+e86qVxvPKlh45334LcGw69Gef439H7b1o4o1mrpfqyQZNvalCroK5YXBNcTx64ulTdFv9MWF0LLfdAO8SIofmqMnRILXnq2A57pj4ocSueL1VJAho3f9CORLp2dsb8NbVuCivZhZ0lEAM1kYqQjwLtlESKlKLHCmCVUOo48nS5vwiw6BJ56gn/Q4BDfWMeuSF9bpqySAraoQSflEY6cR0MJiI8v4Jg8thbS50ScTs1Gt6I8BKxNmSNLG4hoQA2X2Xo+3DYEcqXjJvlURnm55ULiMTU3rnF6mA4LJ0n6/cZu1hhoiX6yir2FazWu+Jb5MNVbP2QXX2kkuESnQWeN/oY23d6ZlwmhuzWp0IDl/mcdJhYHdSINzrhY2P6PcuttXHMfK8ppxayMqYkwjoGSBZVkXI1LvfI39b1Kl0Ck/4opGiwHX7tFOnPGZD4R9+on2YS89m5telGgdmFeWnAPX3hbu3q85cS/RsW6j8hsqF3dfzeUvz5XPx38Zf/9yPn84PNDeGn/3cnwP+W3d0P990+jD58f/MV6dtCmvu1kV4J7OUTEz11sc1V3xepM276UaDAuUSqfvVbOMRy8ThED6DoaBK+iS87ChgqZlPOP+lRJbgTyPptEFbt1EV2F1zHaM9UBUa351HuCKcHpbTMtlpmjMD3KkZqvSvSPyFb6quQEawlqV2feN5XqQ6JmpXsfCMpt4074IdUP9dR6vKpWenunws/SOizuZzcb72cXNTZRD5V5mzl0PYQi/1GtA1GUd1Xgt9AZVZ/2yTCclH4kOm1K4raYof+qzotnhV23uLZTCE3SduHcv4jky+RYZtUdxmOpm1yg29SKpFZwEQy1s8WUgetRJWhXo9Mg6twa6XgM1HqyypS0MYun0fh2PNNqXtgvIJyHsF1kqt9Gy63iR+GJTr6ZxZdXXq5J3lmfu6d87pzveR0nKWu4xtmStbdz1DjATT/lp9Yu0et1hckQk0CuIkb6i+dtcp4qb+x4NRTuuLq8JDXCCptsdWSzlwQ30CXGChnwIfVqNJ3hRWhtnmB/la9AWr3VUB2y/5ChRcWL2aYHyLJQCLH4MxCJ4kH4Dpq57dNEzHWzYB8Vzripo2RZOGjY4KDWOwXdF2Y34a2fi5dAxFOIrgwN8esRzuImsQ8huYKo1ph2ejXw0tpDQj8FMxqYkPgTNKus+yhCQ3tjGKpXnmIsKm+Wlf0uzlUDj4/+dVDeK5YWhY0LuXb2gNd9g5OY2FB8G11D8Tj0nQ87v1HJKYh0dwKPByyp8WChJAQsVqnW2j1asDBjxylLiFE0M4HRzKTfaTNxq7IRvkAHXzJcHaj0+8VkF9HFduU6Xxv/GKz4V9gi0xhdCLJwno+C1zrv4AzBA1qbqNzyyl+BxKQ/B2/sLmzzcuL9/DqF/eEh/613I9htFHwOFvwTCfawTZuMrkGMlCye3grwk7Hx0QFGooPkxzuBZEVk3HtDhudBsPcquonyJaYj+w6oum/OUhIYk9Ro4zFLGoLIFqXH5/Y8AF22KIzkzPRozTfP1zDgQXm9ysP2epXnxePVTqwGMA1vV5lf5t/fAINEY9UOaxUIGk3EbTw3hPybrFAFHl7AvRr4JgdSV061eu/TYqQYzNtzkaczTGAtFe5Hn54GXx6Ur2LfW1F1z1xcWN/x0b+2+kpwIUkLeycgyUfoGfsSvU+NZx3ax/xqOykNjuqejVfsGkRGVWuIeLXiLcv3gF8LBRP/FviVJ4pfQfHU5lnUrgG+zC9WfLUIyKEJWU9xqq276Ti1jYTsa6UR2UO9mjH7EMGwUYrDnuvln6S0kux+FRw/If5K7RLP8yXbO/iO3JFn1uaiEHOKBPooIBvVafNqRE8tTpv4aw+AOOdK0sR5IRtxzbHOVkniC6gQWnZaS4xdaWZEcaKlqep0yjdk0wRhSx+43wkVL5GYDrR8ZX1ZWdRdk+W1DlNXsrw+IZ14x5M1kX59u3oS/YKz9jZJMpKejUgyydNQ4x/rj7YPvfZqh2m6EMwCOQ4VPNZgS6PRtJJ9UJnzF/YdaWn1KjNk1VPMtq+kupNoudwvOW137AfGEDRSYA4laVimhyQo+0TEdfYnl3A5o3kfYe5kWlxLyirIsHTxf5ewSOTn1qzEKJjxTuKwj8Q0LFbZ+rbqudeybMfr1icaoMvKLQtAaZj5dxaIB5F4arBxogi5rb5i9xWNaNfC7DdFC+QmUJwb80aj5uKr6bhI0yWaHhbb3vq64qJ3i/m5irFmObC0Vq+R0c08q7l56UlcuiiDMM/0jtglqFoh8rFhtQzNV0ps6ad5J29X9jWzgPjaP+wWcN8VTw7LNjHlsHTkaDtiy1V67B0Qfx8Yc1geCs4cloeDNYflXvHmsNwb5hyW+8Gdw7IF7Dmava4H3ReDDsu6Z3x9LDosDwqPDkvnOfbFpcOy7hyvj0+H5T4x6rCsNaXeWHVYNpnXDTDrsNwjbh2WznO7Bn4dlnVn+G5w7LD8KrDssHReMk9MOyzrLtPa2HZY7hHfDss6uD++yd82wbrzh+TBhF5tzIR3t4sY5NsWaksI5wXJtvSsF2911b1424u3vXjbi7e9eOucvV687cXbh8F+9uKtlF68dZZevK2UXrztxdti2ap4qzKmbVuw1ZnYlLeW+nfI7tqKX6yaq9FbwcLV0CDanXD/uJws0f9P8GLivNCpeZRdKhg4ZlbtjIP6TZPBSyGPbVFKDpMkFTAYLz8+DX7yuqPUeQdOetZYSDxPglWilRcTSpbLMoiVHFdh8AmxZzFhDszyhacvVbREiV0jnyxTCn5MuX7aSYgPFkcYmJ5dxMsszG712hK8z61K4+nV4D9WUXbL7kxQt0iOF5InOrtWeJXzdBJPbylKkunUWokt6gnjChoaXgLBg3vHTPm2KdksvIhmv/5NycNgdRHuOwS+YcxJDMw2mRHq07mn2SXI8/+MJEf3MrpMM/inV8v7+TiV3AuMC32g9wJQslvBe1eQ0TnHDlLomB3Ji5gcnqdvQpnd47FvrEHXzcZTud195vmqz8U4NI5AzreKSlXHqx59a+vXkHPMNz5tSYvZ2oN2TPc26IKuoAWuEXUDKJDb/TVS7Pq2/M67XY+41wkElMLlWsAj7nbDMWdk6ob6O/jJOZGbfKnXSzMeQh+gU41enTg0GziYdUuk84PxlTpYAoltbI003ShgYXAFASGcC0ACNd6I6evD5NCUb8uDkiqDL+DCI7gv5QdbWGQVAq4w13gkbggv4gtJk/jy+7dnHDAQ/0Ny5ZBO1Z4QuQkShiZXmVxb7EfUGQXOpPcb3UiM32atuYt2W9hKj790YSt5oip53b/TMJ4BoXyeztEuta3lLNaqZAR1cuVpMJHHFvePc2TxXeFScBaXqfvWe2lyrITEi8qyfFPsiMWbpoVN5KV63REeiaYFG8LGee+fDrhcnjycb/YRH6idX0+Kg4XZrM6mf/d5Drx2+O8uw0HbffAbym1AZP0usxrQ3Pb5DAqlz2fQ1E7TpmnOZEAbumMOA5Jh+uwFv/LsBbTyv7sUBl43eJ+8oE9ecNdbqU9b8JtIW7C9TfEbiO1lZWdDWG+dOrCP6y06Plv3dV6CeW8TurD0jtA1pXeEbulx7wjdO0L3jtC9I7SU3hG6d4R2l94RuneE7h2hdekdoXtH6GLp43yrpUXc7cXbXrxtKr1424u3vXjbi7eF0ou3VHrxthdve/G2Unrxthdvm0ov3jaU33Ocr4/82cft6tLH7fZxu33cbh+3a5U+breP2723uN3GoTU84Pz1xT4V6IEkuBfmIb0Qakz6NzxbdvBl8Xw039c6o3rNZBQaNy9q13GVnLjaEyuIs8ERsTEEr9DoM9WobpMUPticVthrl0jSAzsV3DoDMLkdNqRoaeNtYDzLsywEkUW5028axlytUQd5YvYeYe0iswTBUr+tklbBX2p/oB4U7swrl66eNXb6atc5mijH7oxuddMaRWyhqyzF8ITktItBRR+T9CahjFKJ9kLltNhUYWPj+BauFWuRpXa6v8Yo3iDr0dRzFdeGyXDI8dpJVhzXLkhIedic19N36aQavnyvVnPYnhgZSNyTfgbzOOYwIfQZjuGuDi/QYZhmS69ky2LxZDHfGGBQRiOTXop2aQoh9QhzaZ1FGGverADxnUSuRScw5n9p25zaho9yOQ56xlAL/Qxk3dmzMHcEFaCDd650KLjvcBLHV2ma0z7Fg4KadNzRSzPTqMe2okSDy1UIDS8x+SPUsYvFao4z3sZS5SAfZPGyMXrTd7FUPSbQDS1On5Cri5d8c+JEa/L8hpdznKJCKmf5FjmuHOdcw1YhU2oljWtsnegT0DmBvVI3EOyHFbeIT8LxEklJmqGU64oLwp3xVo2H10wBGxCQRaLS170lyvrnb8JZ80azVrIx5LZ9lWp4AFPquAFjVuJjMqCrAH49y1Yw49TlQfB9QsS6qe+t/XKlZ/PdOQqGwlws9vklYxYe+3Qkxr7ROJ0fepzvlxh4MdK1jqgdK7+bVi/irsjSPNdMQk62v+BEhYAPgosVZmwchxiNa4Rpw/s0dsJIVdPVDASjKApGFOvEy2S6lx9wDsbwIp7htqPQOszSDgeIbtZ4vkgz2OGN2sM7Ihkuxn9Yw7PUvsajr32Ezdc8cAoEzay+4kH/JuHTdbdSYaNWPzBMFzD3Sx2InSb63ZruSnp4I8pWV82Kxf+qGnvqisC/Pr4AhuFxy0jkreAyS1eLnBNHYuwx0jOR+VUodTiZIFpHxsqbuHZEeCgt1v1RriiN1iL+cPxXalB8LqojdrPQLpGjMrhGemLJIzqoxxaMREtnCwhqPPrWaBIBsPwd6aXNcqMZlOjJD2EWI7XI33D+0TfRVCwy+feLs/Q5VDoIXiMJmWyKfWTkH+0EpVhI5I+Q0ofI2izlGmgmT/aQ+WXY7cgMvRFauAl6kb9IVBlhi47rHkQjLOuJRx3lo03kICy+shAWLzVki0yEpRNIzF3IRlhotYTZRmYU+W0ZqydE1JPHf/zqT5tOn88VZEqXmay5q0o0b6T1/da1ZcfPyl69CTkb9EWYU4r4tqn9hrgyZLjHbE+ubSjWNBUY5uPHzEZRtyrcz7tPH0b1V+/Xg1Jf4TfcCZjAty31LV1NaNlCUihGtBqSF+mxeGLn1NzXpgja0dOgHaSpDWDHLUdj6bJdMiVyyZVBzpuXWTiHYYEIDEJbssTbP7OPXzfR271rXmfpZDWOWOOvRe/yXYonVoD5QH6ElbPSMoMUJ/HXuXRHSdVuhDqChBGZnmK2S2JAV2key5mqx8ZSswSXdkpT0QpIYninZgCLP3CJJ2iJAC09Df7r3cnwP8PhPz/syx9Hw69/Gjz98Ln1zw8Hf/mXTYmiW6DFsrZQ65zwFoEXS1v+7WGwh83tuV+hvrjfkb5sOpVtKdILE7krYbt4bR67kPHMXtt/xzsKNttQ/vpc/XTwl/33I+fzg88P4SVrn354NzSbdPTh84O/WM8ONtyy7fYuL9GXXxU2p/E5E9zGx43SMz9ukKCxdDCrNSirtm9Va+zuVoxqIC0ruaxNXlbvFSFwbSGR9X1K0CNGqqbneKsob2Z1Z27F6tXcE20G06NgF8DaeQ0XiyjMNGiDoa1hSzfbpT5BXXI59RSGZL1fnHX7AaG46IE10aAW8E7PmXyu21Vz6iAb5dneZGb95pcLiq9uN5Nu/iIkDqvIAFGWZPFlrMNmrgv7zIPTE85G6ZfO42QGc3lOS2nOmTokRXhfBgmWc6NCJNC1H51GHJ+0DbLYdJyP0VtSKQPC4Ln8otU42n0OXaySvB225z6xYb08E7vtikavRFqOtuOoymnFsyicTCzHqYA9DWFxruJLZM9n6Desvdlaai+eqx90n1o+e45SMjo1TZ7aLDiCeuknJDPAL5epRFgRwuw8vTa7L4GdYQWpuafC3zeyk2fkui5onRzQurufdfKIrPM/016MHo25/Bw9Prc9IY2XY/uXHZy9fF0KH+hq3pcrYY0joSbhW1yfLbridZ1dHZdrrt+4dOdSDAe/1TbmV+kSBkJKEXYd16GGujbKgXBzlYob7/JqlTstBFyW6WLIhFkiLEv3cD6+iuYheQIBy4TUU8xModPP0J4BFYspLIMJVIxJP2M347GYF3B/RKFLtua6Oqwlf1AAapafSlzStu4BeC85eX36w5O3Hl2tdNfrYJeaaBicxedex2HwHX8UXD/xaEHtjDNTI5GRfHUhSUGstohixG68by5/15Jh8OzNcw9i0C32fH3H7vXChOraK3HkZjmE1FIQM1LjfSbCeF3ObsJbFdSdt+Ifq8J4k89Cic0VNxekQ6gtivOOsbRc3UndkNAgs1quwtkMIxcQrjq+5jQhgXmrWzsW/7bC7DSvJRxBtGvfCB0CWsd7HK6O3K0jNEW5fABLuMqoqxTvrm0TyDAs0jyPvfgFLAWdhoqcGK64r0MmmkDBs5XP9QjT+J0XdMTa2xIbKOxDhXmq6MEcc4LIpMD+u0TDwpJ8DdTJhnNO866lYtId9Wvsu8bJ7Y7XGBtYY41J844eI1nUr/V21lrghne52grRWGT6IsBxJz7GFHN9yM2hYJfJnncv82impvtcWv+wfBSG2kfBeu45QcqvptvEWuqkL46+duuT9Df+OQq4dIxDa7ONmbLe9sT6y5msGGJGmJ573KIe2aFM2ep+9s/9ZIpPFihTxNq3xtLKl6LkUf/StvluC7XVWdP85cvwEzlk7HLfltqqivPqAcyJfnlr/Ln4kVC4AuXY8qvZV1SujlJcXO5kRiV5WHVG5cGveUbFp2iH88gtyPE0krv6XZxUlC+C/MzSZHyZpB5KJ1W+ITOdotr5aoH+6mwCpSqBLpBbTAQztC90XCBEwkVsjCxD+Bcd/Eyjt91Ej7LI8iUjr0l3ljVTLMiSq9UFOTQYKtPU9OHFLL04BE52CX8vPl4emieGZTyUoY0u2+wUqrTuOx+nIVV8IktKX+yYPehwRa63m6kBixSIlpERv9YQNhwr0YsuXS5bzaDscPFVG9ogGX5SOcisDbABb7j5TvD1ETXFzxHUFHPodzvT3EjDVCvrz9anugv5u5O5vhv1b6Eha86JvzHZjyKE17I1v3DjLqzvku64h1tV/d7Jiuya8ZwbRt1eBaYwFbaw8xE4nQYvysIC3hocj1k2/LHsC8sREws3S28YIBQ9X7Mg+seKgH/Ud6LDkWo37NGSXGpbOoTndYwcmenZRn3ZFV9+BzszTnZ/AUobVl7l3+EFqHnY3c506QIsTvXv5QKMkzu6AO2GymnD+wvQlPnuNS9zo1exV2EnF6Bpyu8CvKTs8B5XIFe8YZ+6XYF23zbqza/3EgQhdJc7E2XcVkMlvlQxVhask71Q7ynUp0m0W9szNbCG7Tn6FNKRk+iv3va8+VqrqKwdrrY0YQCdLqNPKnCizFDxwhNQ5L3wVpZu9cvjh6Fc7Zo9Zc1FqvM/K6hZ75G/UtX5eZTVeaD19MCTHvgCbHNZb6/VOD8zOajZb2SR8vWDVmWrm6+T/b9DLJD1UVcKsgbifcGTYBeuBG3hyKast2nU0hESiEQzr+MS8oPtVgKbSwUADHikA5nUgWJ/B0rgAa5bDLx+Tfn7zAz9sfPxZd8V4ZBh7x0y7MDw49s8LZ4v+5vGO+/tVRL/YxXtXAlnNVP0SWDbJOsgWBFHPAwGwtAn96GO6+qPULhCYBsM02zIC7DLKW1utSobsAC+wonw9SSJCfajqLwItefDqTjnaXlfQQV1pEfAgaQ3EjZIv4WY8SqeSfY1dLLFxFhRNo+BDfbN6wXLPk2xZgLUN+KO+VG4atjznlUeH3RxKqYy7KwJKH3YKc3c44Munu3STtchbTCoNYdF341Go+CfUZYq1+ndn+ImRvCuznND+3xeCHWKcIbkV0kqKEJgh+swUJKkxHGWAtR0lSYeCc/sdIpZCVTjmhWf3fpy8SByRAuizhL3ZslPSGbqgmCwi3Z4m3domyob7QcjZayzB5qqkrcuvDOXhUX/XkEvW2Hc/U2GFDLRMf4vvvVeDNxs5DE2C5PLVXjpeel2Yu0L8/GD7vyblfYNvxAkDvXIm0Dg+GuGv/7AumsNsHROYopl3fxYhQbL+HUsey/4yXKVJSrLjOjX1caZIkSgf1otLKdLzZ9hFp4ZVAQyOGYy5fb241E0kiw9xM2pgPaDgKKSdVamWWpQrYmTaDwj2tGweOglV88UbQcpe1HD0dBEsduwohHwNDRF1vRAM+OPxKSGBncN+AZK1hYF59M0PWcQS7GrnSPU7ctwcT4wy0DrM1ZIZ8iTQm/PR/LmCOvotgDT8ipKN5c3KRGHnBeI8oQyC236nLd1TLg+YZewuqc8N9zjb+GHjt2FOyWNWC8jzq1MwkD+iTLEz8McqJ33oFSlecWFRmlMHXvC+MKOEGeW33qHm5cmQ/UPtpkJlP2w70ghp7ME0sPxcnb433ma4EE4PCBv/rlKmdNthK/sySFOmM5SXJhHf4UOF/Q05mkgeBi++DWsIW3wcIbAqVk4Bt4Y9goq2s7fPZJHmJvy0Ydza4o1qcEK1zhwFE5SOE+jJ1/8y7kNCCQX3rnefX5HC19990gqhE536NsaOmz5sLseCstaPLEHuGy5bHLTKIDZ0j2jfp7E+WIW3qpbpnLDUBi7BWCrNZgSk0BMgNqJnTqG+EjBRRaFH0utaKOmSrptv9mV4K4S2FyDwpBhFHs4OMwND71/GvyMg/hlb41TsGcu1O/ffGuAwa9SZctRIv0If3KhI5bLr2kvv9Dc2h3vatMw5g6YgZyBfGiJgSQ9SoQ6FMSzN/gghZ2+yswGUdDVZQYMf8Ltvgbv9TbGfLTVXkOVBAFBICWlfgzQ34I2mOo8Z3bvYtVTBU7CRQqbUw2RcWXLvUE5TagE54XH4Qpud/VtBVzCGBbTddh/LEJnoIfVJuC/q9lSbhONTpZlaTZoW0RUPTH6rn9GeSyhDreqdodvzBtMb090paHXhb1WwuEeGMsvUQvSeHKa5oGtpuvUZ8YgUuyARS5l7VqmihYynOUpJ7fkSes2ERse3quQsd5znjJJ3JAjr2MQ7EKxosOe/HeG7MO5m8RTK90zm9nx2BJB69avF11iQlXZ+6Slqhn1H52hMHpgf+/feCn382g2HcFPB/+2d7DmFdACelz58g7vgHbI7nJRUf8BmZN/QOX2aUL7845uD4H3NombVP4lE/Nec1zkq8rtoGDWQ8x6wndFSHwSJk8h6qa1+Lbap9vePLuywwFNrCF3Sux5e5UJ3RvYP4IYcRFPJlFS/PmN8HTFX5+vOEFp1JExQkQslHSQ7VJoCzBFKJDU9K9b3SdAGaYrRNSTDC5q+JoPo4QR8ODiNhjPYmJ3aUVwYRndXdtT8A4UFa2uxwCbL8m5kchgpdddOu1vDOUy3OhU2F/r1V7ze7Ut1vxc75+dE6BVN5pdoBx7xNGVhCPDPHbanSyWK7ZIcQG0F4ElHb1PQPbudrnURPJepunlLDocR7MhyhXvk7NWLLtiIYkNncMcOr1uNXqp/zoyNNo+QAMMzvEOPbe8kpPOvSxJBTADF+kq0RPA09GpRiIj0MFTSxQuTKz25em2jZAvNFpsyZJG3BG6RlmPOlUrikHLuYi5OMaZxFl9n1zHYac6aVlGVM850VNRX9NhGkeCi9mpSlKJYgKMOAzOgS/cN00cnOvJ3nDHGycrVnfXGK06tcCqc9IkHxQ94TmibvE+aceFLBZrwWkqcBreQU1/j24/nA9IZy0c/xzoVrcpZlSYwkxzzXiu+KT54dBa3QWip4JVSsO2htLteMUsys8pWSFvr1UyZtKSr9D0mcsOhNb3R6ORbJDOpKZ2g4hTFN0Hswgnea3zxurf4jRYKxp3UnByXhcW1W6tiXmf6JnZ2gzA3+EsBEGbaW+nKqvEFavSBFMErfzp+6Qb407dtPso2Lx8mPOnwc/v6UJ/v9ftnn2/R9sI7tdFmuBKv3v0Yzy5jJaPPowWWZxSXtT/2anK46P3e7/A+Kp9VmZgccPoYKbEYkaoes0efXQG6M8Bz3OnWv/Xn4Oj4H/8D6Fb/xNdJQ+q/e+2rVLbyR2qfVrT93wZZsv8RyDC+4+QiXjErb5P2lPFVAsBqyvvC/IzGINYkM6tNKddLzgvxw5vxywuKB1ZtADT0bz49n1ieJOcnTW6nbhkPFtN+EgZbBu6jS2g6m6kRmkDaTaB3siVqaJO6Or0maBR12P+HTdkeZaADJcxIrL8eCvd6EqW2MP6/Z4S/FDieL83Ck6sH7ttc6qAFQLamUY744S4ICAXdZNylZmcZjhJxbsOyKnPbHdqSixv6AdI/cR54BvLzDj5inSrVcMe10/3GlNiGDbdr425tvZuvk++SxxJuOuK3p9oWM2N92I2D84xldPJ8D9/Gg0PP8jflLkJ/vl5RzagwE/AATupyAfSg87VgnQc4l2lE4erS1x7YHbTtbGHE2nFqI/GA8xQvM6MwKOffnokPSWVMfybM6JDn6McHiIZfDR61M2kV6hvki5VPUO7ra79nIT5larosNzpfKafdqr3dXGXsYlLYgTJ7shmsG7M1Yu3L9788OI5pji4gaWXrkpPf5Zff4Hedlddysesp4RztUSei6jO3gD+olho+LMj05asZjOuIE74v2HO/yXzB/+J6Q6X3etG4SpOVAcj7h92Nc3kD+G4u1cdT+EbNQmc5ZyrnEXqjzRddK93EY4/hpfST9oYaFfif7K2Gm66AvfdrYFAmEEhPEAZwiKxmRTb3ZSx/eknXdlPPwX/K2COegd9/jTEnzbv8Cd12rG6XXY4iyZw1qG1zfusqiqQz26cvhooKWfOsf5zIEIfI7JtqxvwPJ1N3nYWJI3Cj2wucFhm8ThGKhe+T85NGtbOVxJqCt4nf71VJopBsZO64a78pbZbqogIlp6ptbP1u5sj/62sKXT5U7aTCdtA0yT4/vXzk7MXHa1gZKJizQrU+T7JP8aLBRvzUUOmZIduyiUyoEhe1ykqAUZr2jy9MaDlyzuzeXaLFKX0livvndQhxxKXXSMld89wWS4dxt8lA2bd135p4VRZN9jDL1Ecu3PY2YFIoCsEfHjjtWyQVM6vje5u852ytumP1s4zw2UtC+H6vgJ3mtVNlQ2zu6mybpY3VTpTIv+sb6r8ynbDfWWFU2Wz7HCqdF7XTh94v+x3iw7LGbucb3s13t7wkFKkOh5nba4Rwzb1pEdPfS72tqvcyir8LE2mwDw34lU1pSlW3xUwKyKONcmItuDfzdsYKdBY6sCjUk10jFLOzIpYdIUktEcC4tdeY6RQCrnBVdZdH1wFL6QLD260hXi5tunQnsXa5zigmgfObdeClNG012rrrPzIZgQLjQVvRoyDsH5ZXWhLjRo1Z5R+Gvz8y2fD4fAzk3v2aVAAsh8JsP718Wcf4wTaeUamnzdSn8ly/ZnNIlZYmDHcQcDdJtCxDKuLExzAcBwOKQU1kO1FPMxvgaWbH/LfMCxYvyF+yDWkyTJL0RVweBklI2RnL1bxbML1XavOXx+Njv84Qr9++84cc27fEbDBPBxxUcyeqkcI2P+ZbHL1m560aHkBY8dMeCO4WXFWyhV+hocY24Juqr7IamR4I90+DX6MLq7S9CP9esN/q8VgjzokCLEFj0BTMC6cOekeTpBUMZS3Si+RcqcwrdYLGIz1NDjkrqqtZTr+JrqOoxvZDnrDDIPrY+vPC1ht/Pdllq4WT4OmaZHeyCrI3az+PSxNfhDIFuNf1R57Gy3/ytNP76D08nf3exjqRO8uZqssnLkWlBcJ/lrNwszx4mcB22qfBq/U9OItdW3N0tDK+WydPl6z6+NwtrgKOdFlMWNoY3bOZoaqceQS7oheIzpMpvpybiJqZMCoB4LjksKMAEtVSHtdSXFNGhjljWclsrZAJSifdRZRng6Lg6qXhSzaU6B/bn4SZ0ySeti5RmVBEArKSqlKVkRxRdTueI0IZG8pPYd2WpVzgnbI9BIZzYk21SonPwxKWJLjQYZCo7gLVKWTeXgL1ZC9bZVY9YmrQentlypS8qntsKgo8jidz1dAe28PiTRiwGCa5YcTFFAP8/hyGGaw/suIRCrMOjKkgSTszTKf/EFv8ppbp3J70snssDx4QiU/q+WqYFaBfYYjNI6caT8CXikxSBrf0ab1wdmE6YkkQxTeJGz/SiaLFBZDNjjSVrwD5/EyN8q5ZSX+9BndWiRZLBAksuKOfJrAO/No9gx29R2vFWUXG+IieK1WvbqmgUlRV1fD0uJjk+UvZ5i1JUZNwRlqJETF+WlWgig6XOXGCp1Qr/GWUp4+dZSNc1FHcWa8U6oMZyNMQ6HRGvL6MYoWOa0zBXKZ7KT1h0m3h7qpam/rOOE2fdG4UssrX8a8/tM6Vr3a1WaBS8I2lOJcSGJ6k8C5VLeLVHtRtzesqtq0DhUu1jlc451U2DTmZw0S22G4V2GjRqAF+6N2a6l9BVfNjRg5iDFnjafqqkM2pzGYm7t2mzErwL5Gem0cdZZWrZnZaAM99NN9ys7pkEBd7bWYb+AsHH9kSAp9kZgN2aJYUUFGasgkeW8nLzxslRbck24aM6xPHVb6u7BHHuWkqxY8opKKbBKNQdqpztH4Kkwu20ETECZh7wTm8/a7ZBzt1VEyisVWws5AA6El6TBdcIQh54ij5wb/IhxTRCz3w2faW3WSVUalXAqz/gjfLxPxUfBWB4LRnUvuFS2T9DYaZ+oCYlHuZbjIW1xl2qOYhlJxy0u6xW3M4SzMlyd8fM7i5suFS2E6S18GsOuAiVHKLRXs3U7WsNzAtsH6yleLEjKdnyuIemTkhhjevI15canAuFQVYaWtpe9LBdxTr08qt0oCJ0ttNfTdB3zW24zrNRc+ut42Ajyks+V43KBrs7vpVPS6lbhuPWA9r9RV87cd1R55cRV1e9ZPbuUeLYRlDSIZ9Vk6W80TrYUpbFo6tpOVYAflhK8wxphNkZrdypkgQLQfQvwKRtq4pr7HuqFvc0WkWDVycqnmlWdgomIb29UpX/TqlF6d0qtTenVKr07h0qtTSqVXp/TqlF6d4p69Xp3Sq1OaSq9OcZRenVJfenWKKb06pVenPAx1itKcKNed9RQnm+pKrIVr05qo93o9R6/n6PUcvZ7DKr2eo1R+x3qOgt/4k6aXNvYb7/UldXPW60t6fcnvQl/SIQ/rdmXDXgfT62Co9DqYUvG6+OXV35+6ZvMwx7tQ6bh72dw/ab2eiW2/2KzPHYwsn21hP2VF60RALK/SJcbcmTzvc6CaIchrBP7KWpfH1Q+tPfxVdQs7t23jVu0DBx9O4GAfMaj+vNuIQXroChX0iBFsDw787IFHBSraxnVQWLjFbthDRcVo76fW6297/W2vv11Hf+uruBXS85ZgVtJsA95NVaE6Sde24LdgWk/4f+mm5EFU/2J5pT5vAH+udFVxrgke58WKVKZv6w0//axKEswgojaPyeyGKE6YdSREvvlqWY+W4VZrUQMmBViD6qswy+VPigrL0ryKUDCvO6GqnJF0aN4jrJKTV8+bVD1O1aWvlurE0VMhSepJMa8bU2FMIPcxuh0wal8i+XPlZYckOOOEdIzFakEVNc2Nj1ISanLJ5IUZwVYLJwB/0KplPWQRXtyyrzMlr5dkrGbNu/stake9ClYmIVqnR7mk2ob9ehUvBBU/UnngHQvAhdKt6+p5h54mAxTj8D8vPsUKwfF5GuXwK/2y8fxw17Y1OwKKxQBqDC9uoLNkFlR2bD2T8DbcaPAHD9W9I1TKlVyqV/nAkjQZUvrF2vpl9uAf9uSt2ZQ0Q+RR53yG7TBDZhtdKxjLVcSmeOzWA0XZZYTizPjKtZYtthTqr59+zQ8TsgmeESZ03jiiNi3UEM9J4zO1Xk7NkEPB1DawzkOiW+hbB9BdF1C71tXxO2ZWnwrodAjaPaDd+gtsphg5jBMFt2U/E42oVU1jQwtsAFcUPsUbS1KccoYcbLN8Sw+Cm6s052tHsw178K89wtxtaMg+pnunmLBQLN/Fw6cvR8LB3aNne6POF7uHN1fDw8L2QVhUx+5x2GV9LLJi5Tg0Fg5JhhCF46s6/lPNzXGg0tlbRl1K9mqp91FSXmqRe2OngjfR1AKMM+a0dXwCXHaldS1KajYbiZ2nLcllRWqxH7VbjlqpQzesOw97iFGxNU7MepaQXePhNRgp1gPCa74ztNLTfYK1BVchgqt/87Eje7PiCNBejH84/HlQy0XQ33RutYW5gyxWv02Hpq6GOahZjfp1GJbFXS/RnnX0DuGevTxkFtMLyUW0Dfk+TfiWbiPG5kWtyJM8vKYb9e4f65LQZ6pF3SCpAnHsRjmoxfKT16duqy7fpMSPcI/XIcFoDDbw9S7LtK9cUK3RiIdw31Gmd1KQ6dkwaP+Ip43aNFTpyhYhNiRFJNJmfplOi8nwe6NSo1PqAz6EpjXl88FyAxNK1L9RgiDJq77KlZ6QuosVNjaOb+Fa8WmV2umCp5TFLsBRX4N663Uhidc3XTqVN564k6vVPOT0yoTdqp/BPGJGWQJ8XVIS7PAiXbG0b1ayZbGUhfLWCFjrjt2dptx36JIDXGeap39pc4XaPI/Ee8KMk7K8NSln7UFHimsa027BoY+vUuSfK6C7NunHJDdo7sO8TcHlKoSGlxH8g6wlnlMs2uXNpjmPriPMlrjpRKt6rCTtCSaMovQfcNeEIFxMY5Oz+A0vxTidRIMgZ7sHXLMZSfeS3Z39veCWjCYxHCVHYi9OhrJUIocm+PFyxS2S8m28NEmyZo1Txqv6Vo2H5/vl92/PcLJJE4SiCxGjt0TL/vwNRnmsvwI1l2rD/BsnysL2HShb2VmGdiLqzkAlFVy7X/TChruCbHvQMUOm7XOFSx3jcUxHEec4oozZHufuZZjcBiNd64ja0YJmxMcLrtsEVzxL89ySpGbxR6Ds10DikAAOgosVHqNxiLlvDIC/YSMaO2GcEaerWbCfR1EwSmA/j3iZTPfyA8kJfRHPcEux56KC6eY0OSDvAAlYc7HcrDZ3p/YR1rs9Zlvxe3+LEmFhWni16gcwlCnyo0yvL83vKkdxmteJZ1k0hrXGzDqK5fRh79Q9HSfLr75oGKckfW3njn+tYWHS6G8DXqf3S+j9Enq/hN4vofdL+A35JQTBt8WhjvUObpB9ek+G2tJ7MvSeDL0nQ+/J4Gyl92RQz3pPht6Tofdk6D0ZfLiu3pPBKr0nQ9B7MqjSezKUNQK9J4PfRHHpPRl6T4ZyNb0nQ+/JUCm9J0PdPPeeDL0nQ+/J0Hsy9J4Ma3gybAfZdss+C6YuxC8LJ9dhgmpePPRj9EMgTfdkMoRpUqAiFutJAmCcQNWhpZHqPRZ6j4XeY6H3WMDSeyz0Hgs1pfdY6D0WPLvfeyxsMDu9x0LvsdB7LDT3rvdYqJTeY6H3WFCl91j4DXgs3E3iiTt0a1gXjfn34/QwBGoARGgcz3qHiKYu9A4RWHqHiN4holzNg3KIsK6v46PHXzTlCNhO5qTetaLS2rqL1Zx+ZhtL1btnVMtW3TOslXzyeO1V6l04eheOFheOOyIZbvGkyrPUvtZ7jGzZYyRQKWdahidvcVYOzt6LYyAiJ/Y9ZbgLJxPoNKldJqgCqRM78aRWRgU3shAhnfH3h+O/UrPibdDV0OYSRSpDbCQ1lpximTiM2MQWjoLsUBxVQappOoZ/R4Jq8+RoiSaCY1UmCcYGINHOomVjskt/Y52RiLTKTDGVyDEh7Q+R2VnKrm0mWFXJLSYPF939Taxt/kJSZYQt9pl7EJawrCcwdZSYNpGMsHTJJOdla2mRkrB0Wbs7kZaw0GoJ+43sKXLgMlbXhwUW7o9f/WnT6fO5lEzpZMOtu70KpM4431k3mbZhm72KqQuR2b0IUUu3WrRN7TfEpyELPgZ+KZ7WNxRrIgoX4/FjZqyoWxV+6N2nD6Oa4UANXw9KfUUfqBVRNu0i2FToRoL5IFKosjHWKavUWHzOVf1lbQowXfF8NX8aNMncWFx3uyluyRpLl+2SKSFMrowQifhlFs5hWCAU69SXmX38ugnj7l3zOksnqzFJfVMjjJcvTzyxrOhDiZKdiBQjD3LdPAoTyvrN3VFyttsGjh8qKb9gkovWk++xnKl6rBshtESZdkqzVggGlpJyx70ZfVJjLsIlOmc+Df7r3cnwP8PhPz/syx9Hw69/Gjz98Ln1zw8Hf/mXTYmiW8TFsraY65zwFhEYS1uK22Gwh83tuV+hvrjfkb5sOpUuqRxLYSJ3JX4Xr81jVwpls9f23/GOgs02lL8+Vz8d/GX//cj5/ODzQ3jJ2qcf3g3NJh19+PzgL9azgw23bLtPiJcwzK8Km9P4nAlu4+NGeZofN8jUWFqdT4yNsEF91d07BX0MPka3DYfd0d0mR5d5jfm5cWDdgiv6dKnxttOl9slRy8lRt5oVlX6ppEJtyn8qSU+v0ozyOVtN8INyNtTPfFKgdoooUmZaudHz1fgqAOHjdURpmA9f45bCugv/iCaHSnVy+A1Ig1o7ZYUZiUixuApztcC8A15bv1QI/S7Tt6qhOkOLSvFEfQxQHwPUxwD9BmOAOgb+vIqWN2n2scozFX1xCi+rLsivQSI/j+mulCDOrsp4mGneTK/hzthEH1+oyPK0xB6jrUurPfktLVTjKWmOn7B9xL764osn9e9ZqhsnW9usj1mkEx9rBL6mlkFNf4b6Wzl7N1cx3Hev04l62sTFo2YinM3Scd0pky61auDH8ST7K9Tx0SFoF/eT/qDoyPvs9Pmb4IIeNIuAra79/tKsQ75wy2FDawiOdW4UgIRBfJ7Ow7hB71Y8+fb7mgTwv8iDFW97ealh6lpmRX3s3xmPDVjlg+3yw+nrvN+A97EBHQ9Fcns9C5Pohdze7Z6alU/KBgLNCJB77jKt6bPczLgRjIlX6gb5AirveqdcpbnPVYKvqb2Mf7NLeCJ7WF0XOV8XaJhjaXetY7bwu93oooqtS2vd7mx6IzXvwiHNVc3P2N91d9ybaLpWCHKxComnSxfifZtFwJlGiClBQYZKnTDUpoGi4/9VOpvUHSpmu4z5e2HJkOyKLJuV+kGvhPVsGZZWdqhWEqudE9wPIm2ZUAYacoNbT8smJUMBibsb8GGnU+4EiRw873E0jgrinsKmkB+Ry84ieTZgUcJJRY1YiJYmaOKagkL/99vvXh3+LRWDB1qzc3YeoZingVYGCA/9lhwv5mEST0EeGUltMJ/vHn9ougXQMCmqa7JLsr+HSEtqt8Vs8Q90jUTXqKPAwMkAb2gIy/Aj0ZxQpDN0FWu6YvZw31rd/BkJ1i97wT4HPe3hP/e4G1outsNcTHfYQpvFl5dol2pojsg3SkAHpLafBklqVUEV4zoJoz2pdA9mEfpWnIOGpoAHjz4FjznuBiqFWTqQQIz8Fr7/RKZeDJpL2F8SRncVXkdBnqJTQzSbDVkDMQluKJS2oR21RBx4ugizpVMLIfPgPjTNsVh+5+XvhQgt1+m9NxHXcyaaY6/8ZuJVISSr80wYZT5OxiQd5zgP6NGSH6bXeFlGN4fIsKLGGjfjkFc9PyTt6OEf6D/rDpyVvBuOniq5vynA1vPDdWZAXaT+d1fjPLwtX85KxwhnXrFCpEy0qO08nDA5DpNGu/aOzw7OM3l+jG+HwpYMw2Qy1H7B43p2v2ViV/FGxOX70+f3eaKg92scqK2FF8NoshAaWdGqrcljViphyXEd3tLmJOvYrzJvWWxaGEulfYO7Mg+B6VEt95xmz2n2nGbPafacZs9p9pxmz2l2ndie0yyVLpzmAmP5auavqNyll6wgPoKZWWR09VmuU2JKAfYN2Yr61bKRCykadTYL0Lge5nk6xvDWiQyrxp7B47hI01kUFp0AdwwbcadYEWyCKrrhj5uUsj1QhKvGHiii4eMeKKLPnNFnzuihGTxXoIdd6GEXfhOZM2y7+ylGFoQzdKLt4C9ifaWZqdgoj7TrR02fr8IcViPCHabr6MLklt0Gwkkb8lzlfWeXGeUW3urWqSnsU5D42NWrhkr4gqj6nNhv7LbeWt6llg+5zcZK38TzrMFF6nRJDl03eUGUgSNg0eyr9AZoPhzpUo2WXntseXAA+c0XiJBMR3sd9jhcsojd7EPWBZzWy8WrsACmfWbKpllEivy5AqS1XqhsCVNKlgCd8mMeX16Rb1VgYNPdpMURm2Vvc6/7wP4Amckom5tTgRxMYZGbB4dhGjEx2rTzcDgXt6VDpTgF9+jqj1br6AujKh5E8aCfxawuKw5JydioOx7Xqre1R3zDCjbRiNqOSuMvm4SF9qNfrEHJAlGuY/YzER6m4RKkUuglLMqc4i4QtVKEqpqKSX5lSGKF+IIcFBkndLeugYfNMmT7uP2mwdceL+n6mwZpwXvswo/ezdCX6Ue4qCSK29rj9ZTMipXHOJZFFi0bfOod81S2V7ZfbzVfGIzVAoiB/V79EJybuv50bgNUSSsoKArIRlWSd2t6S4lDIuuy2iZ+EoWJrbNL6cOyF60Sc/ghstlK9TcWuaeOLL4YXY5U4NsgeLNKEvrjjMg0aQAGAUe7BdFy3GGT/foTiklLW8wi9msPQ+Ttva3MZ14xidZnz63+kfKD5DxFThGJ/Zoymin5l8MPPqEpHChKbrMFfYRjH+HYRzj2EY59hGMf4dgHmNWUPsKxrTN9hGNTefAbsI9w7CMcix3uIxz7CEdder/z3u/clN7vXOah9zv3m4ne77z3O+/9znu/8wfjd95HOPacZs9p9pymVXpOs+c0e06z5zSx9JymXXpOs1R+hxGO8CxdpLO0Ndt47TZQ3wKXNQ4X+WomDoSReVJydanbIa++O3vxFN2l41xroXGeooTcA62Bn0mtdfxlFBLLfIlGheksZP5wvIyv8QcG8Z+obqGVOF8tUH/977VTjZ4NUiH8eRVfXgFjgNlxshjZvXDG/o14y1NUSrwU1+N8KT466NUQIyuH79fZu1py8mHckMfppPe0ec665GTGntFz4SJhRsibqzEsz1q4tfiVdo9pl780PrmIih4HLVah9onEUu+Z0dgtZ1onVZeac/3vkJMOKuZYR3Kp9bDG6krrcgLM/iqRoFK8fqz25lGGm9gymWWYbCslHzrzpvbJsfdAwb2sXM4KIXpyMtDBbErbnNji2tAO7XgPYtBi5k4Ppm/VCfPipT0KDb/kOeOsaM2T5JMKsSabR+OLnQIeuHjZfbF0yRdW6LNYtlaJ1gZMgo/RrYhyGCyB3qNqN4Ql5QMHora0RgnokKyJB90S7gcS7qhmWvksgiHCbWXFh2nHUIwWvCWrPnS6pal/rKLslqg51moim8lyTLHxFFZIuVApvLnxKiuWEmNRz1dgdOXwEvgFYK7MBDtrbo0N4WJna2kqD2h7cXdZmyXhNuIoiPmCaGkklJA2UYltSbPLED0n6T2VNeWfbZtsn/KZ8LJHmOj3QK8tnHfYTuGS3EfwUcqZ6rIIg2fZZdTikVrPzqTFL8aUrtuGJ27zHePxkgze173FueaqLs0frOYXGJc9LVFxjN10ztkp036mPQgvEM8GlVtN699y4TKYNqlQetP4G+mWk3jDJYFJgeFmWM1x/1k5NK2em+0RTNIoL3Jd6iIrZS50DfRHpEJG7RReYsjTUtRtddcedmsWondRfWOikOOZU/7b8WWCpLu5I+2+HFjac1q27DecOViekylcAJtIgnY9AZA47D5pzPl3xQKJKlaxdimt3xzYF4pWxllGtqcpn2BxBaZxhuvCYe+J4rbQr3+W3s7rHJi5+CFUtNDfa29NhNKgywH8u6YyZd26Qzxq7Q5KyVDbJisoVVTlOLiPWbSnyHJiReR2oKBNfIW/ZSLSUL2HEOjFx/MqPzeL7Eklqx8WnQFrto+DSAj36hwMvdfmPdjl9n5ZHoKShUuOz2bBQDgFeZDCS9iORBAO08J6qbG4pT5VWGnOtcjnuRatgZMMq71Ul8INKthhvqfR+HY8i0of2roNV/yZKX4ygFOONqUbFxU0C92V4bNoozgovhY5kLC6Fm1MSxEWiPkmK/zH7F3uX6QwoOrFrVbelsuc1ZCmknPl5oa61BHVdd5+r2LxZmrbxXUuXZdtXdG9sqrtK7U7Kd7dru+xwOItIMvra8gxXLwXnkvXZaXO3angzOUOxWcuuxKiuexKlObiKVBz8RGruTzoTXkf4jaXOxO6uXQRvbnsQADn0mGfeb/abHs2pev+UC4OjOoX/wPl6gnetXCVZkaGbOT6fJgFS2CnTUUEj5AHq03mFn9Sw8aBJI425NZG9yOMsRfOGD7CYQ4wmv5ghJGcYwzX10wT9OuSWiQ5mtkLQsyJkL35FM9X82BGKc7dOeaxaPUExxldhfkVHaPLyI20KF/7EoN27QyXrtuhWVNT4NbhEKTJpTg/LYUbb98KjeqbKrvurbwJ9iccKCm9+WeUpQcePEedXocA8+QWxQ25vA32CaxMwzqslmk+DoEgHbCRENmlPFYAOcy0oTSBY2jthIpOp/lomz0/VQyXdoUMl7bc9liGzMU730jcR7KDSrI5OM1ZiStmqL77Q6X4aLBR+2aU70F4exDeHoS3tvQgvD0Ibw/C24Pweq5AD8Lbg/D+5kB4exTbHsW2R7Gl0qPYxj2KbY9i26PY9ii2UnoU218bim3Rc0HuIflxwCKoYtoswFWUUFeFaJqwUJP8bIPJok+D9oWxNZiMDVvzdWU6Hzbw7QOFB65xjLPimsRVwqx528oVdczclR8Kv1UmRoH/XsDAjnkTr4H92wXuV1XQA/T2AL09QO/vGKA3ZG0QaWf+FtYKte0cRqUSyy/U3LW2cQqOKdD72Woito0INyPr4LWWQOmpzHe1cWSnSjRUCmbcMsr7UKlFNW1U/vnsF1MIzLwdVAfikr+KvnMFNkFx7ej6YOK3ayrj8NNGBTnpW5GCo6/6iqaHb4nH1mSubbzjHp+UxqywMCSWVtSYYen6KxbL8pVqPyKgxvZ8UnTsOgoXXfnZFtSyhcosTJHQGgNd+eSmRDQRXyx6sT7KrbfRj7tZXXtaUljnFCuSPFoG0Sf4cIDRu2q3LMX5ASZu5dZgw8ZJl0A5/ppCT221mtUO7Rr9LziG7O78JOPQ4duCTs32/6pbt0YlyTz89C25yTwNnhx/1fRSnKiXjhteWYRLvKqfBv+1/y4c/vNo+PWH/XdD+etz9dPBX/bfj5zPDz4/hJf2350M/1N+ezfUf/80+vD5wV+sZwf/sq6JAChGuA3jkaqnYtmg/WmigRSCTJlCNe+QHwg6yLIMvE7RwHcNbNCrCNYUdScUYAu3cCMoMhaKS5K3BnLpkPcN7Jir8DoGRkFvYdVGc20nMGR+x4x9DiK80ZpYZ0v4PWA8MLoppHQZSpohHTAQe5CnZ05qaFpO1Li7t0zy5ZpNR8lq3rRPhnrKGl9Qq7XeVnUbSArbrauOE87+Kd00QY13ksu3p4B1gfSTAC/QMbXWmcfZx2pd3DLUWHp3k1wEZe1Jn5OgVPqcBI105w4h4a3b+IsnrvfaL2QsXq6phgocHx01vvW7S4RgLcXjL+vXonUV+mQK/cnpMziUy28jg4O14b48dt2YfZKH2lb6JA+m9NC7PfRuD71bLD30bg+920Pv9tC7WHroXbv00Lul0id56JM8SOk5zZ7T7DlNLD2n2W0mek6z5zR7TrNYek6zVPokD81D6ZM89Eke7sRsSiN6tY1br1iTPUmFu7AwU8S9GmQPOrJqC7choZ5Oa5rkCBSBWsgjdimMc+WkZaAlm/rl5B8rg5zDN9hxJbaYWmlz4KZVIeWpwJHg27B90Xr21RPEE8ng2CBNAo6ZMbYammbEJm5SriLmoKFmhOrKGNQrnC2uwmQ1h7MztquHObm6XVxFSR7sDw/4QFFdIFXV2JVMm1GiEBqThspbN+9Xa+5d4wfpdHOs91v8lWZI4Tjc/4jC2fLq2VU0rvHNqu2gO1dKpVYVS64J/yCYxLnGtESeIIsnTlArA1tm11vw/qoFvNWYeh4T5jdpWHgUbji4bmBwciFKLynsOqwbsaFfCrBNk7Awu4yWVmx1S4unU3atfBq8SutaUo6l0o5PfUIHFUbcwdPgxKNmHKsmnCSMk16iNrC2UGS9LS6pAJrLParrgNUUQTQlCGWyxnjRKbZhjIhyaBB22Ddf1azJP9HxUDzfZ7OWBsnTBifrnDfLOV176JeLh6h+pDTMWIXVhiqwww1/1xZ+rwoQ3e+TK2qt0RubC8hX39Xoa+0y9MbRM+9uPVWKPaKSG6eCpjSYiCv9poYOEhzLNnTBEwTNWGWE1JRFjDQkS0SXrILDRCIg1/ee3bU90yKjuVKAQUujewr4dU/BDwdSnbu7BckJVmeYZkOe+Ke0+xwfIzDNW7zxVwsMFE1XDV4zqnRbrGrt1j1DUfvWshH2GpLK6iFpaWaZ6rggQ5KtxSdKXYxIegU9g8XEWBNDnNqaucrS1SVCU58TxvprsQScPtdA6y01IIKUCeqNllotasU3zUGsMXwp47CSM18btOnQisApWTIIH8cORFIxwcG+ZBKjQDNNfNrwQodFFxxqEGoGWonhodtsRxbzLoZkmtJQ7zriWtfetsK2Q/jxEbK0K0eAkCpwUd2mK7hh8itCgRLOy5aEB/q8sDlBYaixyvzI57popcUWoTuTtHHbpAY11dfa9mx665G+DosY5TjZRdKM/tJ6PstncRYhwJx2cRvwrpoCK6Difep5XlEttbTH7AZOQRLdKD2BjqFUY7cT9BGqE/wP6j2mhZkSuVVlTKn1DrVLaHWTRdFZfI25FVZLpKRWuKwbfVCm3xPjvc0KapfNLKJ26YAp32IpbeyfF/T8XVhQ7XJ/1lS73Kdl1S53bGW1yx1aXO1yV9ZXu6xliS3Mlf9hbbbQ2qX7Oe1iubXLPVtx7dJhFn3SKKwzi12svna5WwuwXTpOmkNHbpf1Zq6Txdgud2o9tkuH2fOyKtul+xzuytpslwdqebZLh0VptEjbpftCdLBU2+VOrdZ28Z4x7zw1XSzbdtEaDJ1KoIW/7rY4NdUbfBMTQ1iC6CDeR6OPtjShwM5DUgWVAFx0+5RyqwDIQVjN8wuVJC9saQaNyuNwFnz3Bk7vKBrJEa7pPad8Y8lNdcn0w9lMa5gklq7H4/vKGthBfyHrqSwtx61kj1J5aylT2pJ1a62NWflzsW6liRoJjIXid20NzlWIyW0ibbm5BBnRpXCWhhgKghxoQa6MCERf0iugElAhjrl3RbvM751YzA2mbpfuwOoelQae4Ot28QymVaVT2rSlj6qXyzr51dQyq9hwpfHknEK86MpUThIe7Spr1/jNaUhpjU245iabiUtBUpXDxScNFnvv+GrPIhw0AM7XpqBba9HUq6VwLI6DK8SIuYimeN9dRJK9ZK0BdNsDDsAouxQ2gEK8KpKle93NPjmbsDgA74uv+VHTRpB8u3hzCH7R7qbK5oh3LnrbvEEMg50wDVRzyQJHiAl3ZnhbFvKf1dnbCha13DaotfQCdU2sfioMa684+j1gXMKP0CRc2ONoQlIE8qEFI2XbgF9cjoK9d0+GX37Yg011xklpNfCSPQXK/K2mQCccadv6++FBwIjbhE6hSM+TumXaB+6izVayf1Gqj+yfX9ZU17bpNTyaO4ObN/UwHkLv371Db6B/G/J/3n9oQjPj4kVwPI5ze4rkDl46nmmRn9m+SArU8WUpV7L9kqPNuPr2WY0Zopga/Jlyg1TGh4swl5RbcOTQ587VYq7Ho1SQ5R64jtDdJ3T24zu9kzivkyl3R74Vd5us+Q7TNO8qQfOuUjN78g0+6Zgf0Pa6j7TLd5ZwuUuq5R0kWe6QUtT5Eoo2jHDPyPFOKdF/+Wuq1TjomKQIs+faUEWzSGAz8T6fL5acGwuN8fQWiR8amFKuOkfziKCTi7xofcFXVvZRXDQn0sFRcGJkVtgQR9wVJEa3+iWyrZHnXuTKGVfxCMkxwcnEsUU8Dh/NZhbGW18hq07FdCxTTM8SzlO4ZImX4JvWYIIWlgvEAbScJcEEq2ITIOU+c7R8ZoGm6kzIRwPighnxRxojsVuoAtVv5UJGbR91bRbPYyGxrkY56uVVzaDhCmAlNfMF53g0x8sZtxgMhyIenm+6gD9gWg04FEvYi1tex5qqN1zOmzAmgG1SXcCDa2rBRZLYn3ZCfUBe0HuVpWq90FLDmivtsRjoSYaEKG+AeO++BsUaN8F7V4TqTdHbzenIZDkx2VcoJYCnppilK3gL2a5Apjci/jK+OpNDyz/zkeTdc3TF/jK09acqIozdtTQLaF23A4EXVphfRhVL04lJkNPp8gb4v8OrMJvgHzS0ED2zgjSx6bxzulwQ+YPyUjbh21vCSkeQe1WYIJUd0DYFuy/Xr42ihVgLk+BOx8yJFMBhdZjlnRJlUYpAXC0RMpWJqDhLdUF9qvAuhE+RrIaTuemI6gKckZz2uz3tEkBx8vpUgfhO2OHudkC5XCarmf2jNSeD+mRLqrQadQqnXvZToXcNKQGc3NpLc+zqUwOYGW3MDKCKrxnEK1NA7ag9tP6bZQ4wBMU3c4Aqu8ogoMpuMwkUF7lVbPBKJ6Bf9le4P7D0Aqp4S6Ft6QZU6bqpu6YfKFDB9r21tRwEqmw3F4Eq95eTwPTgnnITqOLKUaBKa64C82JLzgJVvJ322+1f7bkMio226BGcuQ2KNbkNVV1yHXQdi3/uA1VE8bMlEYDr0nHv2k5V5LxQXHPuP7nhtMiUxLNBVeuvXMdzHbGpxKVi42+kW07FNcaVPyJoi9Wc4i+L0qH03BIZ8M4tQi4ofAcT3CsBUs3tEvWyPFQukadamjCFMqvKIQshQp7XNyY+48pThulefJmg2rq5I+1Azlh8AiGvgVKhztl3P+n3y5rPMTAeQNb/GXUx5KhgtQUyXK4t5sc/qgDwLg5o+puKKlceONNmmTJDh0kzPffgpSX9/EG60LJAwiiWVyB4AWxupao4ryTUbPN2Q9ZBvraDh2tC68/53jv3nbxuTlWm8W9ALN6VM1GxFUuZwlEbwuaoWVD5M+35RaG9NfSLy3P0vaPUDWVZfKKfDNj1R5IvohULZPu5MllhVHkq4T0XKArN02vFI2JqiU9LKwbKyw/MBn1p4/qxdPIC8vP9L62cHRSjdtZOhrJLHzi6F3a1abXTWNcpUiKnufPVzSVIBNbVSGoxK22sK+uiOg9eXehoEK/2/seIw4jgDCDWDWx4Uhrhls+vj0cYf1YIcxMKSoFptIoDjZNj2IwhG4jRI7WdQmJBveBwnE5Mdl1SX9d1hp0IxzqlKpDByWqsFJQpeSORxuI6Ditd8vNWZL/kpdIwglCVxxTkKyFXScottDJKpiDCrh14cLW6GI3TuWVNHObxZX5Y7vDhxSy9OJwcRUdPwuMvHsMf48nkyy++Pv7y6yfR118cR9Hx5KuLLydfH08uwq8OFx8vD8fZ5JB0Jj9RENLoMv3Dt8dHXw2/PT72OZkFZlxZ3YeihhnSkPNWrAIs/t5+SKRaX6Ij5iWHdXXi24YX33oCEhaP4XeXjzymouUF3IQglJygIXYTbDG7ngD4FWTaSWvKvytyKLGzCpApTdiWAf8FCYVckdGQ1HR8i3LHNM5QGkkEj0YZToAtmKW3c8773FBRA1NxRR6JwXSVjNlAsh3uQQkweFeQsdKxUI1XZYvs4rdKvgJNkV9uqExz0eT2I6hnIG5qh7HC3ddQiboF6UKLDMRQDe9cP7lO6cKXUXgo0sT2pQgf6cFfaujCeN2JlPCApANvVtqLJ26TAjbi/r27us30ca3cfZfNtQY3f49c/Brc+0Pg2h8Gt75FLv3hc+cbc+Vt3LiTDXVz362spge33cZld+WuHcPpxk1fe4OpK8gbMSP8XTdSBsNxIDx7keBNgYMx7Bp6tAm/KFVU4ayNSx56xJD3ktj+kNmlV/hbNqc0VO+Bhd0BkfW5Yfw99fvVD4u5WmtECsfZVb5ZrsHQe50cXFouwpflIShI8FIcmFmwRZjBkSHEYU6ngxwRDNZeLzWWNoRnLoxew7XI53nBn6zaS2Ueu0GkG5jvaTS+Hc+i0oc2t21o8lZcb5rhxE3p7HLThD1eGT5z8Vq8IAMhsx3VtWhXPPH8s5WdveclGJp5bD3n43YZy0epgmXOmBimknOV7ZNwGKmucz/FWScVdAf1s7fqeRrGs1XmzLZtStc9Uahc7Q35UaXottw+8yrOr4dJ4qUJfA4pJkgq/cZuPLdjhNICrfIEgrr3leoCvc2l63LtAoZbBrkxGHeFimzTcugDzs1lHePL3QN1c9k2XLeu9Y5Bu7ncL3S3HvvdAnhzuTMYby6+YN5c/CG9uXgAe3PpAu9d/MIbj3Kd03xHgN9c7gX2m8u64N9cNoAA59IVCJzLOgt6R6DgXO4IGlwa2xggnMvZLmHCudwhWLhu8E4gw1VrdwYcXm1wA/hwLuuBiHPZNZQ4l050vzOsOJd1aMsOIca5bAlonMtdw41zuU/QcS7bhB7n0kX4oB50gCHnsj0wci4dOadOwOQ1PfY8P1juGqScy8OAKufyUADLudwjbDmX5f2Al3O5DwhzLhsDmcvsdT3ofqDmXNY94+sCnHN5QDDnXDrPsa/bM5Z153hd+HMu9weCzmWtKfUEROeyybyuDY7O5d4g0rl0ntvOcOlc1p3hu4BO5/IrAFDn0nnJvMDUuay7TGsCq3O5N3h1Lh3n09sHm8u6gOtcOsOuc1lnGe8Agp3LHQGxc7kTOHYuXuF+XNY7ZncK0M7lzmDapbm7AGvn0lVM7wLczsUbvt27xkADva8B4s6lYxgbl843TidYdy7r3jx3BvHOZftA71zuBu6dy85A37mss1s8AeC5bAcGnsvdnAffUDEunvDw6uUuFN0LKp5LRz7HHzberr497AxLFwh5LhsxQDuCk+fyMEDludwhtDyXOwCY57JtmHmpdTtg81z8Iefl/W6Uam34eS4dSJx/UGorID2Xzr5rnuD0VWdchVCv90KT36oHMtSdg79z6cLHegPBy+tr4HVzuQNfnLsFiOdyhzDxXHYFFs9lV5DxXDrxDz7w8Vwe9Ka8D1h5LncGLs+lC8Q8lx0AzXPpsM/8b6o4IZjjt4yQvvULq1i9vrfipORDKAjtJLGxzEmeEsAKKcda5e7AtKG15QtxOmpfM9vx5yjYV+1o51kjImr3JGRB8xSNy7k7zwoXgam8beO9/GDQuPi7jfqY3bquq7I/42KukvgfCJM3QRsAiBGZw5/9zCvaCMuZjb9HdIPuNI4zrTSZW0E2NbFIj3IyYLU2uk9IyWPtpIfDJCzjg1FwCrQjzCNj6UdPaGqRbPziuC1MvPKknBEf26520X5hrP29CvMropSXpEDuELXx1ZO2d3cQtNEpfwWXzhvufnNZcLnPjBZcuua14NJtIb1yXHBZaxXvJd8Fl7P7yHrBZYe5L7h0WuROeTC4rLPWDyEnhszOw8iMIZ3xXSrfLBlcuq7Q/WbM4PKA8mZw+TVkz+CyjRwaDWHLnRNpcNl1Og0snrbnNTJIeEhgqRXU6JNHwqPKtkwTXLrZcDtlneCynlHyvjJQcNl1HgouDyobBZdOOSnkk67Wvwean4JLRwWXb64KLusdhR3nreCy9ewVXHaTw4LL/WeyUP2453wWXHyyWnDxzm2hXvfMcMGlYyyZr1HfP+eF3Q0vlaZX/gu7Vh+L+7pQr11Hug7uK5b27BhcurP+TZkyChhBFxHqVSQkaSkYQN4JoqrpM6p2Se/kGYECYpDeHLcbsuuTatjMO6oPgQ7sY2yQRkrBxGv5OITb+oA1t8gtMyCdgqpgWQAH0NoJhXpJk9E2dbtRAMMpRxPL1lM1qXq1P5pZVv1IYA3hP7jlMH6AeDOyBhs8HI/QJAqbTLabS8Fyw7iD2FiDjcLCocxQagV3wqys5WHBex31oHZVOBFiN5YLLR2P4SqfrDIlohpYLoMlFSWTEJZQzurbyM/I2tXLFMl58s0MUx36+sN5g2pg6Q6sYX/VyadvXYdOawqMYzmrs+eoVgJWccpPrV2k1/IqXCwwZF7ATNEigXoozyhoLG/smGKUzbnKvKSKgB1gHDrID4jDO7Bb13FOypGbq9gzzQGWdIYclLXBgv1VvqI8l+LkrfaoxhbXW/kA+V6CiRBTC5EWHkiXwbNYd5oEl1ECdc+CfdTE4+aPkmXhUGKjg1pvOPSEmN2Et/4uqYssToH1JPgFGSJdNSC53iT2gSW3M9Vi6g+HhOWlta9E3CTsAZTLp/EnaFpdrxiaAG2OMffopTdLHwQv2H/3KSsC6X4TfEBo5PHRvw7K+8fOW0VWmFw7lcHrXQJEmUhR3LHmYjrMjQF2GpSdEkmByxsKNcvGa+4iRZafZHrVop8XHRaWFsg2OCbpw8zKo9xiJHwnf2PMmY7+KrhqUPn3i8kuESTsRhQ7IT8GK/6VYdQY2zIfBa+FUBDhiv32T4X9fCuXMMnofw7e2N3YxaXHe/91CnvIUxmx/u1it6VNpTivC/6JNFCCwFnly1Gxztb1W5EFjAGVDj0SLCRdMF/+dKOiv9h7A4xLOh8Ee6+imyhf7sFf38HtAH95V/oj450ZcQMz06E3ZFGV8dyeD6DvFnUSDwPPFv1FeOQneIDer/M0eL/Oc+X5emfWBhiUt6vMzw8dy2+QQaPxa7elCvSZviRsL7dccmNPgvAivSaHgw6nlq+2ahOdTtlKW6/hf8OLPJ2tllqq3o8+PQ2+PChf/11uYdVNc0lincdH/3rg302yE2EvBVD+CA1NL9HT3vhZoVHWv8aT0kCp/tmYQK0nbAKzhovXOd7sfMf4t1LwwdgSz/RE8Uwo5tp8k9pRwCP6Y4esFkE8F5ZYggnqbtQc8eBygXPRWlAyzHs3ZfZpOmPMIhyB3haTlFY3+jRGtMjjJ8Trqd3T4RzKEQi+o5CMmbXxCHaEojA/CmBTdQq9G9JTjVMosSsDIPi5kphxjshxoYYEZKsk6QK+E1rOA5ZIvtJMkOKQS9PWmSJsgWUUREh9MH/HN0KJPHW4F1bWl5UFvwvyvvbBW4e8r0+MJ53ifJuuEX1zd7hACq7A2ybtSLY2Ju2kJ4Ba/1hPEnzovndbfD8I0S2Q9VBBOg62OCpNb6epqHZgU4iIgfS4ej0a0txBfWBfc3Un1nLyJiUT40j6D6WBknNYXsOyPVTh3zdaeR1yqsKZjdVgFJzIwlsSYkEmJwbju4RFOb9Jsx39YCU6i/i+0t6wWLXXF2ok3su23ShFj1zpXNbImN46pBqVg2/ydC5ddC+eidRrRrutdOpcOiVV57JzrJWHkhixWHaXbJ1Ld1CU7onX1Xfrwn3caRJ2Lg8o2WKxdM5izmUN0aALSuGWUrRzWXOId4Vz4526ncv6236DNO5cHkAydy4bpHS3R/IwErtzeRgJI4tlB0neuTz8ZJLFsrWE71y6Yvl4JH9Xr/qkgOeyCTjPttF5NvEXxOI9Reu6C3pPl8/SDjmbnPONlvF49cYs2WPXkvks1DrL0zKI7kshQv1rpATdslTSJ/X5KRf8KGmRre4lMyV2u3tOShzRFpJSqmqcWSlf00u/w3yUOPDGTJR1K9CnorRf3nUqyq3vh2LtamMoYlJMSqlsF4bAPOTMlJ56kI5CVCfhqYPQ1AUj0JcDeSCgYkhSepCwh4bH1IOE9SBhD25T9iBhjaUHCWusfhsgYcTN9EhhVH5NSGG2KHknGGHYYI8OZt7t0cGa0MFwp7R2pAEhjPQPPUpYjxLW1nSPEtajhOnO+KOE3TVIQBM6wMJLN9AGD6CoZQ8MoMtu+L2H4ABGi927ftWV3vWrd/3qXb9616/mz3rXr1LpXb9616/e9at3/epdvxpL7/rlO4iuS+EccvO0N002HBVmlSpPGhtqeFCXz7UuZ6vI+emFWFPxZ7qOn9W5lTXz0QYUszraQrs2dK+oaxW2lJjTTB8sl5EqIW8UlQrNmWzCqjUQeHi0Wv8aFlB+lW28dr01XBMiey8b4snapA1Y+uVZFiZ5rJTXTfvVl62q1qj9gCjLMKvQCvjV+m0VmYsuXbIpEA6Jr+zm+9P2CbuITOApgR/NbiXTqrQ2vsJci5MR64FCfXnTVUWKoASYHRVESd3FCpupA7yFayUo8lw7CaBjTKPuYiGVWgVZQ9KgNrzXyjPPozwPm4FSfJdOqmGL+dVqHiZkDiSZTj+DeRwzwB+qGWPg5MILpR4zK9myWDxZ7OwRoAmk0axgySbHR4+/aKLSHrJI6yzCWPNmKEbfSeRaNIoU/0sp6PQ2fJTLcdAzhoLqM7gPZs/C3CF0oE5Y5PEx7TucxPFVil6lKuF7mtGOXjYh4YfB5SqEhpeIigF17GKxmgXJbSxVHsHl5IDU9l0sVQ/SyWtStpEaFlW7sfiQ4kRr8vyGlxPFkEGQs2MaukkQCruO4UZFlhUJ39g60Segc5IcU9898XIlGSDgSTheIilJM5QLXeY33Blv1Xh4zV5+//ZMqUp0YtfgLVHWP1Nmc4+VbNT4tq+SM5G7d9r2rsnYW/vliiv33TkqftxcLPb5xe2A+JlpOpJk4yS+eZzvl2irGZkcJiynGus7HWNgEDCp6jgDgVMzCQgh+BHuIuX7AbL3aqnlb+MBZ7iexk4YTex0NQv28ygKRmS85GUy3UNoSnItuIhnuO3IkI1QeXCA6GaN54hhHjYDDN4RyXCJHcManqX2tcZs4Y3Zvp08ebNcIWL961nIaUNq6Fz7Pq1UAt/AtYBhCvqU4QvBAt+gjTIXXyQFI0EaXmAviTqiLFA/uYSBOo4QXhLnOcrrfR7Zuly8lTBDhTr1pfwWsFvHSzGWaQ8bcsxDxT9BJxY6VtekcdFJK+lqkFQKSMZEfCbs6vjOxKOLqQyC14igQUfCfYDQcHEVjT+yKFNm0S0CZ6a+2nHeGRdpCo2WOc82D35fl0wfQldwosdgB8XWvDUaOHvVSh7+9Wf+VMBz80JiElQxmutQgxCXYwZCbQ5FGpUueKQzDPxBLCKiiOvIQeESKAfQy2arTDdXVw81d2EBTPvMfU+ziMy6c+W5ar3gQBSLk2kWasdrxdUAa0JovCu+mIQWuq9Ph+rEJixe16j9gQ01HaszWVjk5sEhtmZMEhXtPBzOxW2JjLVh2riOVuvoC6OqBruEQT5DpUEl1kV5/wb5bTKuBSbSCvuGFWyiEbUdlcZfNkmF7Ue/WIMS+pSn9JKsgLxPwyXfD7Aoc7wF0mQcz0R6rqmYqOCAqLoyjmhwaN0tuEeiLEOOmtuvNST6GAzXsAsqQo88j48CnqnREGpg3TsuN7tPI8lJc+BYDx+j4Pr18VdD4IZgPaMhMxLDOBk+A7I51BzcaM7eeWTTFPG6uvKtIrGTXXJQJln1Nw1ysPe2ESnpbnbNMv0IMg1f8jZ5qL8ELrNwPocreUweKhlsFHaH6reY7yYpEigf7rTmC8VHFJii4nv16+ckhvVUXemT/0ZI+/XZNoqeN5UPjAYTVmUpmP2sE5B3a3or4byuMF7Lr+qrLxoGVe9JtbiCHdQyDnoH3egYqzwvKBn4IQqwyr1sLFqHajfrQciGweuIjNV1T1wCg/W4ZuKGDJVd/yEypLXfiEqgy0aW5I8tk6hSRF5m6WqRMyLflVh0hbApksSp9+hsTSjbWs2mQCWB9uAXpYeORPzh+K/U1nWTj4qbi3XZPSrjalRtWEaR0taxTBV5wVbxyLKbNBkisPwdl8hW/KPBmbQaltLitEotBmg60RzkKQulmMSi+MCq5EeKKc+tX8TfL3/jSMOq3vl+cZY+pxvnDVDyZQSNJMBlQZdh417Az28ZFvL7hf7zORkP3pj0NwO9jQfBa9TANNr/T7RgMYORhoEKQHkj1yLsKTudpb3XYivsQ8lh5BpKvtpj9joveK0diuMWPVHAA+6QF6cfYIOBS2c3VTYCvHJQlRei7lpJ/M36J3s3adEdJcw3co81TaaPd52/zasywhZ3onuwfWFZz/7V0QC2iaELi6+xC4uXk1iL0QtLl7W7E+MXFlotsaagtQENKjJW14cFjfwfv/rTptPnwxaZ0mUma/in0k0y0lHYFitVkwjzJmQc44swJ1D0tqn9htTuqEIaR5Q4urahWF9Xs9vg+DHryalbFfX2u08fRvXs4NeDUl/hN0oVNQ1aAVjpwkdnPySFAm9QQ/IiPRafc1XPQ5oi8axPA5dvkp/zvttQiqXLdsmUTU2ujLAkp5lwTev4dbOtunfNa3YPzEyudLStltkUPLHst4EGQlg5CygYRECJyclNTCnRSbc3IQm0YrQtRVmuZa7FYlTe5kYILctUO6WpmH3FjdJp+sVSUky4N6OP67DJAi1Jmj9YmZx/Gjz98Ln1zw8Hf3Glb/Yiim6LJZa1rZbOCW+xaGJpQ4IeBnvYnCtxEbxCfXG/0yRKmeI1lW3g3YWJ3JU1tUOy8geYcdxjntvcKT1tm/yqsDmNz5ngNj5uNI/y4wYTKZZWk0Nr9uU2H82u/pmO7nbzy2w3ljSbSko6h4L8zXynFsAbJtYWj31k9HbxSUNLvGkN+ywauMrfFWNsTWClftFxMOpNPjq5vfLTDE40IkfBAcpRs0HOIJlHNALAUWhVQpHlQ5f2ZvLjFzfpw3RJyoaOk176qmnK2/OyeE74HUwE+Sd0nIbCN02TwI4PMlDXPbH1Pcctl/bbG9Wdu99r7QHd/ux9OYi7POubbizlVaLbAf4mhc/hwwkx7VJhvmTFGcoOC6N9Rs6Cf2T8DUeQzvbmdyXqxY67uPxZNS5+tRgu02GL+Lk72mmaL29mpVC9j/3cwlsw+qiPxlze3MKtLNrp39CFLBiu/U1cfHEHN3HbTP/6r2AeoVOk67jLuGLXpP4u7961t1J/6Xa9dHdAH3+Ft223wMHKj6yGt8KIEegVLUDWL6sL7emiVlh0esHPv3w2HA4/M444T4vR46OPfyLsy+vjzz7GCbTzjILZlcXxuQa8+MyGQq6g+Foh2ZdRMkJdwcUqnqHbClaumr4+Gh3/cYRTbaOtqv3waSidUS4vTwPLDegzwYoIdOc5O30+EtDjUbmez1CtjU0Q8/I0aHyPa1a9EdRT9e9hqRNBwBP1QnXjGXWDnqBi5O91T7+NJWP4YrbKwll1ELyQV2m2fGW6MsTX+AkQjtUszCofwlOCXX1qAePIdFMlw4ILL7l/PUPcrEQ3UTj5Z5IYly0+0OpYgMklFKhu0EHw33mavA5R22hMT+orrBE241ypiXgNT7TCjTe8piT8+Po4nC2uQtaSM/CB2tgw1uTk9ekPT94Wfi5RsFI/azy48Z/ltwpmhnom1DpIhcPsvqCww/yVjoIlywf/ZsAdlNFfWw5NiKxypy1Ts7dIHzJtCYddAf9cknvhJSL5qrpzZXMTdy7aCuiiT2YTcjMs1YxGkCyi/A2rxKqP7TXlfpTAdcW9T5GXcTqfr4CQ3DJ4A/p0p1l+OEGApsM8vhyGGRDyZUTuL4cwyUMaCKUgQO+9P2gCV0NCK7piOqAdlgePrLgyM1Qym5L0Kijb25sXb89s6O5YZVOwTL1N64OzCdMTKTuZcn2OkskijRMxAs9iEo1WF/N4meu4Eli6crXPNM6HBHOUXzh1BFbueK3IdDjERfBarXqM/aaweiHpDUubW+EaKuFrwbhcOvLe0fW0MPxNW3y99WoBEBWDZHhqx8S/KAc43aUa3oJu/xqmtMUnLvzrKpk0ZQwv9lZe5e3/+sVL2JCMN/PsJLjgR4wsI05YTZymxCkp0J/iyGQc6P1HfwRj7DzFmDawZ4o1u7htYDEtE9eXx48bgCxaLa4txiYBRNjEs1BhKtD8Kh+1SBHjv2ujin6xcjk1bgIuDFr04lM4Rs8OscGer7LZOYoc51LtOaOIXeg4aqQYDTWeTms7QE52q4Tc6HDzAjuvA5PEg+o2XamLCONUdOPrqnnc4GBVMLCapDzShWYhwA+q2ct272G6JEZzETbtqdph0fv22PiHhznABfKBW5DjsR7JqqEC3oLv33zLv1P4wTSQO9f4lSmXMsxyP48Fl8oRXAX8HFZKsBihbhKdr2Lj4UykDfgnaG0af1In9ypNPw613wx+6rUCQKt2vwQgRWxlCaAete3ob0kipCgV+q49ygl/W3FIvkQLi42Y/cUXT1yvvsbWbc8euma4U6KU2D8efvXll0++HLBKJo+vo4PdS/5uTwQH1tHQHOTuKgW4brPZJpcSfB5cwgyJm25qsB7qFhGnNKAQ1TCb0CHE6Wuoev+c5I0IeErcGE9xjQ7xeJw3Lsf2b7AzBTQY6Y/2iNPdc35yjj0+VxsN+Wu6sDnkSu16dQXGhYxa/45koqFqfM2MQsKpGECwsTsnmhop6jfYEtXbKsVr6j1D/EtwGCExEGIIKUHDHD4PV9Ay5XbYwwdPF2Ge36TZ5P+3J57ZTb3ndA6j4JssvJyTb+3+3h9Go9HeAc0PpSuyEx/u7/1FnjqTHqk0EVHc7HnuQcY3Yzgdh15Ti7eSP2edSMVKJYhbQQAw2h8TZBRl48P1ZrhJpXtgl+SaitFr2fLoNDwKM7PhUlUwZwBjuUa4E3WTbd8NJCWTv/i3qDRUfR+IXKKqxG435p5ys5pUxYtPeLC04qxaStlDi58UM4iSdlMPUN0S8zr9gCpnV1HhPY4QevW8yVDgH6DiuONPHD0VhYh6wtmilLsy64AGnH2QKRMxaugrLi83NppFM4mPjShHmklJtUl8C9Tk7XhJGRNViAqOH3/Qnvh6yJyLz53BoKqZKTz1ikmQWdtaJIJaBSv+gNbpUc5zj/v1Kl6oa412rHsBuPxATJeqnnfoaTLA+xv/8+JTTIlYYDmfp1EOv9IvG88Pd21bsyPe5ixZkOuklSJNZkFJwHom4e3TBC8vHqp7R9gu7Vi94kCSNBmyN3ld/TJ78A978tZsSpohj3Z+wkrlWYiAwIJzQ9pONHbEY2crlDqSoedda+mBnO8Jg+2HEdvkkRoifn7TiNo9h+GcND5T69XE57U59Hb3120ZEt1C3zoSF3bBb2ldHb9jZvWpkIXwZ7wpaLf+ApspznK0/6JdC5hV+5nw1VY1jQ0tsAFcUfgUbywKHQyAfNP9RZm8i7f0QDJRI73XsAZ78K+9gSM00z6me6fJHt93lcOnL0cCndujZ3ujzhf7esZkLIXtg57ejt0DZB/Z8w2glJzbpX2rqA5oFblJl0q7Q1AlUC5gzTLyd8ibNuBP4eN8tUBxE95/w6beF8bOXfMVy51vVUcE/00yjUyiROk73HDyjUtST2uGBQOBl8mjG5JwbUxdvd2Wyy4whYs9qYMVdhpisPTwwq4ae3jhho97eOEeXriHF64pPbxwDy/cwwsTHe3hhYPfH7wwMBGTWW3QS2F7qtcKjnqKimim9T/UW1rkqOkoJV4y36zL4pYbtTLTsZsTcwzE6Erva9eTVPmEPRyP0ZdU+cOyoj+LLvEIZCphlJcpt40TFmjE1yls3Y3vlUJlBc8qeZIzNBSIiMpsUJ06zdDyTPFgRSRrJiC2OQLR2NAMh9wA3AFNH7mQC4bB6WWS1qL98WNsY11C7PKZafSYkcTttuNMee48iE2zc8N2WEnyhvwP2K1e47Peb/C6tQ9A49qzlYn4vup2wpOxkdmiyZ/YMS7ziVo98m9nO4o8aIEaw4Lz4okh4XJa8YY18VL+XjkWF0uRVOPK1rh8XfmPzJ35cXsja9c7m1VtfMWxTdtVz5zj+y2npd+YUSvUVjhd8sgEEeC1I37NTtrsR32Pj5RuwUF7fbx72nx73MxNg1/P0CY6XVkXA/dRd95ctoMuOB8NfffH97gvBNGSwvC3gCRaHdKGiKLP43yM+msECXXhb/bolj26ZY9u2aNb9uiWPbollx7dske3rCs9umWPbll8yXcie3TLNee5R7e0a3hw6JY9nseW8TziRTiZoIfeeBbGc/hgEc5bsTzqX1oLyOP09Qm3/wzbpwcGx6P4sALjUeo7L5/G6ig+/UxDdbxS8RGo6tgAreOVpfRcpOlM/OBSii9H92ZunYRQ2UcWVAfO6Ag/exNNR5ZSiFflNdb3yvxaIVylvhCGwnb6gstS7cvfza9tfWlDMcFFLS74Q8QwKW69BgiT4hbrEUwKpUcw6RFMflMIJkWS4AteInS1RWMvbzUAVRBJpyVneyic5tPXiqjX8FRGUCUiWqeIdut1YVX+Rlf9Brp4IFpUR9FOqkinPgYMy6eH3IjMdzot1EhGKBWKzKoj/U8+kCocR4UK46ZFdSv1o6mVbyji8jZIRYUQZ5MhOm3cstJiUOiDkhVcoQSNwkaVyNROr6ItpBAVoa5x7tbpR7PHQpXbKZl7t9iPZrFrGFgcif1zrSVtSyEaTdEDcky9KE23wAGlFN2U3AhRaKc45sUGoqN4RjYXAgMgtKRmcbWKblztqru7WFw7kGzPT4O9eg2LHyGyGXUZZaPxuphzNZpOMQkfXFy3ekuwdnuyonm6CMcfb8JswnnbgdsSr8G4SWpXke4cX6MCEkUrnWsGjk46abW1QYN5CkpoGzY6L4WzeQpUDwGewpjcY7O0WTdZc4+bA4JXOWV8xZSA0WKZH6Jt8zqObg4RWhQO8RA7OJSo70OS/Q7/QP/pfv63Flq1TtRMvprPwyzOI0cMT42capc+XsZVYx8v0/BxHy/Tx8v08TI1pY+X6eNl+niZPl5Gv/S7ipfZ1Jg1xVPCP7mtWb3R47dl9EC3397m0ds8eptHb/PQ5e5tHmLqf1Wr2Cvhtes364KJlCrE3jcX0SxNLuuBaKo8hht/2clWOBiK3qjTG3V6o05bP3qjTm/UqZbeqNMbdYLeqNMbdXqjTm/U6Y06XHqjDpbeqFMtvVHHt1+9Uac36ljloRl17g+8o8jm3jN2RxeIjnLHGzaJB25Hj7nRY270mBs95kaPudFjbnDpMTd6zI260mNu9JgbxZd8J7LH3FhznnvMDbuGHnMj4Ld++5gb0T3ibdBvNVAbzSgbUSPCxmdbB9c4KbjBlN02i04y4htZ+K3NX7Pqx2oZx+P78l/t3Ic781ut9uOh4XS0uav2nqqF0nuq9p6qv01P1Y5OVX4eVapZ46HpdDV98nX16ZqupuR91e75pV5r8PtiZ33anIZi3oR1jK54hCEF7Z2+eqevmnI3Tl+XsAtvwhpfgMJekbe0F2u0xDHpn2WzqJ8tDqtmZEK57+pkb82JXJTO9tmuGZ3l7dkwzN59vLb07uMN/fh9uY/j+QD2/lPbeaWX1LTIv4QMNbIOzSaLJqf1Oio21FxA6ec6D/eh9G2rGp2GwNO1Qk17FcDvRQWwpajVXgPQawB6DcDu16rXAPQagF4D0GsAeg2AftprAHoNQK8B6DUAvQag3qfjzrw4gHjBGibQFfLbiBPs8nAcDpHeAY+E7Gx+my+j+SH/jdcgXH/4Iddwh34gElk2iRaz9HZO0kWjJwgLfkYwhRODHh+3T4Mfowudm/iG/1ZbheUNzm9qtg+NeVw43twfmhGpYihvlV4i347CPFovLEgtcCgyquqD7vibCDmOHyynEN6F18fWn0oXIJ4v23F6eckT/VxPND0zzi+V5xUnmOpS8SpcpdnylenQMJgzUTJOMpUvP9u6s0yl+8qnM18hrkwevB2HM+jQ94tD+et5epMcvlkl6O17iPnuo8lh0WXSVjexQ/niKsxL2i7rl1YtExzUWZCs5hcYyTqFmzoZwrCAcyJ2RAdZLsPsMsJfLm6Zoalfu7oOgpA+i8dhUSf4pvhjlcy29BPDJ2631D2o6U19H+HJuh30nshJuYsBs41X4XVUEKjhUC9Qi0SsU+NwRC9RO6Dv+dm6Q1oloYp23MrMW/XVd9c8b+zyBDVASG/sW6/gw8ToUutoMAvMcvUw16s1qxSJ9ZtWVc+tPp9ZoigHD2bRPEVsGuCExdOb5aRPqO6aRWFuKwF7bWmvLe21pb8lbWmFzvwawf3W1LvAd3TnvsWg9kmbArhWl1GqQo1PAtSsyyyXF5BuC9AfENmb2a1WxQglF6JV0xYRa2irTqPwnNWqRNCOgn1VlyLydgSWvlMxIDFFHArodl2oAtFcaO+g8syK06uJYXAF3i0QrqBGkC9KzvSSCpGLchNOOSlch/xekxB9AbJuFJZDPCgeD+Tl5zAyYIGjDda+oSq9B8JPtAco6hhuV3sHhPZIYMnm4cdI1wcLNiVi1LAo1mKyznlKnPuIwuWseo0My/sA/x0npOWuH82YYJKpssBmKAioxA5lJS02xhoWxv/i0zgCRqRu60p4o9qO+Sqboryj1G+TssgyCl6ly4jXXU8Lfl2no5KIvhwmmg7SZJUVIr7D+m1TODNfHR3VaGPW3+dKCFlnX6lvNbHURERRb8UNF8dwXEcYiOGja5xuVKSzaTABuRYl0zi/gqlb3kSRhYvzzyhLackLWtTtTs51jDzef8SoL7r9NoaLfb2JqtZTnbQUoXJ4wt5GPFMZBrwnCij8JsBTgnafu53AoG311p/hHDj3MczJOrOqvjVwD3Abm1+nFhbSKHjxiWeiMMM3V4hXpUW2etsWV2gJcoo4EAYIfUemulrRtW4yT5es1YcpG1/ZspGWZCmYGtV0XS0eVOWLT8jOFpRWjqktf8JbCHVNuCdLcyq63Xkdr6zKGdlFzHsUWX3y6nmThcEf6sQR037i6KkIB+oJ0Wod+M7yEEhQwcfodsA3SCKghvJyY6MgdsqtH+HX9HG9fKWKD1IK1OQdwoutFnY//qCZED3kcAEnvsE0qkodv2o99UK3kFnbGqaFWgULyYLW6VHOc4/79SpeEH1kdLFpywJw+SGcxRNdPe/Q02SAdzn+h2gFcxPP0yiHX+mXjeeHu7at2RHcgpjA4igIl9h3SwbOBV0yMjOJFtcEQ7t5qO4dYYMjYPXKFokqPOU+UK1fZg/+YU/emk1JM3S38RNWsMyIKxMGKlTWhYr9q1jmUXYZodZ/fOVaSydBkv76LHd7gDSXptjmWoueKu0x6HBOGp+p9Wp4oTU0vHvkd8uQ6Bb61jJNlYttYGijoa2r43fMrD7xFTIPF3jEfsabgnbrL7CZ4gyO2QkZUEBUtZ+JzGBV09gQGeJxReFTkbTQ+WbG9xe0Wb6lB8K7IL3XLkN78K898iJoaMg+pnunyR7fd5XDpy9HAmvco2d7o84Xuwfq3BZM3NqwuA4HKd8apZMl3skjWAoELiRmnMgO8M/CSmrGEeXMOoEvuiEGsSsXh1w+mb9QN7iJ80qhIo0Fyz+K6hEXexpfwkbOwjns5Nd80fLSx9OGiivKuLcyXWeosf9z8MZuuH53tLNC8/DT21XmAhsLk9vvaryRVBl6QisN/ei5/+Wsel7WsBhZz5iJiBtloEvU9U9WqNQIL1I2crl5BZKxq5W6LrcfSDkuDSLjcJGns9VSy6H70aenwZcHAel+YIHGaMe4RB2oR1f0qKiW46N/PXB1hS517IkoRo4QPOxl+Mkyb+EEHrnqOCl1n2qcjVcz7TRmDwLksyxdJRPe/q56W9UVqrxgbJynCq6PZXDkReHLJ0f/OhAr1Y0leJr1Bmpf72bEBR20DICvQQQsHeF8GWZLuBLIfK65/yVaKR2VFxUPpAaAXuolnKS0LhHpyoJjGIql2HHufSVyf4def+nM2hZkur1AHcRHkKHR4606MY6q9ZThxExXGXq3DYIoyZUeDUdess3qtjP2HnBUD1+j09xS4kuUam6lqSe8QC6upcnwOHeFCw3I0TDNhkxtLOts3Vzah+FXSQdLh7kDNbSt6pXl2A2J67C9/Ujc+uRp0oJM1kQ89b3jJJsFK8zm5K2oufQmbzhGrOeP9cfJh/Y5ameqKGSoQNqQbyWD0WCjnmsKNE3Fsx4WMGeHJaRQVcJviJVLaCwQ8LpTYlnGloy3HDc5vkt3G6gZek0sm6Z/y9SsRaZsRq7zIzfKq9hSvQbPNOAoq2rhj3y1QCRwMixr3r+hyr0CF7vXNB9ylnBKPdjedSMRlGq4RczRvlD860WkSK5NYLWxdb28bPUm/9ruNMvWUoe6Eyj9QJhNZPCPcv1GhwCSbbpBqObXlF0qnr61L3XQaWDZ8u1s9VG0iKsEKl/RnExItcCuNKifQMMV/CgWVcuNBpkiwlV2kWKEE74N0H2avJaWaTqju4dqJd4zi2BYsDpWhgC9A1DzcEtUGzrsaOYfqyi7ZboINRokVlIeU14zukUIfJ4AuiV+yHUBlrZZfZgS5t4YXq7iCWwlM6mNtbaq14JAkJOjeq8VVfzX2q5PFjtd8N4Tr/pBQL4MF7diOkDHpwGukfoUlh1O1D8amVUs5C7z3atv/09w+g3VQ+2xguoqzIVZgTUQR/PGOBksp+JPp/Vb2MGBccuBLbPKEnYusPyvFHWDReZ4O/ddm5gKF2Ges3tCLIYhriyc5Sk7p8wv0IVRnQKeDrhTpjB/bmYt0iNWwXShED5s+BrtEQLaDfJ/HshDM3su9TkhITO0OZzehBwo1TrOyN1IeTBxT7XuWDt0aA2gSxblwaaJtT8K3puty2cim5TWUW2tCc8/KdbygdVAkyuFKq++O5NtAMvxxdHXIMIgfDfwdoMglq0QxRQFJa89PjoOnokjEwgAXx4d8Wq+ccGsYmFXQEQMQMRxCxVb7wMaw5iIjjDlU+TmlR6YXTyAU1wucRvrdDu0a13Ek+kYEsjbYF+dWuBlwulSIKzFc4e9kHSDb/CL4Qm9dQVTEmUHzgU7ISvhRKn+dLBUq3eAKju+kuH0zBfpMkrGt65hVLyIbfIDTHsypoMWstfoZUqccVryMA4LjsXNg/a4kmcOqwaWe+YCZlUDh9gQEajXsmkXhfOcyUeaXYboWEzvqfCWf7royD4Fk/ANTfbpA30Ng6R0K14RynSdc0wD+RlxJg3tK+YSeLh2Cgja6u0+c5lxvC725kBFLP7LRsRGWUmFACEh472rAnVGwakJ8GTuh7FPKNBRnLKBFs2WQGQu62wYquTp3IS7skM0uySF6t4lCwm5PNu03XjAhwtkmzOU5+ujHk0JgTRQIgKkcyNNiOBjTJGJ1CkBMjDhkH8D/mIIhOxHMm0IUoxTfa2i9Vx7pdVp2y5dN5ZJuJBLGPuviMKZQLstbWyqrBBswb/IBo9Amq07AKPgRCEWmFoaxXssRZMrNrQnuA97pgpGXTAPRGQFSpgmuEVLAR+ubfEqZYWNUDzRRBlujHRPQB4n7NJiRjE0PJqOM+FVnzZa8bEsyUqsmlOssSSVcO1fmdgweP7q7U/fnvz1xbf3djb0LPyqDkV6A/TvjQomd9zo/kejVKX2/BJfPbXKk2jBxFG5I0rsEYEPfPutfk/YRPocLTNOy0uEwU+zaMkSmAmAUFvqEuR21GGP8W5GZ8iRFgDkzRhvDYx0po6F1k3uEm6WeGehL0SC7G8sOmjqMzUt4Tcp/27VabLFWe7lvCdEfY2qyhapLaNjLlt7jvuWJEaMP6OxSJYvqd55ou50f7a6MHVxNPuusO2Md0iUIM9AJxndf7H30GHYI8FtulIphG5J1XDTYnoL9B49UW+rbVMCwCB52dDFUDtu4JZPloPASQ7JhqhirpnSqgSqmcg6VuW0Qq4d4uPOiaUp7rBaioiCr09VlKEvhpAqng5qMB+zdPyRVvg5Hu+uXWzZOliQDFBKnpNXz1GsJF08Nqh1IHsYRXJJpi/ViT2YfJCIQJTIODteazOmWnNihWKZeD0QaYaSp4k0jyvYojMiHa31GyAb8kCkI9m2Cqg1iLzwjQqyr9DSodBSmI7DP5gpGk5kjlobR+b4Clh0YseL9JmS+8AhCJktIEqpaRLSoAhP9Vi4L9N4oBpvH7ptY5y6kvyacpYybTaZvFC7ApwAkL1okiMPhgu6h0bTeZzbB4OW3u1kioUQcW5i4Im+ePw42P8+kWgi0hq/gN2wvD2wIo5Zweh32OrDuIrF3BWdTpk+QhJfrHYiXX46NljdSK2TYN9Y2xpZMxBQw5g8KIeNNupL+O4tPrZavGmwWyfApevcdQGeM2X7qGwOUDZTvGcK5IFtT9T3p88fxDzB0LY0TW2u4ViGFk/ifK0Wtsp+oUWVM8Q1a9VmOlVmWLp4BJcrb3ZTb2m8Gq6uit8ms+PZVYpLrRGzg9wvIpC/4jRTv4u5/p5M39jVIfAAQ0duuXbOFy6NJfpYNKDv+c9iobIaUMEwABY2nAVsupaYdXgYLnLys3KdKpWkPNW6QjaGicvO//t//z+5aXtBPt8RJmGO8xowQv+5wcIN1qIprjdHhUpr58nMosL5GurMq0q120aCCIEnnRHqqKVdVamZVZSAxStrO3NtNLddWKGM/B6QTB2chW4C1Mvb4K9qAKPn6DuCVDRducgGdzki9pFTtPvyPr6iXRfhbnviXYcrUzY5IQx165/H5UnSHXU6E31FGCziaBwVUG+UTVZ+RFKTKaWk8LReA8FikHIoMjpk23nwv99+9+rwb6kSYMaEEEDYIXPSCihkMaG4b/HJCBjmeBrly5HUBmvx7vGH9rlngE3JijrQMq0Ck7H2Pk2Irt0YaBapUqPd0HCWaIVPZTgr1Ml9bOUIsewRtL7p/s94G/+yF+zfkEJjD/+5x13SYoINaWK6xl6HWXx5GbkdYFUh+Bu8NsiRNkZgL6u6REw2xuZf7irMNPSzODcezQI7En0KHmtNIMzkgXhs5LdQF+FYjlHrnbAhG0ZNbudkwLqJZrMh2xUmAaPterSplpSt/Qik6gR1qpkr/8PqI0etc07Xk6UekDTVaRZ9JKp1ZnE9qequ0a7t0nHSWsx4qqw3c6xVfRDTR+akw23OnmKg1uMFvObwbZlZU7B0QOOY7S3ph8jkMuErKkycaeRV2fF5xzUir+zx7VBYMRI1CCooZ9+eti52WBQPfcE6C7GWzmA3VMBDbdBhxjyl8XXl8SBo9hvXb3RaDfIh1xYpXBAj5OAzw/mNZ+lqMkQ/DyWrBNxQC1YEsbhJPBvYgqFxypsjFyq2qdcRx+4Q3+k0BmKxDYJvYWnx+KYBCjZvo3EWEUyvu2ueyzopVLnt2Tc112Hm5fSUuUsyudQtkizErtbBVafXFHqcCifIoJ6uzcAGnfZ5giF0grg4wQeLQ3XOB+KuAXV/nuKUb0O5U6hQzYX8GEz4VxslqRS+Aqvu9DYxUEsh4+Vwbd/YreZ2jIO4OMsCtTL5HlMGND8LdWiFU+fjP22VSpXOR9yJSsqfMQHU++h5UvKbZy+NpNSM1hxtqv7y1ZpsR2PiSSk9NSXdiORdakjuXzvyEDQj96QVuQeNyF1rQzbShHgewnYNSLfzt47m44FoPTxnrF3b0W3G1tFy3I+Go8MEeWg2us/SWhqNe9FmeNuOO2gxus3XrrUXD1xz4bkArRqLbpO+hqbiXrQU25LD1tNMJOkkep7BrSvhfVuJYyjVqdOfEapDOE9XjOxGsXsa86EMhZ2jXyvyPxOsiq9drLkt2lSCFYRpQjiQQTCPwsTg5CDPAxWpgC6qX0JbsbcaCWeGYMUc0OyMbPju7MXT4FXNoHUcLrthnuPyjJczbjEYDpf86vkmApaSSk6fb2PpTG1q0VR4jrhvmEOlZFId3Stxt+1iUiHfZwkPWH2NDSH4fUTsm1kzYajHKdCjfJGytkP5wLc4j5Rajq34MOj7VXyJwbIzJIuE376aRxyEZ2WqGilYGELGG4c57TAlL2PwFgGouByxyeXUqhKHqecseIbuhsPVIpill3BhiMRuKuaMp1mUW8AWKU0Ne5sSx+d0DDBYKksz23wLmQjeywiFlkuk7pSQIA/+rkkLtzYKfqwZSD1oBBcKi4MxQfeG6XS4zCJruQlxX49yUIqfttfJmgsKEnBJ2ujaqvj+0DSGRFttYxVCYsC7ThJOHqme8ORCLxBkIS74VP8pR2meA7Zd/eCA54TkPly+GJH2kUBgOIW1bJSwRs+6WSmEZs7wyGUfJfKP3YE9d7rG9GcwCtpRcNsLAjCHC+J2r54DPPuozyDhszD1Ck3FqZpjT+tpSFJT3cZXe6KdaHiQwus2zs2fDl7XZD1SLmvWSZDX/AkOXkRLCW6x4tkV/kTVTclx87TOiNsbcmhaa3hu6Wkb3qgo4mrfWw8NtSmZZlOvhjpyuvSzAgYq/NyUpof8/lyJejhdn1yO6YWgq2yeq6eS92wdVNdKJUXWywBq1WRt2+f8eUSIFT5WKXVONctM4Epet81sCWqm/6Zjq1vmp/qBzmNshWer9WOqWDO82lwtzoF99UWngVGuxrZkO/iODQVP/DJDfMlD8vBryrNnl32dYXIQWCkmB4HkmBwEnGQSw8kCSTRZA/TnID6F7IktIyu827RZGxI71gxut3twmwljymPcJDekKftQdZwpYAvDVSvKWLOQDyOBCcU2hrXJTC4Ic4bfYnQO7jLp0a/TGK1gcC5Ro9wQGgZTx0AN4qMr1SiuyA6vlKqlJ4SqNSR8aFEq193GWmuA2MXQ2WL/8074Gn+g/wz1x13OXU3uzHWWpqaapk3rl/3TnRJG5e5xwj4St4kccL7ERdPiQD0CwLKIZ64EgOOjo3+1Lr5xuAC+lFMsRLcE68F4SXU7qIwjSOgFTDBpg6LMdAvctaneSsFT20XyCsDBUN80OlgjMOH657SU/nWtPVGsYrdEzCPV7famp1sSdQrm5F9UFnXrJzuNutRF0pKZcTrdb+VwFzPfVphXHKeacPUqDr2UO1nxrOVXaxMtC3uLOd47p64WtwypyU7dS7a8ClfOGXeLX7WmnhYAaubO8piC7hXGTR13Xe2Nhk5U32GdMO75otCvk8tiAmGNqNsn7O4TdvcJux9Ywm4WqfqE3c7RYekTdvcJu/uE3X3C7j5hd5+wu0/Y3Sfs/t0k7KZW60hVn8u7z+WtSp/Lu8/l3efyLpc+l3ex9Lm8+1zefS7vymt9Lu8+l3efy7vLwz6Xd5/LOxBP3dcpCCsOjsj/yrTrKyj5F/yTncusavCADaDhybXXOFfJSVIwv6dk8mzJNBtPzHmLgr03cAjT+SDYexXdRPkSTuXed7MJ/uWo5kdsMklNsAZmqcRUTAPZyRzL8dwes1GwYt7SmJOjNbYRgWTqyg/M3Xa8wMNxvMCjbHzB45Lt07336d7jPt17n+5dlT7de1PPHy4d7NO99+nem0qf7r2u9OneS51fN917w5vd0rM3M8rD4ucN73yXMJfumJM+93uf+/3es772ud8fbu73PmFwofyuEwb3GUr6DCV9hpJfa4YSCxu3z1XS5yrpc5X0uUr6XCXtY+hzlVRLn6ukUPpcJZXS5yp5YIifWPpcJb/uXCV93oz60ufNqBtqnzejz5vR583w61OfN6NQHoKU3ufN6PNmmNLnzejzZvR5M/q8GX3ejD5vRsNXfd6MPm9GbW193ow+b0afN6PPm9HnzejzZvR5M/q8GfecN0MDjLXNi3lRH16VYUK8Q81i1YYWV3vdiEBRxJXWEGiq3VAl5jCgpNq4gfpcp0KafdPYqa3RmtOmcJ7BIp5lIYhpCkF6U2Sfao0G8QY2jLD0kQUIt9Rvq6sTLz05R4SsQNdtM51jnZ52B9dxRasE6OOMPMFNa+g4eYkAbgSFEhIbjgwN4VYP+BZe5QUIOKywmcjCW7hWTMGldjI3jFEIxCPU1HO12THWhFj9hvda6TjIkXnYHFXtu3RSDdtKrlZz2J545JkKqGcMq0jxbOxsKckgaLb0SrYslnD2FFcgmDHrjp3BATcdukAMKsgF/pdCSdabh3C+cBPrcSL/3QgKaw/a+F7TbsGhj69ShASB3UXcJDSG+7DI19rQm8HlKoSGl+g7SijNnlOsIA43muYcuL0sXjYCO/hOtKpH8S9EBDXC3RimNy84qL/hpRinqOzK2R5Bvrl23gkS1K3QwsbWiSJQLBIvrKL7MfK62CIx0iA+wuFNMxQdZw7dGq7qWzUenu+X3789U4w0GRWIGL0lWvbnbzCDwvorUMN5NMy/0E5jsuHtO1AY3WcZ4lNTdwYq9dHa/WoO8/PfFSrUz5Bp+1yRyQiPYzoS89kIpKRDj3P3ElU1I13riNqxsDy0ghJXPEvzXF+5ItCcKDZoQNlPLqIxwn9aQUyGm2jshImOma5mwX4OUu2I9FSCVmqqOGAHjvAinuGWIsASdHCHw0H3VDxfpBns3kY9Zctiufj9YdAYaMFB5HWsXTvfXoc51ac461Oc9SnO2rID9SnO+hRnfYqzEsxbn+KsT3HWpzizXn3AKc6aCICON+6Qg6lmsrhPzwvwPossTklKBQJR6OYucmH1ScX6pGIPIKnYrzGP34PLflg12cFU5ek4pq1LhslOtErtVP6XVFno2Q+F3yozprLCXcA4OSRhnaRwm+aBU5X2mdv6zG195rY+c1vwsDK3hZ9U1NZXT6pP183rxjMD3YZnbzdAK6+tiOFFcjYUqrOU0CuY6QDpEDt7kOGALzeTBafW2QOTXT2FPT7NQvVa8D8MSskzQkiRNDgEja4UJImlqCn6yzU35zYoN6PY+U2ZXUfhdtA/Crw7XlxK92smMVI2j4aqVWRkCy4YBlMCPZHoj0EQC6QeiIeUzQk7cf7zz8CEaBjIEc3lL78M8eeMkLbhX+eOFiztNSI+4+dCcBmfN4c9jbskC8ewKXLTC8xklJGxqxnL5ss/WZ+SUcvhiYWufOiyDB1JDLsTBjKMfDWdxp8ouRAdp+DLplHxcVPn2zDrPCzy47Twhx9/+ZXVSVd2Il2TnB2KgSSATr6fshgZ5Dw4V5IrrcZ5UwqT8/K6ndMMncu6NS7aGeVd4MbKbWl8uyqdK8ZKNm16lHcQkN52OcFcfuS80KRHqu1XZXDNXTMwpg1VC1neYu9kjhkB/yJfxsuV3nKy4SgRcoLOtfFYNk/TUiqP7Ov0JprBGbE3KWsjddO2k6gKzmqmFJp/V8RAOTEPOGwwlFSGRBXiWf3grfsJNnv9K22Bx+viid53dlL0dpdkla5EpTotqUpbqRweFFUX1YlRxu4gfym2Q/2N+5ylfc7S31XO0trDVEr4rp2RTPp6miD45TKV6IpiKniGuPu0tDQEo+A1pYPHgA1b0LpaXZAzhxWYBGJVfmi5gR/GeQ6i3+Hx8Rd/POI0kbhZFNbfFs/qNo3CjuSqNV9vLxmomzzWMeafq1h0SwlmOfLP8SQrNFc44uofBlyYjHlRQ2TYEGuPEfE5tKHTjeA5IIZetdJch3UbqD0pbIyF+F7UdP1PXe0OG/lfelKkEfnXVhuRQ7VvxqOaOUC26RJ++BhFDFDPChutVIE6Xz6vXXZyq72Jc45VquM/WLSU/WPb2bNVQhIqer/VjUecaht2xefBSf1eIGIvjAKzhKpaqa3u7HwefJewF2ExZaydDKrawxv6K8upWkXPEkT+TBraOaMMbhjSxVs+olNH4RlZNIuuMXBDKVSNeFJ/qFRwWK0U7TU9DKotQzLM1DxMwksTa+cMOIN2nLPGvBywe0seJUxZ8si6Zf1aCazeIUuddaugzwa97WzQv6o7/+iLP3692zsfT+pqeTKFltfaHdb3vIA8d5h/Tth51KXwWzZofZRhp2uZx3C6FLJqEFGIsUMIFYWeQpEGdgImBAQQw0ZNnR5hLFZumFNe0P9z8vJbw1aqVCq6T7Lsb7559uTJk69lEWp3t0FPJlJszxmbT1EOe4nK9ODrQfD46PGTAQYZfR2E8+D7s2c1VSIF3cMXh0fwf1+fHX399OgI/u8/95p3R3OghUPM7lOe28HcfcpzZ1f7lOflGelTnvcpz/uU533K82rpU573Kc8rpU95Xv/tQ0t5HnGwZSOahmfCc1ON0gqofHEyNnJ0lZcwB2NyFYWz5ZVxfG2oGXfNFcrc1sc6Yl4rTNLxeJXZ6vNZDHzy7XimTaQw31EyQdWOxZWvmyF9Hn46Tb6ZxZdXDhitB5z5VXUe5XBy7EX5M8U0nAlhB0/5qbWqeqavgMFDfJulcT9BQaxWG6HKG2t30DnnSnKF92Rl+RQPzYiz+apwOqW5QVIUz5y4vjOE/bEFr/1VviKtl/B1apcoSd5spgOkMqgYCyVnKB1ECUZ2DlB57ogjyCzYR9BS3HBCU+2ZPBjU7H4icOHsJrx1sc7iFk8eizIM0rZx0lPrWCBgXaDaYLrgqPaltSOUboDTyKIS5JOVyLyYlnft7LSPVXZaO7+rsfkx5JFJ6vyYsqC6mB/LM07pUp0jFmeAHPO+2rQrzhkLjhcf87ca1JQLzP/Lkrdqow4mRRUKUWel6HgZX9tjxayZpN515ULdTS7XzM6LuhHFtyvSeAvF5Oec0yugWD3gXF7LASQSEDetZ0W/pTzuzjDm+88+iWHbCTjvsNcprKJDAvanqXZ9BX+3Bf+kYJ+sPf+8YEYX8L1bA/DGVfLxweMt2YtbsmvHEzssfu8NeeIMgr1X0U2UL4EL2/sOKCT85ajmR2wySQ2uYr4ioX4ykIPGsIvP7TEbT1Q8y/ANjrixjebMvViGAXfb8QIPx/ECj7LxBY8rdS4Ju3+VF7xONW67c7QkdUeX+skKjTnhRcoBO271AZHbaqW7yf/u0ZVu+d+bsrRboTqtudrXzyG/WvjmgD/ePAd8MdO5dyb11cInzbskcxeA/WKGdEflRYMbmb/sPPCT1HYxPX5SyIPu3PtKC0+55dOZtS2MheVjPCM0herEOKrWU4YToxPMq6zxMvKmWEmJS3ZUH1p4tE1J4YkbKk3GrpLCEx2xDsOvkg6WDnMHamhHCFaWYzckrsP29iNx65OniQNICEsT8dT3jpNsFtw8NydvRYu9N3kjmQnq+WP9cfKhfY7amSoKGSqQNoIpQO/UwUY91xSIXVSYvxQmESlUlfAbYuUUpWwCXndKLNdbEpWJZLmk1iZqxsiTDdN/t2JRM/aVZ6yL4F5Z1tjgRJbF4scLsgtdet8lz534vmcWww2z5iH8NPPWw+LnDe+oHjmmsbsXe3M8UWF+rZAh/PUiUiTbJtCl1Fid7da1kXm13WlW10sdGikHkejCbCKDR/lehTU3Sbm7jVZUza8pHltOoY5rv4OZBMuWb3fbcZUNk6tEAxRPyFrBAqyV9UwFRJloV2SqCL3SRcoZTDv6JMHFy5S02ynXKg58HJpjAcrpHcBQNnj8ocOOZgjYiOkq1Gg5GKHahADR6Baap5N4SlioLdFvWErbrBXwyJrUFtnZGQU1c1jXsNzz1plVDW1iy4Zdk1u+FUWOMGetYJpdhonyo0a3sMs0a3IT5rKfj2GUvKzkJ3Gg1w6u51vxztH4UqwwJg2jbVCZRTXQU9acUu2Ee7zVLTFzmRO97beNL1Rjn1XxW087OFohs2qAAVsvfBGB/BenWSmrxT0RaOwqpdZpBGv0odMa130bOkwDSR9zjsVCasVZOiZ8aiSw4lAMD8NFTtKEa2OSzZjoJeuDMcOipQf9f//v/yc3bS/I2BmhU2SczzdNwMgNOnNRdpujQqW181QF9h/m5aRQLQ0wZk6Kk6ZmLBS4cfaaFfO4lUNKZRhojiRWhT2YCXn30HglLY1fp443Hz0vZr6VGM3WzqPYEXGWRyc8p138lpP675lTE8t28mrSqPxTQ3vm16z0zytB9F3m2cRy/7k2sTyEfJtY7innJhZCVbnbvJtY7jr3JpaN8m/SXPkf1vY8nFi6n9N18nFieSA5ObF0mMX23JxYus/iOjk6sdxPnk4sHSfNI18nlvVmbq28nVjuJXcnlg6z1ymHJ5buc7jrXJ5YHng+TywdFqU1ryeW7guxRn5PLPeS4xOL94x55frEsk6+TyyTAge/TSGoWHMdLFhOTwMBVU4z0eUa+YgUqNxm23Kiu1Y8K7iMKdY0i+bImYoD9OuI7VeNeZRMKYC6VFHHCq8acJcjjwXdPMOrE5tNlQ0x2pyWbkJvc8bpuDHb9FttsDhYPGYNoT2Axj1PcbG3oewoVKhmTH4MJvyrHS5XMjrAfnPq2EzMXciBU1zbN3arua2ZFk/YIsaU1+w3IRLRa1ua/kr2v20sQaVSpU8RcKeSYmUMM5POfXQoKeXi5RSiSakZj/yTfroIXz3EdnQQnleKp+6hG6m/S53D/esbHoKu4Z70DPegY7hr/cJGugXPQ9iuU+h2/tbRJTwQPYLnjLXrD7rN2Dp6g/vRGXSYIA9dQfdZWktHcC/6Ac+Z6qQX6DZfu9YHPHBdgOcCtOoAuk36GrL/vcj925L81pP1MWiEvLYkf0K6csQl+i9ATbU6uAXDBVFK1AyHjdeI+NfzxdIKY9HQnNq/UOR4R/Nw7WPkr8bQUZI/navsI6ea4gYIpOjEpKKALXPEXUHPnFv9EjEcU0TCilwJQUse+EcKAXOjpPU0mxmwRtteIavOYhKocJ6uOP5QsjXL1JeXK8dIRWRSJ1gV80aU2NLRsu2YqAOFjgaU9964wyNjiqsuLjRUv/hhYW+1wzsF3bHfkavRV9+dvXhK+6g86Ek8ZerAbs3neIbGyxm3GAwJLAhePd90AX/AZExwKJawF7e8jjVVb7icN2G8lNx85Kh7TS24CBmjgU2oDwaX1WOVpWq90FLDmivtsRhKjj99vo35N7WpKZeAPOVMZK4hpRFSQNIqrK9dsVBM6FyEZVJfY0OIAxiRwGMOkIigRXR/Ev2IGjpdmUot2wDa0Per+BKzVs+QkSCAXgTsJh80C8ZtpFzxNeAhCWairWqBDeRCvpdWlThMPWfBMwQ8Hq4WcKdcAosl+jILaBH4HxDXotxyBk5NsOSUZCSnc4rxX1+a2Wa+bUySOoYyIIBZFl0iP0Qo07kN+0itjYIfawZS72jLhWLCYUzQvWE6HS6zyFpuOpp6lKI5qF0nay7olLp0U+hEqiTl0DSGbI7axgp1ywRMnSSEI6qf8ORCL9AxNVYBIwRA9acc9V/klepackH8SEhTgssXS272CeavtpaNcvHoWTcrhQhZWVS57X13ugZtZgdeicVeCRBTMlHbvXoO8OyjBpCTR9tTrzzQnepzTkQ0DccMtVrdL2pPtBMNS9P75XEVEVG/tiVNLwam4Nznf0Ovvm2Q1mKNWn2UW07AVvJthluE2ZpI6HOE104hdwonszPfOAP9rd1gu/FGo8sRLrqyi6BiVq7RYDELDXlnBRu6fgt6TR7NQ9gcY3faASylbmpIWTWMJbqFS6MD3mh0uIDghJO56Y46vThfMAtvCvPpUgZLezA2ztf0Op38B0NCDChvGAb7Wj9aqzAIouXYOa+KWIiqlHF0lYO85bA84KnmSyuPhTChtjhkTgWBd4M8nS5voIrDqzCb4B8lZJD83108C80jafp530hEBubKo0UitF+gP0B0EEpIggAwNsosDpGayYTpr/kZ+lqcbzcMCLGnxavWgrwnBSauCnZmRVua88I9tqa+nf09TfgCLh0s6wxR7JmBUtEbYBA80yvzkgAoMmsnYKDBNP4kwIQY14Uz53Oyg8tiDyTEDXPcq8AvAooBBjEPEeKacyLpWbBW+lFeOTfe3eB50MjWCrkN706FmQUbILu1urb3rHDozS55GuwF/6Y63HrdXEWzBZOuOR5XXpvwIp7FS4JGsNbmYnVxoUP00tLQ0xvUm+vwlEP1hpApR7BnK5BcXTrBwtY2UFwkcUhAm4uxMXmYCgdG0diQrXn2HnFNpK8LsG7rrDFmr2HUHs4mhcotC0slhwRx7rR38cU4KS2keXvWgubI5VQbbtQ+maQRgXQTAlgpaZQAh+fANlF2z/b6GaDor0Czy1eeao/Ikv4XkEI+OU8yzrJzaxP1wlUa5mVC0NYdi6V5ctxsvJaXfRgbLpJ27WnwX/vvwuE/j4Zff9h/N5S/Plc/Hfxl//3I+fzg80N4af/dyfA/5bd3Q/33T6MPnx/8xXp28C9tZjVfd6BFOgsp6fGWN7Wq1zIPWpu8hAId50WC2r63Kqgzr9M8RsSjQfAqgg2B2Ed4paQg+DvyS5lC+DPydhFyRmJ4Vpk+DKqt9lpPYB74XTMhqMawcvSYU6udi/CigNOPccWKp2BgpwShqGeeF7fqQaLmo3sPKKX5hl1ww+5wGeopbX1Rre529n8byii3Wdi7LqbQR9WOSHh0bwY1WPPFmtzAqlUMUlTcYzChCxbDbyxN+KbQQsM31222L38CopxVbEgrFVBXTbXsr4DCbb8UZkHFLs0MTFY1iMqxt+/UF8q9S4em5w3PLT+9hjcqblG1760HeFrf++ZeDXVQaulnFahf+Lkpuy3RLFd+WyZqonhNLyTaefMUt5Wc7OsAt1YqKSrlDUBGTUb5fU6JR0o+hXdRysZXByFYSUTvAvlfP2OGuTjaEgBbbKkQAoXMKRHHZrFqEe6qvW6UVwoNP9PXoWqXXHWwUZNEvMDROt0DNUAmRbI2MDdtcsgMFvEsg1s7VmbRTRMKVGs0QPuwYcTYU5Cy9NtKLYsKVTlHBOhM2plmmskeVhpiQMPbEGMxI3QB0xpnKJkIAnu4VEmhSPYYsIZ3lRcS12GFzUSWdRJKLce1k/PnGE3yTckhsbQnAJEm2ui4SPabLp1Uw56rV6s5bE8W/WeRecbZYwhWiQN4EWBvJSg7eiVbFkusRoRVIVD1DR9Y9+Hx0eMvmjzWPe5Dj9sQkyNuOomSYlFhiPK/lPZSb0NKVILHQc8YCiyN6eBNObOQAWjf4SSOr1JUC8I+JTVmmtGOXjap7sLgchVCw0uMbIY6drFYzczLNpYqxwxvDuHSd7FUPYozyzljm+SyGsMS5QUIhje8nOMUHaFyVmdR9Hlg5cxh9a3B22psnegToe3w5lC3UIxWHa3HHS+RlKQZ6stdbh64M96q8fCavfz+7ZkyGZG+lkjjW6Ksf/4GZTCPlWyUJtpXqYZXMqWOayrL9AO6CuDXMxBZBwF1eRB871YUtfarGR/Lf+colaK5WOzzSy7HeOzTkdgUKLWYx/l+ib4FI2MOonYsdYR2cMNdkaV5rpkEMe+dKMZtEFysUMkwxjSrFpSP4X8aO2E0YtPVLNjHRGkjcqGRrLCmigNWaSjtMLlIIcwDHCDOEDlHiT9s9nO7I5LhknSGNTxL7WuN6CYM9ljH+7YLNnWyuJIa/kYA7Mta8bewUasfqAvo0vyiZRG2HteyqzVJi51M+ldfdGLSF1ew+duyTl+xPUhnLrJpIz8kRrnCl9cMaP8tQwh+v0DTEP35nNi8N4xgOqAgJlTMwYEVslJjl6hXNQ0DXXvzM2yu5umbBgTVoXSo5oF0r2G+a3c+CWye4mLh3SapkCVA47Qiol3NzO9W2NtmSuTyGDFJE+eRsDPD5y45tm7nQdVxpsC5jGuUUkHU7LL1p2ObyQDJthnWJgbE+0SMQ4Iwxl0mIe06jVHpDkQD2VNssH5XjGcxJcFjTparUfpvVTl2QaqWnhCc3JCw9yWWpu5C0c7SIpMU+593wgj7A/1nqD+uNGfdXF8cfV29upyXluPQWli9m2h6aqpp2vE2OrDPdndlinWCrZK8TXm5l+zNLA5h09qEWqyetfMKkAvY8dHRv1rqqXG4CIFZvxVkQhRTohjFoLrtV0bfJNM+k2La3Sg23WLaT129xdfXdpHiwXEw1DcGEEZ3AAXnWfPRw0trezFLLw4xipfPAiqN0hx47cPHKHJ/ffzVUFwBBOBtGCfDZyA4DjXvOZpPdpoPl6F2JxsdiGIVuyX/jHoWcuIBbWTQiLAUa7jF6RHPm5ZpUf45l1m6WuTiFRNpSDsbjpZN5rSgE7Kn1owR9mGFB3uUK1FOO+z8cPxXarXRrOLWUXoQw8pAGylfnX5b8QPNSjpe76oeODjR/tMlBYuqvKFOEsONf8WJIWZGmszJTFsvNrk3CpY2kHqXtrwynY1isKVKL/Hrllo7b2DXH1l6dxfAxd+R67XVxRiuySn0jKirXOveMBS5+uf3i7P0OdQ9CBoFAZOJbcBJYOiv1yg0b5x312j8tTuSUpritkLdRkjcUpv/ZWGi+GXYIKj+eyMUeJPEuf5GgMoIWxw27sEYgGU9g0BHi8Ammn8svtp/LF5eBy1WACxd1u5OrAFYzjjq41ZSTJCGWcbq+rCgovzjV3/adPp8lC6mdErHXNXOlMjlSONrW/qaGj+am5ATRlyEOWVuaZvab0gPiSrmMUfu1jYUa0o8uw2OH7PikLpV0fe9+/RhVK9s+npQ6iti86yIsrUkl5BoGvSqRlIoXqI1JC/SY/E5V/XaKVOAw8PUKW4UJL9kL27LEZYu2yVTRga5Mijm5RIkXxgWRhNJLBemQDHHr5uxyb1rXmfpZDWWuCltbCrfwHhi2ZCNFhNYOSs7BAgvElSXGwaK6KQ7nTV+qKxYFIhXUnx3tV9hOVP1WDdCaKnq2ylNxQ4meWKctjAsJeOlezP6OIYap1Dx2fxgOXb+NHj64XPrnx8O/uLy5vQiim4TDpa1zTjOCW8x8WBp8/8bBnvYnCs3ILxCfXG/06R4NcU/Xt53IndlXurgr/wAHZC9Qr7a0rt7GXv4VWFzGp8zwW187EDDd9iMsLQ6fLY6e3ZPNO928nR0t5tPZ4tNAku7XaJskdA6/XpNIk1IRxmeKy5K6g1Vl2N8diy7r0So7TCJ5U+q87haDJfpkDI5tShEXIrhxtk01fupRJTgflez2njgah9UfmSG2MrYhUCIKItZv6wutLZUrRiF4ZrlI4vDWzE4EPCd5sArnqvIlqnVVK+iUrGyeFxB+VWutfSyXPbBz798NhwOP7NAAVHPTGGjOXnmC4rP9fFnBA8WPCM0Q6WKeM6YJGgBstNTVdIwAYeJVIci97C6OMH5HI7DIcr9T1GzHw/z2xzo3CH/je6ZyeUQP+QatJF6COLMCMnQxSrGpOnUPdX566PR8R9HuC3sVD6iAB8B+eLhKO/sp3Z882cC6KX2NUFwZKtZBFJRqYLPVPYXwiqyvNZzyfn8NPgxurhK04/06w3/rZaf7WLPKEWG2RLikWofce4OTYhUMZS3Si8xxpY9jdYLC9oIh9xVtbNNx99EGF4vy6/36zC4Prb+RG0y/pv0yU8rEypTp6Zbcgupfw9LsyxQc5pE4zy/WYkKFW+Vv9c+/jaWxMiL2SoLZzXrxEsA+2Y1C7Pq88/wGKZ4njWEGCq7r62hDwspniga/hkihCR6KAViS33TGXpkvv4bGAX7nFL7o9JLvLR/Lf5YYXpqm0uzSeRuy36DG/rO+qWtlTPJ5MryPkznWOBjY4P+Wbt0he5o7YP6FKsFsjNfFDp2onku7pa+N/ix2XkB5Xme6/R3sI4JCIQ/PHlb+Lk+YFT3U92G/FE5tN28VhA16xWrTUCqbvkfu1wTmyJ7EKMHuGdK8au1R8ZvvAn0kWOlcwuLFM871DBOLzHvl6pbQ29SAqQlYz6gazmJzhRGXaoZBeEsIiAXBLzQ9bHMXu7HjvHg9NVac3lX5IUqpqV7eQizktSg4q/A6gS9Ckr/8ubF2zM7HZ9Gp7bUfU3rg7MJ06NQrTU6SZRMFmmciCKQ7ghkJebxkgFVonxZB239jG5bcuJjs2f5hVOHt/E94W02rFZ9isum8JxKAraifgLzq9lHjH4o2KfUafcNyyHi2mJ4Zdwulf4KcWimpOpC2LnX6YQVXAIn1tU+qq6QTex4OptcITKucI01qRSesasou1wEezR9e4Ng7+3HeLFHbnV7P4Yx8DWopYB9uNdUkXxajiGl6SliUlbocrgANtYCS2icSS6nUzNgk4BZtU/WS7wYUcPCrZaXSPnH6gVtwiLWNnCukBSII44I1uB0VDntQEEUlDGrwRBzxdKWfYOXC8UkJ/K6wAyKraw8L8H+BdIavILJqkXVHowKkUcOUCDEYQOKv4xn5EFg+i9NY0I84z9xqN1WNEmjcV5E05QcgULCrmibQHJ2oQYa9w/tuG1snxwqwhmXTM/MPTW1Wtzc5eYXXZtP0IGfDhQw9PWelWq1byJeCmFX5uIlNFadIZgFaDACQp4hdAj1inokEFQyu/COPg/h7Ca8zdlzhdjDPzekNHclZqaxNTzDVWp4VJhKhwzfqP+jjbwJHeRjahPBFkrQtC3kBMP0ChAX12PTED6i5kVMry3vNdXKlSDxoWAOCeyIXeTMQQNlaGzrzjGh+pE+As3ODyWEBHJj0GOjIz58fPzFH7/405OvvvgTdkT/64/BPmEa5fF11ID9sqkWp1n5OyzLY+Uqa3WtyvlrHXcz7Timt5MiAy+NC2IdPbCsVEQZ6p0ITy23SnsNawUXRWLQfwIWWHdAPAm14Fu3KnZD2iQ5X82WMSJlaffYgVggc8KZxc3w3Zv6PfSjSi4gKEY6BY5yM7YrQgOk+p0w7viOeqt/QzegV8/rW9LjNNB5M7ZT0kbFqZA7rzoVcMPNEAOGbtCbuBazCToJpIgq1BdVqYO1ayfok08DfisvgbXZy1PoY6NuuzxaJCfk+ryX5nvBn/8c7M3iZPVpj4xIqjbzmqvWPbihLyOuZEF2Ydzze/XIYUOHJ7oU8oR/8QnFoYJqqaauj9FtVal0qNC+aa6ae66ywT6F2Y5BRtqku9+2JAAP0vxpQDNc/0ppT2xtbmhpfKbg1GG8ZELuGNwwMOteecsv8r1MkOTf+hQ3ksj6O8CXbFY/Ba7UytFea2pvc5jzXExfh48yQSM1QynuguckF2Khz7mAgEqIiSNbCIeiqIPvFe07TTGzMjnzJpMwm5S7pIAj83/n1CqIQksKDheRIn8JYksrY0EBwiJ1DmDC02khZCWc5am++ZJCiA1jtt1cpfqeao541B3RUGgm6oXyh4kbvqae+iqhkJYSzffsu760rRkp3M+1TTfWvkaXfLxDvalSUNr15Q9lbwsgb3FDua4gxdbNTdyQ/YubB1ClFVKwKxLZSflIWH0SZaFhaMKl4Z2Y4A44l5rgUyaaWNPLLU1nESlpabNjPjasol7rWiz+ecnxeml5pTRflBfOjhrDH7Qc7LXMXAyvutXcyPoy7DYsr5Seeu0sr05a3Uc5rxXu/qt4wdiLFIw/9VowLixwmfT2uN9PkwHCIOJ/mL+hTfA8jXL4lX7Z6uy1MglSus+dyJExIS+Quwrx/JaePR8pQEk9z/D2KZq8ZAo8mik4E2IjhFh/EVG4D/vx1bUicwv/sKd2owalMbpr+QkbdBjeVXROobIZOxOiqjKPsssILbrjq/ZV9yCEMgL/7eGHK6dKk79QawJYP1g9YY9b3lCr7HzNM6Wt3+DXHLafBFKwUPtRec/17RQyYPrKVyDmBIXj/DPedHQafoFtGmeIz6/Ef/uZTlOqq2lpbkEKTtgTUIHEiGIEwYxvYQo9LfIgiNaMUDl4O+mwyz34197AGYCDxSYMe6do5VDILYWDri96UtLt0bO9ddkWjx3o8Ur3LExtgrE/wM66co0Onn9I8orNnbtllDq57lcmqtQMoVViqfapwRKApSjx1b/TSyhNne8llF5C6SUUVXoJpZdQPF7uJZReQukllF+/hOKs0hkcNY8TediEylR/TDoejsLr13g/2qEPdtFhZk8poU/Mhl9tc1dUeZXE/1jVWqFXaEoG/mU6AoZ6/9OA/6ZUK/lPaRLtAw/3CQ24twdlfG70BlrHuYG8iCpWO3a22sypgWru6tBADYu1XFvwazkX1cJOPBmgG35eDDo6w8+PoeAPWPVhMCNe12mh0h8/twXLeYm9DWBZxN0gvUQxdK+6KC1ODM1Vgmgwx8DwVb6nqPDePE1i6C225KrU8m+pe20HXgvQ6+YObc0uL7O8yZhar20YydPAzH39i5X9s2GjRXw+HTQigVh60SsVrOeNAHuu2RNB07Ta3t6bF4L3jPsyR1WS1K6xo7np6IXgJs9c7l6vp52YSxeISz22Ay+E1+ycW1Wh2QTUVufVEG7PHjdp8tRVWt+g//bp9Xm9Pq/X5/X6vELp9Xm9Ps81gl6f1+vzen2eKb8ffd69eBxY8suD9TbAPrrlkHrJ7VchkNR23SmZdPYvaJc3e4mkqfO9RNJLJL1EokovkfQSicfLvUTSSyS9RPLrl0h+8x4GjASyO++CpvTskwo6SO1UVz8faigo6ycEcPqssaKuuJw99KUD+vIqCmfLq/FVNP7Yg1/uFPzyP2imn+FM08MK/KX1QhMApr1avBBXabZ8ZfoEx+lqbP5qwMm0qvls60iZL8NPmIKhkIqOG7SSTIaoa9GAQGVsS6DE36tvPrP3yMvqgzaMy1fVjHUmL4a4HdR2hNF0VRaEEngBd+dF/cMqnk2pT88kDYZO3lqen8buSNf/o2ZuntU9qnZlYiWq0/RSQXCGs8VV+IQ3zRoYnAUuqrqrGyA5a/Y2o3JalVXS6xGWvnKfspLoSU4CDS8GYiom0LPk0R7js8f47DE+f40YnyqZrSSv0WdIodMzBQmIhAAnPIvHRX68WU0oFzdegS2es9abGm8f/xaao+AW7T3EAXy1mUZrVIHrZpi178zqGMLk9rtpnRDhxl4buoVpH8A00yu1cEIk5x34hDpJ8iQBSXeVERhmphL+SYoqFFDlU4JlXcJND7Rxz+7OnmnF7Qy1p5S8eyTa4vGUKqrdKshvMKvDNBvy5Fm3rSlJOoneIlrmaoGg2elquY7jdrUWtTU1tjcDE7KlTA8bXXLx5ZBq0LepleFhmdY0RziSU8pozpiV5hamRahbLmc+c712Z5JKdZ1JqKmGSX8WAXGOENqctNT2VlGpW2uqE+GJ7F8hJuqZZiF0f0XEUT2td6kupv9V0J2wI9MFM9EDTowxhXlDRE/LGd5mlowwWNMGpyLG4SXRjSI0+u7RKWn12HmlruB/0CVyWpgFIV2KitaueWh1h60fs/g6omRwuFewDgtptnM62Abmq3b1EclWGCzVdRlmg2mgRR9IK0VcdnvbjWrC0yl3IpM47TBYxNE4KnB4lOguCifyI16sWSTPBnxjOJWWhhNENRw0Qfqh4H+//e7V4d9S2XGYpjLnfL2kjhsA0wFnPsxVvuK3lJZ1HibxFFiQkdQG8/nu8YcmhR1mHJScVJRwkKwJikFSpyvmyI1A10j0hTq6SCcywBsawjL8CBXIEIAhm8UfG7No7ZFEaLr5M163v+wF+3CGYPr28J973A3NCts3sukOG+2y+PIyakZ3JtYNmZ4DyseFhn6rikSufXWTTSrdg1mEvhXnoKEp4KOiT8FjVg5DpTBLB2I/yW/h+09EPlCrK9iwKll6nmK20mg2G7LQASSYrEsN7aglYvvLAu4Jp+Ah8+A+NFVOXBW/80KcudfpvTeu1nMmklqe0X8mXll7dY2ZKEZVUKZ3GB+mqs0PQSbOUOl1eJNmH1HRiJtxyKueH5Im6/AP9J91B84KuQ1Hz9Cs9zYF5EdyuM4MKInR/+5qnIe3KiFnqc4SzniB2s7DCZNjYO7v6ezgPJPaaXw7VBiuwGMMiYWEyy4Z1xsOWyZ2FW9EXL4/fX6fJwp6v8aBcpqmuti5mn3uihK15Z1lnFuMa0/KJkZLWsCbqE4cYKlbSQHRpygbx3nNBevmAf28sdb2wyr6WjXshq6mTP+k8Q778r34W3X3tPLxsWrxrlrDr0p5TTlqrVejWE+98oR7eFF1yg6+K8+p7ftMec1Pu59Ul9nZuW/UHXpF3Y0/lKcnlIcPlKd3zA5df9qz+TZ7ObX6N7U6jXTPodsypFY/pi4eTK2r43fM7sxf6c48le7WR8m5i7bGqWl99zOVD3ct3I6aasw8GH5oaSdvl3RGk4izOtXN+s1VRLp10Q6XUv+qNkfMNVkV49SCYHFBiglU/9TUPUuB4IWz4Ls3IMCMopFIMTXdRDlHIYaofpjGK1X7gQU0nJvvKxNZvL4px5XJXUwmaM04McBFGCxZA1/bgFEbUbiG0s7DHP6oAjpQhphYjVyFiBgfJepIXsYgf9VXTh4CZFVH9WwU5sxKSYe0Pdi9nPWqcCfVkgzDPmyw9LG8zANltj/LsIvfhLMc/vN98jFJbxqzdDkNZVxaqemyyehS03cHT7NssLrQGZMJV2wBKURpFa0Va2YxbMONfQZ8F49LQYErG5V3LUz63vHVnnXAqKMs+xEn7sp3HxS323Fwla4ylQbuIkIOp0tH29cLX/BZLDqbMLbikd3ZTnKxNMPmKRw6qAWbXmseuH1Y13BTbfLptEzdpSe1US/Duouo8EaT6b+GftRRDTldZMnNojF7cGkXKkNaGvzt7AGzjq3ws8M5wPd2tq4t5Q0k/lrK65HtMqXUylZH173QzIWlGib1PrZqPI0KuSBr50AVZraIZeUer3MtzIAinGUhnH6VE3pTMlut0WgQ8LLDHwr3SrDUbytsLbxoZKsQp0qoWi3xoQb/50Zd06sESNrsVgictDa+CpNLYClZtAyXKvCRrjEJ2lzlyumIuosVNl8rV5SeWrhkqZ34+TGqI8OLckJbU1TSPXQhGmJL61Jc5WS+4dJJNSyMXK3mIbJW4QSHYJ7BPKJTD6bnjIB7BdklvMBrlWZLr6RXMC96ZWkZfN2xYy7VJrW+/9C5FrVT5V/K91Fvnke5bGI9Tsrr1uTpZQ/aeETRbsGhj69SFLEUCw+N4T5clhwT9MUMDMkqhIaXEfyj1n7fMMXiqrbZNOeYHjVeNqoO/YPEuR7lnUFEMPq0mMXjeAm3WQjyp+029oaXYpyiGSVny/Eq55x8lrMwen/MxbNl1qwMIYpAseO8sIrwx8uVuOCgfna8xMObZhOUuR0MG67qWzUenu+X3789U+lBSbolYvSWaNmfiWVefwXuh4PfHrvn4s2FEzRk2j5XAQe+T9N0JPzxCGTXQ49z9xLl1ZGudUTtaF2EeFGhCQxXPEvzXF+5Ofk7BCfXQOKQAA6CixUeo3EIuw++vYiBCGS3FjvR2AnJWQ3fTVezYD+PomCETLx2F9dVHDCHH17EM9xScPdNIkx1DYeD7ql4vkgz2L2NquKdccBrcLnNOryif3wbv1Z4WVHoZboEtsd4JTb45hdaTVeJYCUQja1zSK185s6LC4w8ekc+DY4aRl/vslkOV2iZgfLrTXNgJYulkdbMwf2PXYkCf4sSYV9bRl/9wPCT5Et/aR6od5tGHlkOctUjZI33qy86Dcpy1MtP2KN1Q+9IVY12X9arXONNqz1wnesrEn+tctz2/8VgpWAcZ+NVTGyeshkLrObdbJNlmF1Gy7aTIW9hn2/ywo2u9Kn6TFjOkzUzUJgn9IATsBN/Sc/DbaBKCmvpZ2Mo5RTva/5FxVJaP9nBlFKXcAwYWtk5QEzEUKmpHPtV1TpIeFPhq7aoLxIOtR4OZC6QvclnVni/Rh2B1R0NUas+xEph4PNFoWMnOl0vd2qiHIr7uLjfVlwcE+4+Lq5lfFj6uLg+Lq6Pi+vj4vq4uD4ujkofF1cfF8eIiSYtSixundhRuDnD1WxJzQXHR3gCVsvGDCi36QpazK9ItRPnpFlnygvMKxCuASkOtcOMVoxyXMlRH7LXh+xVprMP2etD9vqQPav0IXt9yF4fsteH7GHpQ/bs0ofslUofslc3hD5krw/Zw9KH7PUhe6Ux9SF7jf3tQ/b6kL0+ZK8P2etD9sqlD9nrQ/aa+96H7NWVPmQPy686ZM+6Qd5gVNBGdxDVUDJCZ/TbLm3PRdfTOpNzwcCc2/blmpbjXNkuCt3fK44S+YrwIzSDXlPRhNRyqCAq2OPrBvbichTsvXsy/PLDHiwzCQjzKFR3sj1U7dMqQ9WhGnUbbT88wP5mEV3B+lA+qZv2fbi3DurquCjVQSb9L2uqqKp3wiU6RT0N/uv9u3dHw68//NuQ//P+w7807MWa89THj9Jc9vGjuvTxo6r08aN9/OiGQ+/jR/v40T5+dK1+9fGjffxoHz9aP/o+frSPH60dVR8/2seP/u7jRx9idOQDCyC9z2DNBxjtq0JFVQrR9SJFNwkOtc5vQQbrAzv7wM4+sLMP7LTLQwrsDD8pU95XT+qYtD7s81cT9lnzegWhQCsQDeIC6bbgl8tUYrGK2AUatMDcWaPgNeEXBKiysI7+1eqCFDCWRw8c9PzQysx9GOc5EKPD46M/Pn5M9+kcqYiojB9u6CotIF1+KpBTbRmyBOBAWi1XWJapVt3CPSGfWJsNNwi8AXxYvkD1D6zIK/ZgSB5BL/I8HVMwa13VV1m6ukRPhXOMjhi9lpjL0+fnvOwNwZc28xYtdXRVISAz5Lhb9qjhUEoUo+r1RUKVHuXlKFA0GtzaBh7F5AX75M80Ya1oqHRrdQbXIZrLUFSHPRgmETUCtYUzYio2rVsWZFddN9Wr28pwyrrG+nNM0ch5H4zcByP3wchW6YOR+2BkU/pgZJmHPhjZbyb6YOQ+GLkPRu6DkX/NwchhH4oc9KHIfShyH4pcX/pQ5M5N9aHIjdJIH4rchyL3och9KHIfityHIvehyH0osp7HPhTZfrZOKHL4SYUiHzU5xfbByH0w8laCkWu+/tX7ili+TPUO582U4kHFYveR1n2kdV3pI63rSx9pvdNIa4usHh89/qLKmshrW+Dp+5jtmtbWXazHX361w6Xq476rZatx325uhksfG97Hhm8cG35HJMMtZ1d5ls7ieB+K3oeib2XsfSh6H4ruMaO/ulD0AqGvBnu1EnkngS9oLzvpLzlq93HLPMpbwWWWrha0m2i+iMsS3ZveBRN0/Sd10YRMNnVKwqRGrfAoV1wQ6dmx/h+O/0rNis96V994l06kMsRGXsdSmFhGLfbj1rqLnJUXtaPSfG2TkgLL35GjK9nImON5Y86xnPlB8Bp5mo19q4xCRls9lUyLAhuyniHKWsoK2swv2SPUAdAonb0R5mwT5yh/HU1lhC3uNPegq8Gynr6mo8JmE8UMFl/lDBYv15gWJQ2WLmt3J8oaLGxkYOkfpWNUAMhYXR8WJMg/fvWnTafPhy8ypZPLXZWBKhE6gxBh8VLa5dDs1ZswJ1n7AkS8SbBatE3tNyQmogZgzO7YtQ3FNgDJ8WOW66hbFXHs3acPo3p+8OtBqa8xRWAhsZrUh7GZQvcRxoQiKZQ4mRqSF+mx+JyreibSFAdfZIo7ZlsVt2IPS5ftkikdkHaUASJ+mYVzGFY8DuIJOrkD0cns49dNF+jeNa+zdLIak9JpanSB5asTTyzbGbR8pPUIyYSshtCxXLqj1Hxul0WJNCX2uuBBFa2nXsRypiNBzY0QWpqUdkqzFrQklpJu2b0Z2xQQWIwh793J8D/D4T8/7MsfR8Ovfxo8/fC59c8PB3+pWvdM8SKKbg0blrW1bM4Jb9HAYYlAInN1bBjsYXN77leoL+53pC+bTqVLKYil1ktk29q/4rV53KQPw2L22v473lGw2Yby1+fqp4O/7L8fOZ8ffH4IL1n79MO7odmkow+fH/zFenaw4ZZtd+H10sXxq8LmND5ngtv42Omg1KjSw9LqK2zk0QbteXdnYnQJ/RjdNhx2R3eb/JKhwgY5uWZg3TDhNDaGhoQzv7gR4YbD4WdWSDe6ckSfllFCDsAq9uz6+DMKIg2eraCBuZKxnuNtx+5aNhwPgQyFlhgMVydOZwIdy7C6OMEBDMfhEAWap8EYo9Xy2xwW8JD/Rr+A5HKIH3INWkk2BD5thPN7sYpnE67vWnX++mh0/McRboCZ5eUt/hgjWBcejkIE0IA76H7ymYIVE53MIk1n+aj87WcKSoghs0wooQQH3D4NfowurtKUlZc3/Lead0ZqAil4Gl+abSVeEPY+457QXEgVQ3mr9BIHddozaL2wILS1Q0H3Un3QHX8TYXicrLzeG8Pg+tj6U0GskSLmaWUuZdbUTOMUpJkWroelCZZYZKW1eA1TTL/iIfl7+cm38CM9XcxWWTgrLgzPOSoGX5nmgUDxCUPhdDULs8I3nyFKXIoHSAeyoqro2hp/R3BEq7MULgK8p6i6ZQKrcHzqtc/sdX5T/LENDNBuVhgMhRtwRj7ixAEfvo4IUOaQgGFwiPiPN6uE/vsNyKaWpixajhu7vLgK8yK842vrl7bO/l2TQg0EYWBtlOINmMnylqjiKSqgDP6XVFbo1w+F3yo9m1geb5o8/n/tfet2GzmS5n8/RR7NzNquISnLdekuz/b2UVtytU75opXkqp2pqXGlyJSUY5LJySQtq/r0OfMa+3r7JIu44JKZABJJUbcq4EeVTCaRQAAIBAIR3yehBNOp6Cd5SdfBEqwdYcwB8iIK4lQmi934eSsyD40f6e404u/YiFRheGWGsXdGrFyEI4xwhBGO8AHDETIQjPb6GLqlLpGHgT+4JsLgmdiuxEDtFTPwAHX0ov6wcrDz/Rt/m0z4a8fuYxbDT7JciicRHK1HUOpaoNAorCPAITuGAI/JWglnjSpUsDC5+ow73IofgA2KUlgQrWp6xehVE3WBK12OUltb3nrKAGq2Y7cJbfYsedKsVW1zpntLBtiAhVMVaEEIYVsqx11HvLgdLe+/EvZ5NRcKVw8M0nUGoV4DOu/Qd8t+Sw52O9irTLhRLWYT3Qx+p/HM2q8y/XL15CD5K3wPes0RqUgnEzEwRgONEJPeZZvAXHlctZt480tBms3rxTCwZd4KXJDKVV7Jj+rAe04B4y6LG15WMuoebK8rAOET56VLEK2Kafw1Kwv048JWp9IKvbEePWeoOnquIRz5W73fLKbF1YwuGvgr0UMIaBP/45x40TnqsWW2OjC0EPlubpsq/gtZOPSLF71H++A6l+q1ilSwMH3I5gfoHHEwB9StdCYmwyFZQxTImbsQu3jr2FOCO2a5nYDV/qfkyHyx3RHZfSc9Sz8fr0rfXaYDZVeWLrTd5nMdvtvw6xvZcrX1tKB3jYAYwEyhSEiw9yerKWj/U3Hc8QYDJGohtyv1eX5/QAOZXwjwFqeVOOwvlYZ4kn1+kXyN2HJiuWcl5NakmF0W0BSdvQW17Dz7p6e+pqBagZawPfwM7iaRJ0BvfuIJC1inLruN5mON0/Fqits32upGJ8RmUhYrUvKrha/eTp0oyz653l/IaADSlAg+WiRfPvsnzlwVmoDXzHFmjHc6deL8QVktzAhvHXDQWMIV4PhWDKSoLowxLtFTuZ43xZSS3qCVaggnBY5L9nkMF2w7oivG7uGd+3JfeYf5hlNjWiA4IKaLf2Ro0bZgPFUrkYFgOABvIM5hFYGVUM9d0ZglOYE81UMy9PyKYjsmskp5TMP9j7MNG8IIWHc9IZ61LM3F8CD1YGMx99CGK+OXreG4GRXXY3qHqbj11dOk4+LTpTzVvuNVm7UDyfXVGyzyNdQb9BHq+YN9OYXoPk/tpBVZDdVUWyrBrgfXarnSQGeFjvuFn1LzLIpfKytP3XUFblslxtlwSVGiuQsik5vr0GaUf+0Q/4a1WcdtpvtiPEzdyLtybcuPJNfPlI6QaNFWqwWkiqBzSR0CHFVu1azYLZc8eC2BSAPM3nUhFpdhyOMKWJs+Pa2HXDeCiNnL0fd4Ynf7WZvjRoCS2PCSgQTy09Jywp030OPvCDhUvn7Ns0vrOtj6UA/kLSgb3p2NNjLW3WquEOQnCIBF7nRA0aqQj0yCsxiudDCKMGzTp4ohWvEqgTt2vLlY4hUQEE1ArWh7lpnolhgdI4VMzQCI3rqSXCCe1/zXKiuvSC+KGrUDEz38iAyAuwiGzGP8L7t/fBtgY5rZ4VchOXN4vsonYippoTpr7QzsSGQ2TWb3X8sSPtZmfTzYEuwfxHOWfx6Av0P521BeYmsTYyR/KoZdrKj/chqrUNBx/u7t639NDl5hPfg+8s1dMKoJ2v/Sv+cT/cFZI7kYGjjQDnoxZVblXJN28B2M1G5ikAla17/XalyrZJFWEO9PtpVEzRKVpdOqIPcsw4bxKiBxiD3lTMjPb6xl2qNJFYM0UNDwYsTJ55hgcf5HX2Vder5AOQy0pMhpsXrnBGLC4zjFiwd5l0EtVeFRhKL7MdNRlr6zKHWWvac0P6zsEs7hM+DFOBdZTq0JyR89bNXAeAHK3/OOt+9OeBqI4fjq2bfiCMMcBoMk56mQ5ZyohY89f7aTvGTvvjgAfP3sGY3mkS+KCwpdB0quHCPoVs0D7MMYlQ4b5WdgzUvQGDxXQobYcgnTWOVj46z1KU/SY6Agr5InctUCvNDZkiNksWpukkapOYJfDHfxqQshkqx86h2wXcosk66/ROqKDh+uLje8JYvVM1sUhNntPdtYMX5I/QijfT5WWe9ulJ+0Flzg7nTAljz1YG9CuWMrYNqG4eS7dIgDNJCX64fzitRHUZ6nEFyAz8lIqF99euQJxiPRDo3IQE/VNixOSld8eyNBg/B6iC8zVA4VBcX5DjxUO8aObXR3n/rARoM2djcbA5TwYUNlI0H7WAEpOhMVJDdKDiqt7tH6ITImMbwqMEPoounyAni1fFqowB1XggDAfoPZrsCnQvsuXpVg2IOp23UUTLoAs7mE8zw20Dd8QjVgngPouZFSROLHs7TMQTvNhRqAzRSubhW9lFYQPB/xaoPRDr3uaxnS6ZsrnYEbZuk7sXQ+R8WEFw9Iw3UQbUDpN7GJcMMMuKJPeIJn4jRrWwCjZFdmjulanMd7KHVgYHjR1oSO81u6CkqF0l/wkVVowmKOMLH1oC/ftHhbkMNG3juTJ0pbY+h7EupxQnfQuhdDbaOpWDMa9TMn1jSUJWIZy9cpEgTKWfHNXxZsmuy9Pf7wevcv+6/vbG1oEpSHtCiKS6H/jiQdimdHD18ajSqbQT5ylCfZgpSjhCHg+EOwyHdfv1bPsZmIP4ebGe/NSwYBkEATJ4myOBRKTqlzcW4HH/YY9mZIAxupA4AkF4NdA8LhibLO2Ml9hxtMvCUysvJKMVFhm/HVHIJX0OdGnTq/3SCGoznB7mtwVXac2kpc5jy1EZkRT4wQg4p94SRihWVxX+ZnJ9B+n1TEd7Vpp1MSszlyccJKhiiOnMiAxBxBdkbe0ZCcUExcv887UXN0Vz4tp40BTKzOy1ovpiqCA6Y8sMl51SHeIcrwfNK0EmGr5LOOUTkzirorC8mrh9JFH6jL9YgEdQmkURDymBbjjzjCe7C8+zaxY+pAATWAGX+7b/cUNx+8UPlAtgAQ5RyvvmQjtoTw50h4WlLyfedrdLV6xbLG0jG74kgz5DRQ9DyuxBSdourorL/GbMVLsmsUwGuQBfE21c6+rEuHrEuFOLb/QYtoOGEZdb4cjOMLYaKjOV7Xz5g7KBZBSmaBTEhgikahgzJY1WO2vvTLE/ny7q6bd4xnPhQ4XU4k9bBKFAbvSgW8hlk2qcAGgwHdgkvTWV6ZCwOH3p9OCgVxIy5zYRN99fx58uT9XCxh4KNEr/G+mA3Lq6dG1gE5GMMW22lRCK3sHxW9V/RaZWoJNTjWcPNT+QFyR+oUgg99ad2eufkWHX0K0Bx9OBh1uWM2Rl2CdbDfJ0Clr+z6sDbqsnm2OQ99oy7BknLy7unSV1A9uPh0uQE5OUn5dAkUU1f2M5ShYZN4H4OJ7n2gw5UzhDHr9GZ6XWZQ+vDWNCt35z93vLydsiJL2CQzc1okgkaN0VqGXJxm4vyVF2WD6fqOrr6hqUiS6Uld77Z8xaaxhBiLxSZOvqoyK2O6MGERnRyurjmRQ3yZLiqMs/KtKgmtVihfIV2GccjO//vv/1vpdy8w+DsDjKe8mrmVRNipgF4ojlV+hdZPnalKrXLSUpSJEcOqSevapYLgDuCiAKHVvKuKsYC5rAxbWd0zW3nbzUIOZUQ63tYUghAmgK28Sv4iOzDag9gR0KIuLiOzyRmaj4QdF2r7hB7t+hzuNne867FldvLHO9sXsHneDq+8We6OY94sd8k3b5Zb5p43C6bA3g4PvVlui5PeLGvx09dkFb5YQ85R66zT9c5S9+g01UuKISeqdaS43qnqZli8Qw5WvYXWcY0ny3qSI6/qvRAfXidtb1J60oBazxYIkuFx01iT0BRCx0kKvpp/CK9cJrRFpXMvSp0sN7zeYYwwKnt8NWRTDI8ainBg7OPzpdJjUAL8BesMxFo+g5vRAgFugx4SCzyNr3seTxJ33Lh6otdoYAy5upGCAdGHHPhOW37jabGaDCHOQ6HU0os6GM3RxJ3n04F5MNRBeYCnIO+mGHxIQlB3VGteCB6LoYXlWyRwsDnOxmWGGE/+pgUO66RW5aalr2u2oWdU+C1Zl3jlYhskHoibGgdfneGgjf5V4YUbUeK6HuyI934eAUmsCB2yBKGLBsijhjSyCedOrUIpizpiiekVa6aviFH3RptoSIgUcxq4tld1wBQjx4FDnHmAOo38AJEJnV+mKrXC6/MJF1urUunz4XCihvNnjCiGIX6eAuPmKUpj3niNF4iDSpjnJNRrshmPSaCmDPSU9FOSt+khuXvvyH3wjNyRV+QOPCK37Q25lickcBF2e0D6rb91PB/3xOsRKLFub0c/ia3j5bgbD0cPAQV4NvpLaS2Pxp14M4Lvjnt4MfrJ66a9F/fccxE4AJ0ei35CX8NTcSdeik2dw9bzTAAW3F4pdl1O79tIHkOjzjpdYDoDxGQcGqI/0iwvMlYZjzkVxLWC/TOBqmjbRY5Mz5tPMLKAQAnIaAI4kIEk49AvQwg8TujC+jm1FVqrkHCm+SznhGZvZsO7k/0XyVtLp1UeLoVh/gLDM15O6Y3JEFmPxKO/XOeApdEGNzF0ujY5aC3YwkakRi+8QlmCcAs9sIVt1EKTdDDwzbmRHybafpGfQ7LsFNQiwlGuZkwBY4CajyQsDELkjYGLAsxMPi9D8hYCqPgCsTHk1KgSuqlklryEcMPhapFMi3Mgu6Gu64ohE1sYn1llAFsUKBqKNkWLzxsYoLFUllratAvpDN7zDA4t56DdEZKzMoG98W2j5EdLR+ygEVQwLU70STRvWJwNl2VmDDcE7OpeDhr50+Y4GbLAJAHfSRtCW6Xdn+qXgdKW07jJ0whx+Bgqq74h4YpWAMhCXoup/mMFp3lK2Pa1gxKe53jug+HLmcF8AukUxrAhaLWSuh4poKkuYcmVHznzj8KBA2e6dBsxGAXOqDFwYEOQCacLwnRvrwNY++DPIOpjU/QSTcXrmqNI67N0TDSe7fki50S30ghQhZ+6LLdwPfjJgnwuQ9baEPfhCgc2oiUntxj57BJ/oh2m5Nl5OiXij4Yc6rc5vjf8tI4nWo4463MBJM2WL+2td7dqqBCAah+7MLktxE42KqfcZOK8JjC3Aq86CoO3bT3fhrTVeFgNpgmzPEHEL1KxEvmqgRT9VNOUOTsGZX3UWjXZ8LUdPa8/bCAlaSq89lJpt9YXw+/jbq3fVmh6VqZ7Q2tV0vNRqn29bV4ROhPUHNSpUgWlkl1aZ5arqxLwDnvd2xRTSMGIzruhLvd1OE9qqKK9A37U9bhR+1GjulX2xdqUqaF0qZ27QgdNaujQ3Qo9aoN3sItzMGBH9BFVhnadeSYlqHQw62SNw87XaR0zj7MFuj6+KCCdXZJDipfBPKxbyWtRRK5B7dgp5krYjmW+tGj5foKW9UgVj0pQIa2PhXirWmLBkWQOBdcZ5bZSTDXShUtrGo79Br6m8+2oERCdr67xc7CcZcKysKNh8RYlHESnHk8djOqx7A/J+8374xNpluMVBSqjY9Rlf3rlyxvsHgEvb+XanJVdvJSd7fKRQIbOipvihnwDjh/N9TvC9zQZWMHdCSNeFlVlgMLg8WhXGmMEm3GajYFF3YD106aEsxEaZOhsNU2eVOKMPEKvV4uK+CmFg6Sn+RSmFPASgC13JhYH7lP5DOA+U7fXs2OwfKcHD7ejkygx4BRgS1fiaIg3rl2re9bUa1BgYZXyBpa8iwktIwZvhjxU83E+lfs6Gky2BFuk6zXO1nizqxr0SajRsgTNQ2922ac+Bpwjx4YV3GtWiet22kKxBaXV6WXxUaguzi9f5WjJ4JZYp24Gb8CizFxoMR55NE+a3WcIyy+sB4n6c3azeI3zBSxacSDuOl3Ix1qQHlnDx/mWvFBndiacJcCEIojgugeOd7gw+2BdWNUK4l/Mickcpj4CjupLGAwycl6Ydx1AuiNnrhsz07mBdcbJhO5itxMbc5dRMXcbD3PrkTC3GgNze9Eva8a9dC4kX6xL6BrqF99y55EtnTLxRbOEyqRfBMttx64EicAbr9JHDj1jVG45OiXAWxEUkRIqkZuLQrm38SedIvbEnISKtVecyS1HmHT0vyOqpF88ifsIJy9PvlO4qB1GcfsH2i2MRMAmwio/a2k/X3X68t6N+4xvvup1n4E02WvRQ8IPDfLdmnOJvtQxB3xP63CS7o/ORzLlY5Aw1/fAZAUfJMT8DYzfvc5beGUUeE9Ve7Z9R0W3T4qWUV40Wfpj3psku5ptsObapOqU3x6jQgBODYAaLXXKVAlGF9zCg6CF0WT9m61AssomLyXyaYlTN9G0qAtGU270g0221WCWChxc6xy2VFMP8tK9MLms2vSRy7Q8zxRovw7hQe5RHyGn7VWW6sF0B99dtYTjtQojsSPH1qKagMxdGs07z579k3HVOk7Fvi72M2bnALc5Ie3bdJC117JZzMyG7kLwvF9lS+M92mmtf2ttNmaYQQextYppwklys+78se4XrQ9pIr8g5Dv6RGz44LwzP1qdKu+pnIEYWqKnI5yP5OzCE3cywiNT66abfJHNR8lf2niY/eLJ3/7+CJGgDAB6dE69LKarmbwSHtZXwgmz49G+U+XoJZEA3PWIAH7bf1bFnJujGF3kL6A20ZqZDL5A2z/ZPZceKBKrIvpqtMV4l1YsYwisbL/aLgl631H9w9aG4Hkt3xtIV4Gx6WzzlrR9CJ4zMDHhH7w9bdOGpAZPbEzOJuNuWGvvofFJV2PbcTqinVUxznE/0MiP3nHDGScDS+hfn2rYYdSuOp5Yq2UTI+FV0YTRLz/tpFPRTzI+gAZ1prKEi0U23z08+OHL49rHPgVtDhBrSfqxup9kjbJAHiK8GTR+3kLqxTsQDQqp0Hj5bogAhjQsr7FX2X15Lg+ef8sBIVgCsnggICqH+ijhweuo5F5/BXGbVIajTPwT9+XiHNgdZN3KR8QWKGoLiKZAX5TNTw7bQpmhuwui+lR9dKPUbMcNH6GUrrXo85b913bN+IcH3TB4mcD0GeSfU6MgrxSO9o9PTP4sDZCtrWHX+IA0hXhkWrAKwRSahp3milAG9pZZvqwkJ4MtN7gTtf3Ac1V/R44kx2jZOelcYW8tXL/6XbAB2yfDHa8T8ebNDb9mTrjM/LZZRJZccG8OePdFHCdLd/Si/nATpb6e2F25dh+z6ECldLlMgSTb2jnnFU8A56LtxN6IDlzniNCoQp168nmDAbfiB2CDIjcUQL1fijORPLq1DWgSi93cxvOh7ehQY35NnjRr1cn1RhiNphsVLy3QgrBfwOGuI178dIOHNZ2M8VrMoLV8DbUa8Mhhzemo7MenPqkdQSkdlSeno2ondaS149jjqt3Em18Kgad7q/ibR3496VuMs9206/Lkm9ItMaU/TMSwiv6s8upCTN3lJYhWBUj9mpUFsZv7aczWn6GRmrVRIjWrvURq1t8CNWvk86uV3zWfXwQQjwDiEUD8oQKIG9B1EUo8QolHKPEIJR6hxLv7EKHE2yVCiddKhBJvlQglfm8CInWJUOIPG0o8wlrbS4S1tnU1wlpHWOsIax3WpghrXSv34ZQeYa0jrLUuEdY6wlpHWOsIax1hrSOsteNXEdY6wlpba4uw1hHWOsJaR1jrCGsdYa0jrHWEtaYSYa0jrHWEtY6w1hHWOsJaR1jrCGvdt10R1jrCWkdY63qvI6x1gDwirHWEtY6w1hHWOsJaY4mw1lAirHW7RFhrLYcIa22WCGvdLhHWOsJaR1jrCGsdYa1dzY6w1hHWuv7N7xXWmi9buaYm9HE7LIFgi+u/6oJiPrFPaXUSV+ukG4vZCmO9R9XwZ4syL/CeRszwWgPNwY+A2r0Bte8TAPo9AveWON6nooeUh7kOjPc6yN2yooi1HbG2I9Z2xNq+N1jb6WeZmP7Nl+1vf5dI3IZMnn/9je0Bfza/1+chKj/AF4NN38OFEXG+I873bw3n21hoX++0B2KDC63XUos44hFHPOKIO5+OOOIRR1yViCMeccS5RBzxiCMeccRrJeKI+9ofccQjjnjEEY844h5ZRRzxiCMeccQjjrhZIo54xBGPOOKe8nvDEa/d17UvMWuP6guF9o2AWX5P2OTeK2D1VEQwvxEE887LZn5sQ+KPaOitEtHQIxp6REOPaOjtEtHQVYlo6BENPaKhRzR0s0Q09BtCQwdkXU672CQger1alTNwUVwmcEpspKrSQSldQiTXksCdAPAXnwIoGIXjI8/xnteLbX8pTgRndHDVJ39cV3VEYUg0TXZ17oqYMs+oKRCZc6UeQoNDdCAHBDXfRKpF2T2Tsa3XgvmNkPUPHLIeevIDJNqJRQER4hseR0vV1xzOyzTHfBFE0BVffMI3+BQZITxPMgqAH4WPMletBpprWHOkI39A5A9YRv6AyB8Q+QM6sx34sQ15eiH3BWRffQdRfZtQrfUalfuoMoKATaxyMSvyuZDWhDGuM9h2CItZ2n+EiagBTx+FzQYzjDcDBBIx6CYQOW+jyWKaavVODjYI/WY43SqbpXMAhaR15Hl1o5kqzVd2A7EP+aUDmmi4uITCSScz3Ry5ekFeQgpHNXn6nMH8PtE3Svw8LCZ/zdLp8uJqgKnHk9XU/NAYhQHhrngql8qCXaW4TFWAvBGwPCBR06ZV5ayYMO2HLJVxDmGlxdnyUlSxfZGWE/hD7n0sq+pffDYLyhE9/TRvJFSmRAcGAGrQP0LpAG4NJwHMhS7Ug4OqZjIh/WvAthcNeXuFQuZpfas1ktDQgQmjAo1Z4ZSmpPLnhui7zd+DOW3AjYVlrCHR+XIpc+SNCTAAeH4emTfpPD2Hj9RMgESDs/zzgGQhRgclF7Kyk/N6CwgjJAMcXwXLCi45BpQd0MrWUjBG+nHVWjfBzSA5SKUPEfTpmPdOADM4n0KGM5wGddO2XtYWvZ4lL5Kt5J/dCLi64GhfZNMFqa4ZLNeMIeUJ4diEfK6S09XpKYLVCluHXfe668Ul+M1Vesq2fILV1FN3Q5zZcrLYsAhqU1sjp+KJg8GqfYaNAj6qLxipY1O6zTPniE+QoSHA6l0nHkxua68Dgk1qlRs3LKnRRVxXaLnj3IUH83ljIPXTUyu2bbMcNFDMwUTKqvnjJYHjDsT4qom9lMhQlTCbvLDmurwtlmLn/4vQ2c0tT74P1ZL6l1CFtHK+LCd4TXJlKvXaVppWTUXQ1RzDpPlyx315zQ+HGDZUFuB2KsVA/8eTn9Lhr8+G3/785Kch//WF/Ojpn5/8+8j7/dMvtsVDT37aHf4bf/bTUP39YfTzF0//bHz39B+7rtVCw4EWxTT10Q/I0ndSy3pbWPk4yfV9nryEqynU7rn1A17RGoDzhwXwRnwSev5tJiYEAIrDllKIg781X7NZfoTdgZ8ecA4PuSA4h2dVqsUg39Vd666QAz2rBQJuDA0tbqxaFVwEGwXghJcrZVMgv4I4HZWzmuUa0oK5lEf/FiAE1TWbkM1Xs67JNVQi7XxQju5m5r+f9Uu+szZ3fUZhiKtdJ3tb0pnrNdkyvnWp+exB46PjHpIJ3b0J7Uu7bmrRzMF/9rvjk7vVWKjITeeuP3LTRW66yE1XL5GbLnLTPWhuOmN33Xn2/CtX/HvA7hpZ7q7NctdjsNym0CaGKjLltQvMjI0x5Zk+EtfZJLLpRTa9a7Pp3ZLK8LPytW0W62ORvC/pT95nqWIPEGKhOZPmbdVEfSOJB84LjjTBK5VZ8Uk6CgHm4/PSyIMZJYdwDoJWZWYE68XqFBef4cao8vNq27gS3z6dFqfbkBRFwZlgNReVUDbbz8Hm+HbnmyHfrDBezjCfD1+KnXOoFt9oRgECM4j+lEAprb53WjPXxC79bfMexqkUNhki6WMkfYykj5H0MZI+Yomkj1Ai6WO7RNJHLYdI+miWSPrYLpH0cWOkj+vDvP9uSSE3xv9oj0IZSuwe2zcGK5bva4vghpJe0vLN8TiF4/P79l29+m6vuGzfPKlvLd9QuqT1qwaNl/6C3al9TpiR5tIiqUhz6a4m0lzeX5rL6FYzyvqLh3MpOhaMzLg4L4vVouI8h0yBlJsEIxQELR1DuXVbFoI21OLjSl6kqeSLH3b+gu9zhsj5/UgB+qDVxU3FOPFwtEOYnMpfV+sJ2dBR8rt6zepbvAqDbe1WqX9yQPFNECi+EKWWIJ2GtBG/1DCIjHCiiuKJ6tND3TH7AAq/B3PADNCB0zpqJONyUeG0v2Q8erFxDpKDtiN5oLKoGv98vzgp9hy3TFCUfTQwzaFBcpTR1TrydEuDZ5Acwj2nI7zbm57iCNJSTl0Z5wJzEa6jU/bY+hPwapJWbJbgZj1ijeQSf0gmSnjcVquHHRH7dxC/BWW9GK6eQVzXCdaCEhqwBSUo7LwjcAtKn7G7lQAuKCdkjGFEEDjbISiI++r7YS2q5A/f/PG64gs5DOvSR5KWU3ND02rCYeMAbUmkuEQ4BWFzpRBcvlp0ifYVho6QPYfeJOuLcqXKxelg5znFemCzWiEaP33+eWR3Anw7aLQVwFlXqNkmzZjrZkEDA67cQBXKS7i2ytO2aci6snsOdGHSRz8MbtcWTMUf7Aelz3QpZVwYbxlp4yKbwTyy0lx+/eID/bPmsCwmqzEDZ6j4wOYWDiuWA56zzzBymU6cEsY8o6roQzjpSdf+TAXjQTjwEJFYGrFKfUMOoZzIekxWVCO6qlvTtEIXmSHYG74IpRGh4Z+MIZmBOiuQk/Z+NjL7Pgxe/PyF8c+fn/7Zl84XpBT9UXdQ1o688wq8IyoPSlcC2DDZgtdt+R/Btvifcbm0dAkHTAsV5E1FBPZIWL2HGahBmB/+zLvA+Dx6lM0c5/ekcJ1fe+jQPGF+UDoz/jqz/boy/fpm+Xma2y+pr8PbC+V6Hl+XSIMP/obXVx3vHZU24R1u+MC/4kNuD/E1f9KW4GoxXBZDsNG6/CctD2qQOHX9jmrrkk7kSf62xOpca9YvWh+SLfwCG0gfLIsSjmHGJ6tT5TiUQ4YQTHr8wMqSQ4RBTsL2hiiV1oiQTmk+SmZ642Heu5O//f3RcDh8ZMRwgRsVYYAqvOnl6+JPO48wNiR5iej00rOwRxiT4slHJt1wi1ZXGIygRBCJBarL5yCj4TgdwjH+Bbiy82F1VQm1tU1/wxXr/HwIP6Qa1H3gUJxORqBVTlf5dEL1yUzg5NOz0c4fRjDUJjUr+3dHQhtRd2T04AsTr+oRx3poqLDm7x5JEk+8Czfu/8E/JWbQ1Yvkx+z0oig+4qeX9LccyfE0F9Y5ebGM0aUkQHO5UitQDlzFkJ9qPEQxGab0jAcWOP7b1FQ5SXXDjzK4w+ZRV1NvmHzaMf4EFzL8G53IL1pyZIlJKTNFrPz3sCFcDi+qAaLClvC9+SnQvuM3i+mqTKd6MEjOF0WJRCzqFTMCbgEXzGqalur5R7CMCliPKuYE3NqfjP4Oa/S8GAP8EtAd56rymrY81MiFLKH/FBu8uSA1uOIjcyAPmx+3TJXGmxTzC1nMMu7vJCvFUQCPdNt8h7zNl77bdOcKaFaWtpEGwKvresOMT7ra1E6CF02qinGONzR8C6DVvkNC/NNaK36ofdbVDsTWxbg96+tnzteTEDiydzTXGeDUCqjXSAtflHmBeV/qyNVq2MS4ulLqnCr7tJNOhbiJLqYaX2QzxcIupuRcHEt/+PK49rHPC2DAAcPuTD9UJ3mVDIaHXeNnras1PDdo1Ch1gcbnL3WPVmZ4eWbcWdkdxa7AX78/AzpvAVvgmQFZ8tQ/6chW3jCduuwKcyTwr8qIrwXNhxkE50BkLetWoaUcmIJLH7Kb0RVgyy2Ag32ZYZQsIDiq+sgH0WzHDUdeKXvBYpG0zj/tiE7/8GD0Jrp1mSmc3CNqFKQ/6Wj/+MTkl1d0S4b70jU+IE0hHknTpOA2hU7jWHtkCMrRxbc6neVLQgjNqqWNq+klmhuYR7aYpBbknQNPwusdxZ86Rss0opoPt2EoWozidX+LQRguoUyaCBSh6BMe/u1u7+Wm+bY3yrPtvwMb+3m1gy9Rb4ZH+0b4s3vyZnewZdOmEsqS3X0hGcJGdX0mqhCitm4GqnC//m0xT90t69RdM07dAdvUraaf3C7L1NoMUwGLy88sFb6u+jJK3XkyShg9Qzhbplc6fdmjbp85KlAYHYxR/STSmynq1lmigm46AtmhwmVzk6xQ9zZVJUjYXiaocAH3ZIC6dfanMLQT38VUX8an9klIfRMkVSRerqE910mZtWUznharyRBc2SpWiV7ghGNcl6nZUZ3prDkWQwPLqUj2auTT9qZ0DEsIM3a4NG+eCXuTDNhe0Xhmq5eV+pps1JJz2tJgGwv1NWE6XDzSwTAdG+aNvjG+6B4gFZazfLc4Ns7hvCZ3c0cQfcfp+Hon4w5N03EiDlMyt3ESvrtT8F2egG/59HuLJ9/bOvWudeLtWDTuk27Yeulzwr3j022HJNyn2jBJ9DnN3u5JNqDjnhNseO97nVxv9dTaiZkXcFoNk8NNnVLv6Qm1Q7DOk2mYMHucSG/1NLquXd/vBNpNY9stxdunrT25uEW62hugqfWMrY8JtXsobpj59PYZT++O6fSuGE5vndn09hhN75rJ9FYZTO+OuXQjjKUeFeVkpOnWT9dnoNk884yzpy5+FTsrjI93xc8Cc8MELMHkK5OJ0FeVzenSPbDqx+QykmtVfwzY7+ew/fKpO1jnj4tFbZE7vEja2l0XhpTFtUtN1i51E35UxiOCDnLkRHCX1wIZpZ8GZdbzswrghndzz9uhbA7MnZgSrS/H71TG21+Lagm2rjvdbZ+ZZg8OwYtyMJf/WrMTfnBybqP1u83Cjv92+HyqIDKfSOQTiXx0uQY2RCTy6eaGifQ716bfCclhj9Q5d02dE2lxIi3OtWlxrmUxPlyeGtPvwB4qvK1MmjQkS0q6m0o+EquM6gwlMmxFEdjom2aEBBTL/7RQ4CKKlsTWaDGNp8X5Obp8RW20w5JLZEGbpv+QyCYO63PoLO5QvBlJDh2JBGk4nq0SrGFGKlwXcjGc5Z9hx1ktC0SiQV9DYfc1oYX0BBeLNJqFOSBGBWYzrBl5vy/JYTiiqJhlS6Sit4K2nglNncJNPb76siykf8cYksd045zoXdpImrDe+9bd8QP2k6Xg352vxKxAbxLf5JhuP+VdtTUVtKycVjwAl9IUzecUjSDU1SkmezK+nhi7JULm0Gy11Ao9G0hVpYZpJebKAnSAdmOb/SFJ2O/kFqDqGLRQ3kfkyyqbnomGookstjEe6lleqWQcO9LnLtwp4MSDZWbOu2IsdtVksio1VhEvKLWnvzGTgOuFdSVhWKYVLWMVwSDXIjvZxfBt85pS4KG2OlWHHyNQ1WLVL+RowyRJd6SsqtV4nM/HywZ9kkNPaYjYTi6lqKCigooK6i4V1IMj7oJD9HvK7u1oqPGkhsOrtItHIfgb0rc0s3Fqt+G9djtjPCPAQARhRGRBPGREQ0Z8YxYvd4wcjZGjMXK0XmLkaIwcjZGjMXIUSowcNUuMHG2UPpGjv1vqLHvgZRCflgqUcPNpJcn+6HwkE/8GkvBqYAKjDRKNhHbbkVvSJKn30DCUjTCu0kHWlaiEt5Z9P1KkQ2ZoV4r/whP46er01MrWBeCg8oZHBQvhkaF+CLWJ/ACvEchSBo8JR5KRH4QvKMBlIwZlCLdsyfv/QwcRhOHhMe8xEv2ANc/gQoo+kciaxkc2aE2Ne9kbAJDjLLimJrRdO8SNsODqv+qCt8Poh4n0+FQ5kj5DSmXdz9Bug8Lul09DTaK3s0WtNbvndcA/Bb0awQ4j2OG1wA5pN4lgh7USwQ4j2GEEO4xghxHs8DcBdmjAn0TYw6B2RNjDCHsYYQ9RJhH2MMIeRtjDCHvoFeF9uBoIFHaEPTQf2DDsYYTsi5B9nk5EyL4I2RcDr2LgVQy8ioFXMfAqBl7FwKsgcd2H01UMvOpj10fIvgjZFyH7ImRfhOxrvz9C9kXIvvCeRsg+62sjZF+E7IuQffUvI2RfhOyLkH1miZB9EbIvQvZFyL4I2dfVqgjZFyH7sETIvgjZFxGxIiKWpd77iIgVIfsiZF+7eVFBRQV1TxRUhOy7D5B9BxAvscbuIH/L2cYZ3ifkk2p7BSETMLNW8/y/VgCxwRK4Uq55a1Ruv+ANvGXE/27/A/yqVWNHkKoRCxMQnQJH5l3jJ5AlXdMW0BD3MdN9tAGnsS2UoNUCSNuEy3vbi9cK+lNRjUerOcyb8Linl41fSggIa9vEH2WxOneFTZZcBeAZLMkj+SQDTBzVvImYCDujr0bPn64X2wgzaBreue/xeX+X0Nn7eIXxo8PysaNr1I8vRzvfjJ4Nn41OF8Xoq2E6m3zz1Zo9EavhsCw+X4V35rEJIvG9/L23cyN7dwLaNs2WPcRMP/A3ZZ2WsAUYtKacnp03shJ7uzCEmrSbtjhrcTyOevN6HkHdZ7qgmHOwil5naTmnczrONWFGPfn6qaNSbsEwn5DmFOtFPP+HUVGebwsLe/UZ/jlcgOUIf329rX8w+np0sZzZYhQ65czXOPPz4yvRl1mgDn0nf5XQzzamR4vqYOa8Sqg1491xgo96lvZ2thxvF9WQkVS863svO82FbfXd2/fbr0HYyR8wmD379erpesu8QsG8f3+9GXysatnwFNZLoz5l60EB6tJAmAFH4tV/RaSDaunyNsodnxIeRqJGYfKit1Ts+quZhI/ZzubDVbUtvv4gvv9QrU6VLD6IqS1GFR7d3tmGWb1dXlQztEb6D4Pb4zismQ6Wr2lHt3zh2HAtT9b2LNv3jZ3A8YhWyJYHlJ60fNdY27YnaLlZvtHT12GIWt2uETtal5jCFFOYdIkpTCyHmMIUJomYwhRTmGIKU0xhujcpTBE7uvXDiB0dsaODRuJ3jh19S2jBXc34fUNH3xcA7zuDsJag0KeiP4R/sw4mdB8YaFlBBG6OwM0RuDkCN0fg5r59r1USgZsjcHMEbk4icHMEbiaZRODmCNwcgZsjcLNXhPfBLx8o7AjcbD4QgZtrQe3rAjfP0s8S9fj511/aH9HAyM88A/KwwZ+1GL5pSyFCQ4dBQ9cm0zcbE2OElbb3M8ZkxZisGJMVY7JiTFaMyYoxWTEmq11+3zFZCAkNCQJ8K38dZOl6Nepy+aK4TOCc0QjCIkM8XS4B14mgYgCh1QjCkdjQ7rRYzCRJ0jM62GTm1XoT+hVCp5JdHb4ghvwZNUGcNcsr9RButKLhOeAw2SbCHsFZo/mw8wwOq4XYDHoFVUUs73uG5Q0t/gFCnMQkXoo5dM1xsVR1zeG5THO8+EeUZ/HFJ3yD/eSOYsd3UzpW4KhxlWrguIaeIxcB0yNgegRMj4Dp9xgw3fDAfb3zfGMeOEAaBVlW30HUzDoqrl6DETetw3FNyF8xqvlc9H7CiLEZqHfKqZZ2EAGjaPjADvgjDfQ3STCnWQyaCefL21OymKZavZIjJfu8zBiUsspmqRjcMc97yysbzVKxj7LZ4u8r+bIBTRBcBEIRpJOZboZcZSAf0eujmvxszjt+j+gLRcIdFpO/Zul0eXE1wDjMyWpqfmhIe0CR85ZK5SJmlxeDPXE8o97QoQYQqQkUhCNYAQITDTaEYRVny0tRxfZFWk7gD7nXSEiff7Ht+Sgv9LDSfJA4OBJDE/D9QC8IZQCZBrhuhKEndJMeBFQBkwnpQQPcuGjI1SoEMteaePAK+hUdUiB9aMQKpyhF0T43ROw2Aw/mtME1FoixFkRny6XGr1IDPECMEhqBN5gXXhojjWnr+WeCqYJRQEn5VmZyXn8zjjbl1cu4zApcNIw2PKCVqXtdB9dqroPO11O/pdIV752mY96jIB77fAohnHCa0U3aellbtHoWvEi2kn+WDXWq+YtsuiBVM4PlljGgMuF7moCnlcqzgKyKegIFoEJdzhH6n8NVt+UTrF4sCAm9uABqU1QzAqDFzdCsqeccmdQnvNSBKd1+mGO/Dka5qvtkA0iztcoMT3ZqdAHXAVqwOOeQAGDeGBD9NFgf7tvtgwYGL5gUWTV/zBn1A8itlxNyyVdqQm4rPyivWNnFMgMwI9HSxhYj34PqQv2LAMvETP+ynKBb+spUrrWtK62aC9bVDMMU+HKnfRnHD/kMAioLcGOUYuD+48lP6fDXZ8Nvf37y05D/+kJ+9PTPT/595P3+6Rfb4qEnP+0O/40/+2mo/v4w+vmLp382vnv6j65ria7wgEUxTTcBhi3raSE14+TU9x7y0qKmyNxz4we8qjJgjg8Lwl8cJG8zMaCAxAgquxAHUUu0uS4/gvblpwYch01H4dNMmOq5UEZq8sp3uGvbFf1lHEjVccoyMw/wvKpUsAEoYgDDLFdqT0YUb2Htl7OaRed781z2u/+bMfNrzVdn85UD0QeycqTInA/I0VpvnvrRnmtzzWYU+VykYuEf4P6SfNk+AbiBnxu+VdCc6GD9mF1ZdH9XG9t10ZtnDcKi3xyR043EQEQSKOtrIwnUwyWB6lgn/FC3eXLPyaQGBpXUQH2+9/bYZJkS/1xvk5ItcT6gG+J8RLevsxbRzs5q3M9Exqz1GLNgneJNQFbtf17k5dWe+HMdzWivSTY6w08wMbl52WD+0Kkm1QUMOkQkvnjdrabcw61KroXwq229SCoWScUiqdiDJhUzDIOdZ8+/soecb8Y0iPRklretO1g3a8VFirN2gZmxMYoz013YdhtQiTRokQbt2jRot6Qy/MeJts1ifezWWNdkhN46Zr2K7rP6CcpsSpu3GCngHxAzq9O6TZJ3oDsYaUWbV/IO+wIvjyZGTCQCHqH2olA1sRogrAu3QQq+4qArus20+bX9hqsKCTyG37vN1rDV3K5NxbBJ84+cidSZMx0Rxc3HroqfoGsQ1wCx+LgMOk4VscX8ZZ/HYld2e/qvORTSrsXWX6RgL4sqnKMAJcxK7Vh/MPyvivJtI2RwI8PXVXd7MM0Yw9p8nOH+S9JwvM011OagOqIiu8aWfoAhAxyhiKchFSu1qlbogcZIJwhYOT4ABTvNFFh8lbSMiaWEFmsXTI9k56xyY5IHMfllRGbCiPpS7S4pSPIXMi02Pz29Y1Ld3lz1qOxIhhnJMCPXXB655tr13hrXnOU5k/CofkU1Ud/Ibeu8YOPvlPinPqkGJPPs89LIOB4lh8gEA2HgZo7UxeoUzzLGhW6Vn1fbRnDq9um0ON2GtHFKEwJbrqjE2W37Obhwvt35ZsgxVkMyqYf5fPhy9/BgqM4yoxmF5qKqkhBjrb53OoeumaofeUSjbjeaF3V71O1Rt9+Sbo8kqpFENZKoRhJVh6MhkqiG9ySSqAa0JJKoRhJVbzMiiWokUe0chkiiGklUI2BfBOyzlAjYFwH7ImCfUxIRsC8C9kXAvnr5fQP2/W5JVDfGl2pPFxtKJHjbN+DfhvXa8bVFcENJx2r5hgAT3V9ZqyOWR8sXHP/bx2HNGCwdgpdILedlsVpUjJOSKRIwCdekb4PwFmOCBpRlIgl7yLgWpAhndWH4w85f8F3OdOROtjBnklOrXz66MJkB1ZhuRl5SVcMUeVzVY8tcCul7GCIzywesE7wwNCKU8SZmkLxfnBSQfDbQhF8vmcgMvz9oX98M8LBGf7q2ZPGAwjySM3CQHEI8tDOA7cDoKv345UU2/oiKJC3PM8a20YB3AzFNqiIxnj1ejSnOb5C8AyyYo4xTASY1lI+SJ5GrJbsKCmuqAEA4cU5eVmodhU6a7wk1imFwDvFRnK9obJ8VwLaGtrMNZMt1bLEiSLWghjrgpQbJ/nI8af77TTYTewF/ZBeDM7MOiiO7TgU+ywQluGyEkMkUjjhLN1gXldrsVtSgcFg/YpPGNWLdRHJ9Eu5aPfTyuNxJ4h2U9ZLvembfXSfLDkpoph2UAO6dzow7KH3G7lYy76CckObCVC5w3UA2F/fV98NaOtAfvvnjdcUXYtrp0keSFhuwsbNpjmbDHLSAy1wiBOoyOU0h1Hu16BLtK8z5gXSuMZ1mrC/K1fYptPrOcwpHwma1cmt++vzzyG7SfjtotDXHIBJQVhN3uDcVNEDA5wmqUHpB2yovU30JWVd2O1iXWT7PZ8IWdVAGUfGZzbr4szSh9JkupUzo4y0DAU3Py3SGMWY6BKM0l1+/xE7/rBEW9WQ1ZtBbdfvRNJtgxZKLTEfFyaSw+UQiHFfcHHmh4kakgIIBg5wxCl1oJpn1zRWFciLrMXaE1EiL69Y0rZxTjiz05p1CacSC+idjVzYZFI10xkBkPxtoZR8GL37+wvjnz0//7IIogxKkFP3pklDWTpn0CrwjnRKKD3cEyjDZgtdt+R/BtvifcR3tdAkSpS/DE0ob6eUGUjkDQfeg3DNUvUA5+5IqoQQmVtKjbOY4vyeF6/zamZtJXzvyM6F0Egh6EdR0DXYUNSh9kNQ6mhsOpObpmPWL1odkeLxAOD/6YFmUYPMan6xOVVSn7AprseRvf380HA4fGTeicDuK4MkVel3Zdftp5xHewSQvkWNNnrH2iJkC7qBNovp0LvaD1DiwAhjNkK7wS6gun0MHhuN0CAeaF8kYnL10t7xNf4Pjc34+hB9SDeosOxR22gjke7rKpxOqT+LRJZ+ejXb+MIIJME1Ps6l8PUXkjMS4UHdkgOgLE637Ed+uKIiAbCkMvcZPH8HuD7Wia9pwxIM/RNhEVy+SH7PTi6L4iJ9e0t9S7OMpRD2T10TPKo5+N6cZNQRFwVUM+anGQ3QlYgrQeGAB18zJNjVVTiLd8KMMnMs88GpqDJNPO8af4GuDf6O37UVLlCw0KWgQQVGqs/WwIV++yZOukeOMGgVL5PvGF6/FZ/jlYroq02ltVEjgF0WJlJ3qXTP+Qkyc1TQtzZ+IL6pxAWtHXQGBL/CT0feh4XE5LDGg/yVkOM5V/fV4JyTOEDvuKWB5wMXtfMjR/EsTyZ78UTI+R3ukqkwOyH8KjYkBAep0AUDKwoyVipImw1H9w7Yd3tHAVDr0dNuelBhjjcwDywSioZZgd6G/7ph4ZJ46G6nqO7K1VrkP120uNS1EjCOPHEUd1uZhF51NmxhxlUqN0g8/7aTTxUVKfKPV+CKbpXLhiOk1F7b3D18e1z72HXX0dJdeIPqtOrEYk57seuPHrawDNJE0GLfKLWBTU6UYcOCbETdj94m54mT8RzcQgQXjk5caIExSF6XPTh38NbyWK1aAXJyVEZoCeg3zRM7n+a+qbhWZwTdKOePc0akHs3caNcMZpswwxAQIKVR9dNxqtuOGrznVbm2xB1qmXjs0wj88GApBQf2UU0wnQTUK8uh8tH98ovHRTZZe7alxjQ9IU4hHxcDKrPVsPuG4LgyTxQwgYZ3M8iVlTGUVZuw0q32J9gRinVDSRfOBAw8o0x2FczhGy7SSmg+3IVzZ1HAMLaaw5XUE3SZ663HWWERu7/d9YnZeMyGUKGIOC6Hvu3KN3Kgs/Pua8lrQRxJOQmW8KJYh5opDL/hEHI2BO8bhQzH52raOhCoqZlsjC8Y4fzdItt5ml2JlbIm/3gmDV/zVqtV1hUxVWL6gKi1f0Bv6CL1hMKwj90YVCtCV/JGGUcDkdrg9UpwKsobA1RtD/cv7du3ZQiOgayCeJU9afNyGe02ZTuBtLiCUsILwU0aQv2rH7hsuVyegt92HKm2/9Qh76LdqVSrBSf0gn3AiguLOgEqa2KUmwgwHezqvLoRQlpcA7qGg137NygI9lKu5ClHspCj0xmn0FFYllt1YaOx1hCV/y5DTcFxEnivKVzYsT0w6pumkWdhYkEAUZg/3eY0VgvsAJWTm4xqEbgi7NJFEXo2bYlSgLkVO5WDZpIeT0xhoLMH8QVc3HIU3kJXnj0ei12z/A/5/KMXb1vn+C1jsyf5nMDFqx1LP8DZ/UgcRp5FVo83usJnNfpHlBAdYP0cBEW/3XGEA4fffnouOXU9LZRYmf4OzSN2G0NQSVi3MNuYOmnOUPz/sfCkijfEmJ35tTNXrXJ+LmoL9uvBWdQPOS0Zf9Kkupwux3hyRo7LYTAnj26ArT5baxi465SgY15s4To8rRnkT8/UiX1AsO6fZ+geACpkLsnqaoQdziLdZwv/2MTECh3OvyCrxKX5ybflQ0zYlHVaKOQJ6omcWN3njXFKNJOGPkqR4+gDB6qir/hlh3phB9agsTzP01tBlla1+lp74hym8NV/Fr8Hdlb6hQy9RZTHcQSr9h634ynqZZeV5Bn698YVvLL0KidsbMtzdXnMqLoe3NWJUlu6LCbFOnN/J8XI80Hlf0P86oKNLuAu9NrzOzWK6F7t0aOfohC0zo020hczSBSyxv8FOgbP172Iy5SVwf0rCNvM7zmg1qnG+aIHYeWJExU8zSt2C0BWCvaNI2PouDVx0AG0G+l5lFm6Jf20NPJFf5jLdOphvDRSWXm3xqc0RM1m28LutUe+NPQAZdAMh1NJUW8eKlb/VPC543sYNlH59mtXpMWoBsvLYlNuyeYT8VmdnwtKHEVRni5TwQDC8wQpD2sjUQqt/jNdGBgou1GLQs8lu9M7lsztUwuVn1mGAjcwnaTlhYT6u1BN3lPcgX299e7dB1rqOsz7UQztBCdo/wo0Bo41sD4gzpYwlnqCSIEclaBq442QmcCREVE5KBGS6slMiy8LUwIoSdVkUU5yjWCuqkzIT3co+mXjMagaADrnC6Ssa7HkNHiXJZzCfGO4INAMRzBOdRRiYjvGXfIzybeuNaWY/rQHS+VAc2CdiKmmhOmvt3CgTmZCR2V2DsoSPtVkfD7Zk7lIMqJK/iw4BRJ0qxkj+VAw7pbd7XoM+yXdvX/9rcvAK68H30VYDGKfkUxZjIHnZfaI/OGvgOUADB9r3KabMqjQIqti7LfWsGGTKDPKtqIt0ritcpFWlMu9p6mNlGMeOrgIABtOrgLP9UWN/9vUE9kDFRE8VgzRQ0PBiTPPlmMzVFLm3GtLzGcIY6EaRq2L1zgn6isdxij5d6SamlmpicyG4WcrMytgsz1u4s0xFTPPDiszlHD6dUivtBzm1JiR/Si0fGC9wkYDL8vbdCU8DMRxfPfsWmdswBVuTkmY5RvLxY8+f7SQveRMUJs3Xz57RaB75omig0EWLAi3WQY9qHmAfxibq31mxmiuoMYzZTqfTgpgoFR4xzlqf8pRcjkDq+8Tg20vPlhyhiFVLyD71wiP4xXAXn7oQIkGKXc+LdvG8z0zN+VkidQV0xutrlOWGt2SxemaLglIOPa1wIMOR+gGswjEuND82XFq7tnV3OmBLnnrOJ1Du2AqYto8q7A2wOlJNkl0htaI8T+HaFp+ToSi/+vTIEwwKoR0aPU1P1TacvIEzPLpVlSuT4hLQDlY5LEz426ESOXhno7v71HcgC9rY3cnkUMKHDZWN9HewAlJoDCpKaZQcaGBMJiIH5QfDqw4GkKi1vPBAikFBRAJ9loD9BnTZJcBB0L6LxAl4oWzqdh1fkC7AbC4h3yvxkPFBqWGZjpQiEj+epWUO2mku1ABspsidhj2C6FSlIHg+miCjXv+ZDKnzzZXOK3Gz9J1YOp6+4nz9B6ThOnACoPSb2IQXYN4G0yc8wTMgyLAsgFGyKzN3dC1WxFpZ6s4TeNEWs0Nv6SooFUV/wUdWoQmLOUzRRjiNb1q8FRMIkmdZ4+GZxrTGACkY1OOEnNO6F0Nto6koHhr1M6c/DsoS/T3yddI05pwB3/xlwabJ3tvjD693/7L/+s7WhsZweEiLoqAMV+mR2cTSaFSp7nD41k2O8iRbkHKU95kc2QUW+e7r1+o5NhPx55AI63kzntko4ELi/LDXS06pc3Fuh2S8MezN6KdSBwCJjQS7BoQjY8NMxGvf4QYTHwlLqbxSQDrY5iZoVV6ZdeqEcgNDmaG5M/pFufImKZwg/NBYTW1ED8QTY4EcnaIvnMSp4BDuy/zsvIzoc2X0rjbttJ83m4PNUGNREg0GDMqrYqUDdkBel1b4A7PIOborn5bTRqp4nq14XtZ6MZWxWDjlAQzLqw4TPMZzfDRpWklXV/JZx6jcS+gCJeRiFkoX+pku18NB0yXwqknIY1qMP+II7zm5tTxN7Jg6UEANYMbV7ts9BS0GL1Q+kC0xgTIIdp9PZCO2hPDFiUgcJUpKfu58ja5Wr1jWWDoaUhxphpyGh55HwA2courorL8GzMNLsmsUwGuQBYV51M6+rEuHrEuFOLb/QYtoKGmCOl8OxvGFMNHRHK/rZ8zdEosgJbNgeWGaFKCDMljVY7a+9MsVR1F3180IpDMfpaIuJwXpZp2oCd6VCmDZsmxSgQ0GA7qVLCDqvzIXBg69/7oYCubtX+bCJvrq+fPkyfu5WMIAp4de430xG5ZXT414bnIwhi02O8J5vei9otcqU0uoARGFm5+KvJY7UqcQfAA+6/bMDRfn6FOA5ugDIafLHYPJ6RKsg/0+ASp9ZdcHdE6XzYNledDndAmWlBM2TJe+guoBJabLDcjJiSmmS6CYuoI8oAwNm8T7GEx07wMdrpxh4oILphLgMoPS526/Wbk74KTj5e1kAFnCJpmZLSARDJRHzEwhOM3E+SsvSvn5zM04CuWGNRw0FTH+PKnD3ZbvqQSs2sTJV1VGfmq9A6KbRJiw6TShq2uOURdfpotqhfENnnolgFmhfIV0GcYRwP/vv/9vpd+9gFPJLAOMnbyauZVE2KlgzDheFojm9WRUq9QqJy1FmYw7rJqolF0q6AJxx0FodQonSVfD8T6GrazumZdtSpF6IYcy0oZv6zBLCBPAVl5pELTRHsSOgBYtVj61QU3O0HwksLZQ2yf0aNfncLe5412PLbMT/trZvoDN83Zgsc1ydxDZZrlLuGyz3DJ0tlluEUbbLLcFqW2WteC1a7IKX6wh56h11ul6Z6l7dJrqJcWQE9U6UlzvVHXbsN5m6Sm0jms8WdaTXC8YcLPcKiS4WXpILwgq3Cz9ZXhTEOJmuadw4mbpMSgB/oJ1BmItn8EtQ5GbJVhigafxdc/jSeKOG1dP9BoNjCFXN1IwIPqQA99py288LVaTIcR5KJRQelFH1heauPN8OjAPhjooDwg/5d0Uo4dL+OeOas0LwWMxtLB8iwQONsfZuMwQZ8fftMBhndSq3LT0dc02YIIKv+WEXrhysQ0SD8RNjYOvznDQPP+q8CI5KHFdD9HBez+PWA/edMwgdMcAeTCD914BIt+Ec6dWoZQFf5hM6FMzm6aVSOO9jHqjc7VTynyl2l6Zb63MHIeizinYZeQHiKzJsuvx+YSLrVWp9PlwOFHD+dNIB/JUXGDcPEVpzBuv8fD8yhLmOQn1mmzGYxKoKQM9Jf2U5G16SO7eO3IfPCN35BW5A4/IbXtDruUJCVyE3R6QfutvHc/HPfF6BEqs29vRT2LreDnuxsPRQ0ABno3+UlrLo3En3ozgu+MeXox+8rpp78U991wEDkCnx6Kf0NfwVNyJl2JT57D1PBOAKbdXil2X0/s2ksfQqFMebJYIuprOAMQKh4boZzTLhoxVxmNOBXGtYP9MoCradt1M7lROMLIAg+/YaBKvfjaQZAj6ZcjPzQldWD+ntkJrxYKjpk3zWc4Jzd7Mhncn+y+QWarZaZWHS2GYv8DwjJdTemMyRNYZ8egv1zlgyVOJi+IbSvjQ6drkoNWJvBO9qOSZVGX3ct5t9zGpzudQBxSTv4YXIdkKmm96zNigrnM0yxj4juCRxptzIz9MtP0iP4dk2SmoRYTjW82YgsNAlR4l+2Thw129mEAVzjB5XobkLcBi9FCVMNmKUSV0U8kseQnhhsPVIpkW50A2Ql3XFUMmtjA+Mw1JDL1XyJBnaPF5AwPU78RSUNKmXUhn8J5ncGg5B+1eEmbG90q10NtGyY+WjthBI6hgWpzok2jesDgbLsvMGG5EhVa9HDTyp81xMmSBSQK+kzaEtkq7P9UvA6Utp7FMIZFigTh8DJVV35BwRSsAZCGvxVT/sYLTPCVs+9pBCc9zPPfB8OUVEfRMIJ3CGDaEA1ZS1yMFIGslLLnyI2f+UThw4EyXbiMGo8AZhQyRiOVF6YIw3dvrANY++DPw8FkTvcR18brmKNL6LMVTk23iyznRrTQCVOGnLsstXA9+smBKy5A1YyU4iRp1qSsc2IiWnNxi5LNL/Il2mJJn5+mUiD8acqjf5vje8NM6nmg54qzPrYdrZG+9u1VDlTld+9iFdmwh1rFR6SigI4ZRuQbkcQvCvgOBqfV8G2hVQ8U2QPzNEoK7r1mifAig60Onsk/7jYsir3tl1muoqTTeJNEBpUy8kpnzmCUBsF4KIag2PHGCiO7zcT6VYOTyhgXZsOA92qmIiXBi1Z8WirkqqVb50uAeaAgMNnJMloPaiMaPtO3CnkviWdUsgiMH21mwDKmCuxJhtRqL7WAsDfQO6UkrEzeSRZnJRGPL4wd9+tBssbVPtKQGQlGKnetVTXjQsVfOKTmqP22pXD68KBYYqquQdRziMYVhqa4uHgC7y6eZtYH2uWypsjG7Q+aypRZxIqsUWzL76DlFDeYdqh0mgxI2WlaWGPcKg2czJc181nQsgTnANFIUeLS3nuWfwWw1wRQQaNlSJx71nqB9w7gZYIkJeVVPKf1dXlBIlBm+0i1mGTjuz+1p9mer+SSFKwZ89WVZSAPIWB0nGjQZ4+U1b6ARXWx1TJvnLzPxlwxNxCWbr8Rkx2nBrhzTjlbHGFvTwTCWq4UH5FLiieVzulYhPChNBS3Gcolsg6RIbNNJ9HBQw1NJMQuxWi0WRWngNtn6RZKxrlE4BFa5QTRjTpJ8KWyCM9FwzFYuczkVZnmlot4n1nm7C04AnJigTcx5WYzHq1IiqZJ3iTWJSnCQXMy2GUw+B6IKF1s6ait1FWMwtPBBV4zoNi88BW/kXRiPkfZzsbJs376tZSXEgpib2STQPLH9pG2hKCBHCp+359ozEA96AaRU+bOGs0EBUPLnN2OthFDR1mRhZZg9myLWQBsRBjtUWHgPcB8lGlhlcAb20EK16sf9N7iKOjpXe9Y2wmBdqnGWhqSlc0ZXkl29s1cm+QHVpvid0ecDydIAw2Cb9xLUk7ADttCo3drkXAhkSGiSIcD4WkazvTDuI0GBQhtITah09QRtivQUGQnUZLzZ/lTkoKeENkI6YXuSnVD1BJ3EWTNcjTSKTMADrppbgjiXw0VapjO+5vUSDTAbdr39VS/Eq06CAadW7UepiHni9InkVDQ+spEqgiNGjzQ285hbWScma52LYWTkgpaPwoV86xBJFTQftdLGGRyPvdntOOKLazKZ1TBMoHXgJ3K0+q9aw9BkfAMzbyKtqipHPA8Jn1U7z7eboeBY5Q+gMtHh2aLWoN3zOv+c4t2OZH6RzE+R+dFGHcn8IplfJPNrj08k84tkfpHML5L5hco9kvnp4juqYnttayLy/EWev2aJPH+R5y/y/HGJPH+R56/Rp4vI8+dqb+T5izx/kecv8vxFnr/I85fcOcNP5Pm7vzx/kRyqVn7X5FARjTai0UY02oeKRmvgIEVc2ohLG3FpIy5txKXt7kPEpW2XiEtbKxGXtlUiLu09Q3eBEnFpHzYubcRItZeIkWrrasRIjRipESM1rE0RI7VW7sMpPWKkRoxUXSJGasRIjRipESM1YqRGjFTHryJGasRItdYWMVIjRmrESI0YqREjNWKkRozUiJEKZf20U3hL7oinrt8NqAfV2qOzx1IhGKoh6AJJc+b01AF65BvVC9GpA2/T0BvqUgL8sF5HMsWUUTCa8xamy1E8FWN0wtCRhMhz3VzJdo06h1DMBzbFMy1/BV2J4CS45cFmxcsCc1Vwm3TrJ/LFqTBuhXu2mgu9NsUIbv02CHg8B/BGTC5L0XwGQ+TjvLicD2j3XFUShQObCxW6laN4CsaKNC/XjtcEYzi8wZpxtVzOcsDUQBPd8Vyn/p25EIGphA4dV0N3HIRMCiuaMIvkd4TfCfKRNJgED4bSUiPZMVhskWM+AGfhrdv30gHk26/rVIucqfyvM40lSpMHE7ZhEqt+gt3shD4xO61jpnG2QNfHFwUkWYnZhVageBnMw7o9aoIgJOerVLx4CTGfiEUUKGLGbrmemCthpZX50pk8HCpoWY+0O1AJKtSCsRBvVQssZ6TgcQFOqoruETCmNikMIAA4YOczYVfmYilN3U4i1AiYQ0QDKxV+DjZqzojEKSCGjsXBD458U49PDEb1WPaH5P3m/fGJNIDxMgCV0THqsj+9Aii69UfAYkg45M+6U1+10PQdSCSqkxJQmLA5g+T9HFXf2u3CB645KxA5Cw7ASk2b6wqvemA5FiO+9hqJ0812wLp7Ay6Wkap1hO8xMF6UYxFGvCyqykiDw4OIglEjFOPTbJzCeVwnH2kzwtkIndVytpomTypxGh2hf4lR0nQVTynwIj3NpzClENcGAtPF4sB9Kp8Bym/q9i92DJbPTh8mzgSJIdZr+SLA3rZl8UYc+4hjH3HsjRJx7COOfcSxjzj2Ecc+iTj2ukQc+4hjf/cAfMuIYx9x7Kkpvx0c+wbYuXIkKQyDELB4i5SoMXtUC3+2KPMCXWfJzrNa+3qgsd97dPu7hIt/4MD794dToX3hLFRtVYxzfSZtXN05VoW0zOhfXFetST/UPmutVwn2fyo6SJk062D994f3l9VEQP4IyB8B+SMg/30B5E8/y7zCb75sfxvh+h8QXD/NQzFXxHfHhCy7lvStFRHqUEVxCFJzzfERgKYFrU/DgqInq0F8JX1UtgF4WyxFXw4gAEs+lvwPDV70El1nFR3X4G5MHdbmxqGxHkbrfp0/XsWNxhkmMrOO2oRVH4pJBn0A+0C6abQQM+mBclQt7zk64AIhx7pY8vsnAyAyQOGJE970NB1/hEb88re/CetOqyyU5d//PoSPS5yl4l+/eN5gOJrA0wA/5+0t+zzOskklFAnMkjIdi0lR6VacQhgH3qW7Ia6+/qPxU3Wt43gYInzBJyoaMjfvNrgbiGP6GdHgUYclX7t6RTpOKlU1ZNwtDO8GuVL/kudff2M00gcnr2ritYOp0QX8TdZAmYM5XyW/yMMnjsYvLszpX5rj9gtK6BceN+egnSBQLr2s+S4Fe9neXOop1K5Jj75qoWdNP2mlXOGZzYZwtKvVOXfTWseEZjERcTfTOpYxJoGuTqtlvlypKccTDvnD5hBzn4958riGUiZqfCous6lYI+YkpSgb9WozdlzmbLo1hTofSWUgcxsGlE1Mlj9rhXxq77xhFIjJbn+kC4/AGzDgud6/a9IZSIKh43sY/4z446woNamMvq4hrhB1pr8Bohp4D7b3tulqHgYnjV/gtq3+C5n0bvgrjIwBMYOSSsLGikUi/6FRjMFeFGd+V7i6qD0HaGmcW4YWG6BtIKt3/9iYWDIOjzViMZ00nBL/U9V3E7X/L9V/rp3/tZna2TP/RPdA1v8UlO25+OBjli3I24GHanXwFZW9ObYOLcb6XuYVJT7ZtBYZpDxHzJuCcjVHuxZC8mwd4Uhfx8h/kew2xhtvo1iv0A4i6+NqbMvii+TdnGIaaSmY9VnadIl/lRXWJ2+u5gAcOne84ASh+SEjjCZyhmsJb7KBWPIT5H1I/5Y2Y+xLReaWWa1tv0AIjJv7orXtLJ2n5/r+3puoJl5glxNpebERLKlfQkjzx8sWBVNH9YnRLNhsy34V3P3NW6S+itRXRjm5iNRXkfoqqPmR+uoa0onUV5H6KlJfuVsXqa9aJVJf2X8bqa/a30XqKyqR+soskfqqViL1VaS+0iVSX0Xqq0h9FamvdOMj9VWkvorUV5H6KlJfReors0Tqq1qJ1FetEqmv7hloN5RIfRWpr7pqfojUV7UQzXbiRu1RHar5LGBAfx90Wt60F/VUJN26EdKtgPhifGxD4o8EXq0SCbwigVck8IoEXu0SCbxUiQRekcArEnhFAi+zRAKvGyLwgrx9hpnZJIdXvVqVmn1RXCZwSlQGh0nbBdnss8XSgBNQiXYqUPuNEyNVFrHtQ8Dd2ZJThuTJH9dVnQQHUE2TXQ3VI6bMM2oKROZcqYfQ4DiD7JXMhx5ezyvceSbzHK/FTBNZ1h44yxr05AdARxOLYinm4obH0VL1NYfzMs2XjPoH9/7JJ3yDT5FRUtEE2wDos8GjzFWrgeYa1hzpSHkXKe/qKYCR8i5S3v0uKe8MT+/XO+1cV/XYhjy9AIIAsq++g6i+TajWeo3KfVQZQcAm4RdgUs2FtCYMQZXBtlNDQiLESf0bK0yBLMZsMMN4s9H5CAbdZPTibTRZTFOt3snBBqHfnDRSZbNUTI6xH0QESqOZKvH7jUqryK7kSwc00XBxCYWTTma6OXL1gryEFI5q8vQ5g/l9om+EdXdYTP6apdPlxdUAwRYnq6n5oTEKgyRbjr1ylcqCXaUM7c8B8kbA8oBEbcK/4whXgLefcHp8UhVny0tRxfZFWk7gD7n3ScCZf/HZLChH9PTTvOGMDEWzgzn5Qv8IpQMZPJwEAOnzenBQ1UwmpH8N/rOiIW+vUMg8rW+1BgIJOjBhVKAxK5zShKL53BB9t/l7MKcNuLGwjDUkOl8uNYuBmgAD4LnjkXmDYAClMRMg0eAs/8z5wGJ0UHIhKzs5r7cAZ0OZAV2ABHNB1DEmKhswwpmSgjHSj6vWugluBslBIU7IhEnYO2WqmpgA5ZXRtK2XtUWvZ8mLZCv5Z9ngzu3mIpsuSHXNYLlmzM1GVEEmd1KVnK5OT5HLZLVokAkAIcAl+M1Vesq2fILV1FN3QzrzN23gq7WprTPg8MTBrE8+w0ajqtUWjNSxKd3mmXPEJ8jQEGD1rhMPuZW11wHBJrXKjRuW1OgiritNgQAP5vPGQOqnpx1J1FQOGnRgYCJlCKyBGBwNCDiVBLfy84PpQrgsfwF6nMaWJ9+Hakn9i2gvxMr5siTMrCtTqde20rRqKoKu5hgmzZc77strfjjEsKHCIIovkv948lM6/PXZ8Nufn/w05L++kB89/fOTfx95v3/6xbZ46MlPu8N/489+Gqq/P4x+/uLpn43vnv5j17VaaDjQopimPh4/WfpOallvi3QOJ7m+z5OXcDWF2j23WnCfhwWxBA2St5mYEMAXBFtKIQ7+HrQ4XX6E3YGfHnAOD7kgOIdnVarFIN/VXeuukAOzFymBgBujqjlSeNWq4CLYKICVqlwpmwKJCsXpqJzVLNeQFsylPPq3ADkGrtkEO7ZqvQyVSDsflKO7mfnfldxP76zNXZ9RGOJqF4roAPfNxIIiVK/Jj2fQTv0Hxz0kE7p7E9oXF6zAzEHZ/bujQL/VWKhIp+6uP9KpRzp15omJdOqRTt0skU69m07d2Md2nj3/yhVpHrCPRWL2axOz9xgst9GxiaGK5O7tAjNjY+TupjfCdQqIBPCRAP7aBPC3pDL8RPJtm8X6WOSbh3KnfPOWX+0BJCggDk2at0wT9Y3EqT4vOEIEr0JmxSfFSpzMs89LI39llBzCAQZElpmRpxerU1zKhvuhys+rbeMqe/t0WpxuQzITBVWCDV5UQnVtPwcL5tudb4Z8I8I4N8N8Pnwp9uGhWsqjGV3sowAlwEmr75220bo8S2cm/fs1ph9vl3c0+xxc9I6Jpwh9a1z01hl30KcPzRZb+0RHaqGx4S7iVU140LFXztU8qj9tqVw+vCgWCEqk8N4c4jGFYamuLh64tMynmbWBdjVgqbKhGNZUA8L8AR4kglXiwyBzzsG8QwucVfynrEaJbrvNM6IHz9KxyfkurEPEbGQtcpZ/BvWyWhbiKMf87IU9AAjPkk9wk5YeBnFwEvKCXZRYiSldjM9YHMwIST1LvFWz0lKfCSsyhYQvAp4vCxlcY6yOEw1ijshg+jRi4ChZ04TM2D4tE4kWijiB85WY7DgtOLDejNFSIXK2poO1J1cLD8ilPMTnc0pyE7r2FDhk6ToOuFWWcPiUXA626SR6OKhB1cGwrcTsWYAtomMTbf0iyVjXqI7VaP8wyZdVNj1TDEC5nAqzvFL4XnbqkF2IAcWJCdrEnJfFWJwIJLIxHSZZkzSpVm3CZRuO7izTirRV1bhdB+4CDqIUI7rNC09tit6FATfzq+VitYy7cn3JePbVlZgTCACcTQJ9s/bt1VKPjdqevyHoNAh7ZIxHfU9/oT5rBPIqQFyL+zMOtzkWa7uqpav/O+bt6zS12j+AYAy4iqChP9efy9EsLFyPaEQJZQA7lbxtCHTGf/NVrx7W+LE7Old71jaZ4WpBc9HwLYKlc0ZXkl1t1tU8YFSbchRjMPlFCgxuVk+vSSEDgNl4o7G1ybkQyIrVJMCC8bWMZlsHbLKtm2KLURFwqclboZ4gi4jjFkvO2JilBIn+qchBaYitCLZ7eKHlZWKfJ4piBofkaqRFLCuHJnDV3BIEHR4u0jKdcca1l/WFPeD19le9kGQ72V6Ms57QXm1HybpHPY617BhLGZF5XharRcVxkMrarkGhk8GBanOCETTWQ4SxSh9X0vunzNYfdv6Cr3PeoPuvtQLuP1s93NQdKBTbFadTFelaPddMOoZOufdMz2OFoTh2F5t/nUPxrXUovivVlhydLlPjvtUgcdFX3trET+uTQ7nFfehF34ND2LxThFx8NPyliYw6e6D++X5xUuyJCiHUF6mc3y/Un3t4E3iUkQcf6DYTSviEvw7BnXptAiN9F6wCTOV1Gswe8HqnqNm6Iupr0qGHxXSAi6EjtmOuw0AUfj3c6mFHCN4dXBNDWe+quOdd8XXuhKGE3gtDCYoj67gfhtJn7G7lnhjKCeXx4cUjXMzB3SP31ffD2uXVH77543XFF2Ko69KL18pm0deU40gxJhjWvSUy8hLzI5fJaQrRYqtFl2hf4Q0VXD6OCYvB+qJcqV9hXu48JzcVNqt1E/TT559Hlu6IGr4dNNqao+cAaVvFDPc2k1ksSRWy78Ki8jLVl5B1ZT/I6MKMvn5cu65dk4o/pgBKn+lSyutn3jIwi/FcWKnoe1TZueCP0suvXxiCf9YclsVkNeZMWBWG0Nx2YcVSiJP2lsorTGC4pTRpfYgjPennBUP/Psc3YGp140q0b2QDlBNZj7EjpMYlbremaUVIsMfZGyUBpXF145+MIaH+Osyfo/B/NkL1Pwxe/PyF8c+fn/7ZF58fpBT9l/tQ1r7g9wq84/IfSldE9zDZgtdt+R/Btvif4bZcV5S+eAQoNUHeVOBBjwyUe5hSEpTE28WTFxQGQI+ymeP8vnRdx9HXHn4TTzQBlM4Q/s7w/f6Mff6wfU9z+0Xpd3gLoVzPY+gSaehR3fAaqgO5o85muuYNH9FXfJrtIb3mT9oCXC2Gy2IIJtpGHR5GtUEeD3lSvy1pOleY9YvWh2QBv8AG0gfLooTDl/HJ6lRdMsiRQiQFPWzoDjxmbyBilyqTu5V8AHaYHEX5KGBQtgaNKmg+SrU2HubdPfnb3x8Nh8NHBq5r8mnnEYI5Jsd0ib07RvLuRyaFoEl1xpcyI6EMCLRNZq+8MPEfHjHgYTIGlDYiZS8fmSB/9E11JX4xazWqPE3Ho3S1vADWMYrc4Lep5h4V02yjjZyKNS4+x+EQLxyWBQaXOFpcrqYw2kO43voO3ajwZmFngIlRmw5Dvqt9hJlGp/wZ3UG0fz8uMDTU7HO7QrxFa1R4ni3pu7yiPy7hVtB8F/y5Wkzknwv1PeGN0CCcn5eY8VbMj1Y0g1lgIO9j5QzH31m4XVuClxVmoCV4HrxItpZosPUc8pe6JRsdedXGiWwhDT6NcfLTz+vMz7Ua65XWNVef2aeweUuhDmJ375pqeioZ84vm33UXiK4+qCaNtBm0OoLqJJB/d/N4+VxbMulkAvmtzSG2jAs9oT4Vjds+g7Cb/FeiT7Q/oqxUi1xa7ezROiMh0P41B5kg/IT9iXo+YIAIHn/x+ObHY5EjJg7yMjt1MUG2yw8ZeJHDsdeYgB0vRTzb2izArIbMMTDtaXCaI6xaNfKNp2X2hDzv+Fb1h/SJME6EfSFOY46psBBvAjZs0bF8Jj5epLOOJzPfU2y1ToRBVFwhvbX/OcBSRCXpfewC4YTGF9n4o//BBfDoep/o+DazN7jHLPR8a9UJAbpgBXclS86kcS6NZfExm5cZILIFWj+2LdWikFdonxNEfq/6g3UrryrLR1pket7X/uFQxbUftiaba241K7M94tPraym+bim1F5XjY0f7zSfaYjF711pLrQ8cr6Dv2pXX/+H4sfWH2bL1b9fPXdvtDexSLs3XGLGGWm0q0A3OnvUatKYm8mwlTRuzsQtZP7z+WlrvIPsX2pVv/DzLu/8j97G2mErqGylpTyceMREEHca7T9OsuPH8YXU63LjXwDiV3YTMzaOWlPWaIjXPj0Gn1RsWbtNPtFG5XWanF0XxcciJFO5WSSZ1CP2XSkL8+SL56isi6FqmpVivh/iZWSt2tR7qGNjQpiDSxaLSE2pP7WTXF4gKxx/iUemFEZ3fGC8WivN7j+RUaCreP9YlEuLQcTc+rPkyEp3faMhMOUoNf3ev14c1gDysL4wmE7OP/ETsMeW50YRhMqxps9oXkzw9nxeVMIWrIe9nf/rHv0Hg+Ye9g93v3r47Pjl4efxhd2/vaP/4+MWfXvxRTNS/16rI51U2Fqdesy5Zx8Hb4/2X74/2zcpe/AlhsuqVnAm7AupAbLo/sbf9UJhAoqb9/3P44c3uy78evN3/cPju3esXfwJ/0t8HUsPwPnmcLfnhl6/fH5/sH30QTX73/ujl/ofj/ZPGj06KRTEtzq+gofz0ybvDd6/fffevsn2DI9qbj/e+53qP3r89OXgjqtv7Xj2krxgOIfg9P79YvkTDr9Fw0YQPh0f7r14ffPfXkw8v/7r/8vtj2Sau48c0X74qShNi/iXfU9Bnu0v4DK3ORu0/7h6cvHp39MO71+/f7O/tn4iPP7x89/b4YE90jD7dPYFP3+y/PVHvPSzzAtLz//cqW2Vc4+HRwbujg5N//fC/3++/32+NFTCcpCZ10jDZNqcmlGz+yfye1vvhu70Pb3ff7B8f7r7cV98mFPDwqiwaN+QYwmDhsNPkaWrpjZTCcL508++zvur9wd5m37TKdbhyPsNbG4LgLq9GZTofQ3wh3Kfz32bCiaFbX3zaGe08G31dr+pwNZ0eFkKVXr1IDs7eFjB/Ic5LPTXNP2UAMHhYFqe1eACII/8ua1AqLLDl23T0+bX+FW5mzW9IbM25o/ZFKV2l32hL/Fbuk2YlrX1S1VYWy2JcTF8kJy8PvZU+a1Xa7klgbX+0NVEMaSn0YmdtCtaxl9TxJjhE6KipxYoHRF1xdjArS6fT4lJohE/5NDvP9uECkGILCdXQeFLsygSw0IrVnZTFov7JMNl9/brWa37BpF2vOAvtVmxffvP117XbUvzufQX7Zv0rztiElnK6r5zUr0SPhJX68aR4XZxX7+b7kMuofkdcGG/AsKzNN6TvoGW4vZwttsW2PazPr2008ubnw3FWLqvWSMOnZsPF0LybT6+M+1bPMGA33xbzo6JY1n6BvwHkYzEvzvJpbWbQnS/vVsyJo15kWtBvbeZzQ4jflUKRHmZiZ5gwRhqEhMnnhJ1OgZSGtZGdnQmrAhhfJEq1atvHTPQbspnQwh/VM09mKeiqa1dTM5kemYNrtNEyNHQrYsqx0iTMVqseB7xlTsOHUpz1oxpEsyNaz2bPGub06zaXJ/PK9LlbujUyfjaqPo2DH1ROi2khlIX4WV5VK7DHeG8jMRzgh4+MBUKdmJ5V+flcHAJz+UCY/BPpPqWXFOV5OucjKAt1CNwXkIE5lDKc5mJuXY2nWfjocbM3O3DtPneMHvzkGH9ijX1IJzNRk/iTrQK7z+DNaomhtz+SOF+aafa1DqbzebE0JdmUTj4HwQ/H6RASHmpN3rbNzWu7I7jlaibUIAIe8ad0HSxFcYT+dBYRT/tPO/w/SBuDvykPjyRBzeM5JvWB92wvH7AMHH3J2zI2P1OzEHs+zIsht0N+8UgBlOitK4f1hMdZ+dn+f61yYVJmhiOEEZfVOrQ5Eem6nG/mtOfR4SY3KZPVc1psBsqj+vblkTha7PM/3h/uyX80Qopqlw1wptlHfV+Bwp9nD3sA8WZlU6OIlT2ModSXTA9sQOkuuHNcjfvjTY2uUaXnRto31O5f3cKImzfqD2/YneOt8YWuN8iS4+1+r17jIvE3NoD6WnZTQ6lrfBiDWr/R/o0Nr3GvvqnxNap8GAPciC34jY3wJnZaXdXDGNGHuZdy4IJtRNPp4kIMaSM24drj2qhPReGtZ0Z5Ai8cY07duu6gW8I4HtjId61hCFza1CKGuh7GKpaxXZbBXMtpg4RND9Rt80m1/YE6brgDN+i6kSISI38vvTfDZG//9f5vyJUTPKTXc+a0x/Ue+nOCBvfhOXfUEN+ie6c93tHD88DGXseU3sAU4Mof+EyQSTcPcULcmNPPGPfo97vrUdyA5689ntH5d7/GWGYbbXKIZZ0PZITNhKvf3ABvwr/bHuLo4r1nw7whezv6eW9nOG/P02sMrsvZG72892YZX8vP217HvwlX7/0eUchsdQ+rSmjdxKCqypzIBr5xdf3m1nxg9czi3+pAY+byRkcba3zgQ64SzNvD/v8B+Kqyku8FDQA= data: metadata: | # maps release series of major.minor to cluster-api contract version @@ -19,6 +21,9 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 - major: 1 minor: 9 contract: v1beta1 @@ -52,7 +57,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.9.5 + name: v1.10.5 namespace: capi-system annotations: provider.cluster.x-k8s.io/compressed: "true" diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml index beb64e4..54c2a9e 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml @@ -813,7 +813,7 @@ data: control-plane: controller-manager spec: containers: - - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0 + - image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.11.0 imagePullPolicy: IfNotPresent name: manager ports: @@ -835,7 +835,7 @@ data: memory: 100Mi - args: - --helm-install - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0 + image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.11.0 name: helm-manager resources: limits: diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml new file mode 100644 index 0000000..d4101d3 --- /dev/null +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml @@ -0,0 +1,1038 @@ +{{- if not (lookup "v1" "Namespace" "" "metal3-ipam-system") }} +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3ipam + pod-security.kubernetes.io/enforce: restricted + name: metal3-ipam-system +--- +{{- end }} +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + name: metal3-ipam-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipaddresses.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - metal3 + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + shortNames: + - ipa + - ipaddress + - m3ipa + - m3ipaddress + - m3ipaddresses + - metal3ipa + - metal3ipaddress + - metal3ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPAddress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddresses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPAddressSpec defines the desired state of IPAddress. + properties: + address: + description: Address contains the IP address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + claim: + description: Claim points to the object the IPClaim was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - address + - claim + - pool + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipclaims.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPClaim + listKind: IPClaimList + plural: ipclaims + shortNames: + - ipc + - ipclaim + - m3ipc + - m3ipclaim + - m3ipclaims + - metal3ipc + - metal3ipclaim + - metal3ipclaims + singular: ipclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPClaim is the Schema for the ipclaims API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPClaimSpec defines the desired state of IPClaim. + properties: + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - pool + type: object + status: + description: IPClaimStatus defines the observed state of IPClaim. + properties: + address: + description: Address is the IPAddress that was generated for this + claim. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + errorMessage: + description: ErrorMessage contains the error message + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ippools.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPPool + listKind: IPPoolList + plural: ippools + shortNames: + - ipp + - ippool + - m3ipp + - m3ippool + - m3ippools + - metal3ipp + - metal3ippool + - metal3ippools + singular: ippool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Time duration since creation of Metal3IPPool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPPool is the Schema for the ippools API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPPoolSpec defines the desired state of IPPool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + type: string + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + namePrefix: + description: namePrefix is the prefix used to generate the IPAddress + object names + minLength: 1 + type: string + pools: + description: Pools contains the list of IP addresses pools + items: + description: |- + MetaDataIPAddress contains the info to render th ip address. It is IP-version + agnostic. + properties: + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + end: + description: |- + End is the last IP address that can be rendered. It is used as a validation + that the rendered IP is in bound. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + prefix: + description: Prefix is the mask of the network as integer (max + 128) + maximum: 128 + type: integer + start: + description: Start is the first ip address that can be rendered + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + subnet: + description: |- + Subnet is used to validate that the rendered IP is in bounds. In case the + Start value is not given, it is derived from the subnet ip incremented by 1 + (`192.168.0.1` for `192.168.0.0/24`) + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) + type: string + type: object + type: array + preAllocations: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: PreAllocations contains the preallocated IP addresses + type: object + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - namePrefix + type: object + status: + description: IPPoolStatus defines the observed state of IPPool. + properties: + indexes: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: Allocations contains the map of objects and IP addresses + they have + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-leader-election-role + namespace: metal3-ipam-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + - ipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + - ipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + - ipclaims + - ippools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + - ipclaims/status + - ippools/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-leader-election-rolebinding + namespace: metal3-ipam-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ipam-leader-election-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ipam-manager-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-webhook-service + namespace: metal3-ipam-system + spec: + ports: + - port: 443 + targetPort: ipam-webhook + selector: + cluster.x-k8s.io/provider: ipam-metal3 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: ipam-controller-manager + namespace: metal3-ipam-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} + - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.rancher.com/rancher/ip-address-manager:v1.10.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: ipam-webhook + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: ipam-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-serving-cert + namespace: metal3-ipam-system + spec: + dnsNames: + - ipam-webhook-service.metal3-ipam-system.svc + - ipam-webhook-service.metal3-ipam-system.svc.cluster.local + issuerRef: + kind: Issuer + name: ipam-selfsigned-issuer + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-selfsigned-issuer + namespace: metal3-ipam-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v1.10.2 + namespace: metal3-ipam-system + labels: + provider-components: metal3ipam diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml index b70867b..7b6855d 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "capm3-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,6 +7,7 @@ metadata: pod-security.kubernetes.io/enforce: restricted name: capm3-system --- +{{- end }} apiVersion: v1 data: components: | @@ -19,548 +21,6 @@ data: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - cluster.x-k8s.io/v1alpha2: v1alpha2 - cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 - cluster.x-k8s.io/v1alpha4: v1alpha5 - cluster.x-k8s.io/v1beta1: v1beta1 - name: ipaddresses.ipam.metal3.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: ipam.metal3.io - names: - categories: - - metal3 - kind: IPAddress - listKind: IPAddressList - plural: ipaddresses - shortNames: - - ipa - - ipaddress - - m3ipa - - m3ipaddress - - m3ipaddresses - - metal3ipa - - metal3ipaddress - - metal3ipaddresses - singular: ipaddress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of Metal3IPAddress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddresses API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec defines the desired state of IPAddress. - properties: - address: - description: Address contains the IP address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - claim: - description: Claim points to the object the IPClaim was created for. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dnsServers: - description: DNSServers is the list of dns servers - items: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - type: array - gateway: - description: Gateway is the gateway ip address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - pool: - description: Pool is the IPPool this was generated from. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - prefix: - description: Prefix is the mask of the network as integer (max 128) - maximum: 128 - type: integer - required: - - address - - claim - - pool - type: object - type: object - served: true - storage: true - subresources: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - cluster.x-k8s.io/v1alpha2: v1alpha2 - cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 - cluster.x-k8s.io/v1alpha4: v1alpha5 - cluster.x-k8s.io/v1beta1: v1beta1 - name: ipclaims.ipam.metal3.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: ipam.metal3.io - names: - categories: - - cluster-api - kind: IPClaim - listKind: IPClaimList - plural: ipclaims - shortNames: - - ipc - - ipclaim - - m3ipc - - m3ipclaim - - m3ipclaims - - metal3ipc - - metal3ipclaim - - metal3ipclaims - singular: ipclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of Metal3IPClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPClaim is the Schema for the ipclaims API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPClaimSpec defines the desired state of IPClaim. - properties: - pool: - description: Pool is the IPPool this was generated from. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - pool - type: object - status: - description: IPClaimStatus defines the observed state of IPClaim. - properties: - address: - description: Address is the IPAddress that was generated for this - claim. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - errorMessage: - description: ErrorMessage contains the error message - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - cluster.x-k8s.io/v1alpha2: v1alpha2 - cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 - cluster.x-k8s.io/v1alpha4: v1alpha5 - cluster.x-k8s.io/v1beta1: v1beta1 - name: ippools.ipam.metal3.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: ipam.metal3.io - names: - categories: - - cluster-api - kind: IPPool - listKind: IPPoolList - plural: ippools - shortNames: - - ipp - - ippool - - m3ipp - - m3ippool - - m3ippools - - metal3ipp - - metal3ippool - - metal3ippools - singular: ippool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this template belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Time duration since creation of Metal3IPPool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPPool is the Schema for the ippools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPPoolSpec defines the desired state of IPPool. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - type: string - dnsServers: - description: DNSServers is the list of dns servers - items: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - type: array - gateway: - description: Gateway is the gateway ip address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - namePrefix: - description: namePrefix is the prefix used to generate the IPAddress - object names - minLength: 1 - type: string - pools: - description: Pools contains the list of IP addresses pools - items: - description: |- - MetaDataIPAddress contains the info to render th ip address. It is IP-version - agnostic. - properties: - dnsServers: - description: DNSServers is the list of dns servers - items: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - type: array - end: - description: |- - End is the last IP address that can be rendered. It is used as a validation - that the rendered IP is in bound. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - gateway: - description: Gateway is the gateway ip address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - prefix: - description: Prefix is the mask of the network as integer (max - 128) - maximum: 128 - type: integer - start: - description: Start is the first ip address that can be rendered - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - subnet: - description: |- - Subnet is used to validate that the rendered IP is in bounds. In case the - Start value is not given, it is derived from the subnet ip incremented by 1 - (`192.168.0.1` for `192.168.0.0/24`) - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) - type: string - type: object - type: array - preAllocations: - additionalProperties: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - description: PreAllocations contains the preallocated IP addresses - type: object - prefix: - description: Prefix is the mask of the network as integer (max 128) - maximum: 128 - type: integer - required: - - namePrefix - type: object - status: - description: IPPoolStatus defines the observed state of IPPool. - properties: - indexes: - additionalProperties: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - description: Allocations contains the map of objects and IP addresses - they have - type: object - lastUpdated: - description: LastUpdated identifies when this status was last observed. - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert @@ -643,6 +103,13 @@ data: spec: description: Metal3ClusterSpec defines the desired state of Metal3Cluster. properties: + cloudProviderEnabled: + description: |- + Determines if the cluster is to be deployed with an external cloud provider. + If set to false, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to true, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + Default value is true, it is set in the webhook. + type: boolean controlPlaneEndpoint: description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. @@ -662,6 +129,8 @@ data: Determines if the cluster is not to be deployed with an external cloud provider. If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + + Deprecated: This field is deprecated, use cloudProviderEnabled instead type: boolean type: object status: @@ -675,27 +144,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -705,6 +179,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -797,6 +273,13 @@ data: spec: description: Metal3ClusterSpec defines the desired state of Metal3Cluster. properties: + cloudProviderEnabled: + description: |- + Determines if the cluster is to be deployed with an external cloud provider. + If set to false, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to true, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + Default value is true, it is set in the webhook. + type: boolean controlPlaneEndpoint: description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. @@ -818,6 +301,8 @@ data: Determines if the cluster is not to be deployed with an external cloud provider. If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + + Deprecated: This field is deprecated, use cloudProviderEnabled instead type: boolean type: object required: @@ -1192,7 +677,9 @@ data: description: |- TemplateReference refers to the Template the Metal3MachineTemplate refers to. It can be matched against the key or it may also point to the name of the template - Metal3Data refers to + Metal3Data refers to. + + Deprecated: This field is deprecated and will be removed in a future release. type: string required: - claim @@ -2221,7 +1708,9 @@ data: description: |- TemplateReference refers to the Template the Metal3MachineTemplate refers to. It can be matched against the key or it may also point to the name of the template - Metal3Data refers to + Metal3Data refers to. + + Deprecated: This field is deprecated and will be removed in a future release. type: string required: - clusterName @@ -2526,11 +2015,19 @@ data: address. properties: address: - description: The machine address. + description: address is the machine address. + maxLength: 256 + minLength: 1 type: string type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. + description: type is the machine address type, one of Hostname, + ExternalIP, InternalIP, ExternalDNS or InternalDNS. + enum: + - Hostname + - ExternalIP + - InternalIP + - ExternalDNS + - InternalDNS type: string required: - address @@ -2545,27 +2042,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -2575,6 +2077,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3267,14 +2771,6 @@ data: name: capm3-manager namespace: capm3-system --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-manager - namespace: capm3-system - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -3303,21 +2799,6 @@ data: - delete --- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-leader-election-role - namespace: capm3-system - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -3515,87 +2996,6 @@ data: - watch --- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-manager-role - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters/status - verbs: - - get - - apiGroups: - - ipam.metal3.io - resources: - - ipaddresses - - ipclaims - - ippools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - ipam.metal3.io - resources: - - ipaddresses/status - - ipclaims/status - - ippools/status - verbs: - - get - - patch - - update - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: @@ -3612,22 +3012,6 @@ data: namespace: capm3-system --- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-leader-election-rolebinding - namespace: capm3-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ipam-leader-election-role - subjects: - - kind: ServiceAccount - name: ipam-manager - namespace: capm3-system - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -3642,21 +3026,6 @@ data: name: capm3-manager namespace: capm3-system --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-manager-rolebinding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ipam-manager-role - subjects: - - kind: ServiceAccount - name: ipam-manager - namespace: capm3-system - --- apiVersion: v1 data: CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} @@ -3681,20 +3050,6 @@ data: selector: cluster.x-k8s.io/provider: infrastructure-metal3 --- - apiVersion: v1 - kind: Service - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-webhook-service - namespace: capm3-system - spec: - ports: - - port: 443 - targetPort: ipam-webhook - selector: - cluster.x-k8s.io/provider: infrastructure-metal3 - --- apiVersion: apps/v1 kind: Deployment metadata: @@ -3734,7 +3089,7 @@ data: envFrom: - configMapRef: name: capm3-capm3fasttrack-configmap - image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.4 + image: quay.io/metal3-io/cluster-api-provider-metal3:main imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3785,92 +3140,6 @@ data: defaultMode: 420 secretName: capm3-webhook-service-cert --- - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - name: ipam-controller-manager - namespace: capm3-system - spec: - selector: - matchLabels: - cluster.x-k8s.io/provider: infrastructure-metal3 - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - template: - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - spec: - containers: - - args: - - --webhook-port=9443 - - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} - - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/metal3-io/ip-address-manager:v1.9.5 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: ipam-webhook - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: ipam-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: ipam-webhook-service-cert - --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -3888,22 +3157,6 @@ data: secretName: capm3-webhook-service-cert --- apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-serving-cert - namespace: capm3-system - spec: - dnsNames: - - ipam-webhook-service.capm3-system.svc - - ipam-webhook-service.capm3-system.svc.cluster.local - issuerRef: - kind: Issuer - name: ipam-selfsigned-issuer - secretName: ipam-webhook-service-cert - --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: @@ -3913,16 +3166,6 @@ data: spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-selfsigned-issuer - namespace: capm3-system - spec: - selfSigned: {} - --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -4132,82 +3375,6 @@ data: sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-mutating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /mutate-ipam-metal3-io-v1alpha1-ipaddress - failurePolicy: Fail - matchPolicy: Equivalent - name: default.ipaddress.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipaddresses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /mutate-ipam-metal3-io-v1alpha1-ipclaim - failurePolicy: Fail - matchPolicy: Equivalent - name: default.ipclaim.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipclaims - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /mutate-ipam-metal3-io-v1alpha1-ippool - failurePolicy: Fail - matchPolicy: Equivalent - name: default.ippool.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ippools - sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: @@ -4414,86 +3581,13 @@ data: resources: - metal3remediationtemplates sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-validating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /validate-ipam-metal3-io-v1alpha1-ipaddress - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipaddress.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipaddresses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /validate-ipam-metal3-io-v1alpha1-ipclaim - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipclaim.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipclaims - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /validate-ipam-metal3-io-v1alpha1-ippool - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ippool.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ippools - sideEffects: None metadata: | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 - major: 1 minor: 9 contract: v1beta1 @@ -4524,7 +3618,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.9.4 + name: v1.10.2 namespace: capm3-system labels: provider-components: metal3 diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml index 6c9ab91..3afcc80 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "rke2-bootstrap-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,6 +7,7 @@ metadata: control-plane: controller-manager name: rke2-bootstrap-system --- +{{- end }} apiVersion: v1 data: components: | @@ -564,27 +566,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -594,6 +601,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -943,25 +952,42 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret that should - populate this file. + configMap: + description: ConfigMapFileSource represents a config map + that should populate this file. properties: key: - description: Key is the key in the secret's data map - for this value. + description: Key is the key in the secret or config + map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. enum: @@ -1153,27 +1179,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -1183,6 +1214,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -2124,25 +2157,43 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret - that should populate this file. + configMap: + description: ConfigMapFileSource represents a config + map that should populate this file. properties: key: - description: Key is the key in the secret's - data map for this value. + description: Key is the key in the secret or + config map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's - namespace to use. + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated + at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. @@ -2537,7 +2588,7 @@ data: - --concurrency=${CONCURRENCY_NUMBER:=10} command: - /manager - image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.18.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -2778,10 +2829,16 @@ data: - major: 0 minor: 18 contract: v1beta1 + - major: 0 + minor: 19 + contract: v1beta1 + - major: 0 + minor: 20 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.18.0 + name: v0.20.1 namespace: rke2-bootstrap-system labels: provider-components: rke2-bootstrap diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml index e9531e6..b9a307e 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "rke2-control-plane-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,6 +7,7 @@ metadata: control-plane: controller-manager name: rke2-control-plane-system --- +{{- end }} apiVersion: v1 data: components: | @@ -1177,27 +1179,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -1207,6 +1214,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -1582,25 +1591,42 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret that should - populate this file. + configMap: + description: ConfigMapFileSource represents a config map + that should populate this file. properties: key: - description: Key is the key in the secret's data map - for this value. + description: Key is the key in the secret or config + map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. enum: @@ -1741,7 +1767,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -2603,27 +2629,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -2633,6 +2664,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3130,25 +3163,43 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret - that should populate this file. + configMap: + description: ConfigMapFileSource represents a config + map that should populate this file. properties: key: - description: Key is the key in the secret's - data map for this value. + description: Key is the key in the secret or + config map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's - namespace to use. + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated + at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. @@ -3291,7 +3342,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -4181,27 +4232,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -4211,6 +4267,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -4559,7 +4617,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.18.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.20.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4807,10 +4865,16 @@ data: - major: 0 minor: 18 contract: v1beta1 + - major: 0 + minor: 19 + contract: v1beta1 + - major: 0 + minor: 20 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.18.0 + name: v0.20.1 namespace: rke2-control-plane-system labels: provider-components: rke2-control-plane diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml index f17efaa..449fed9 100644 --- a/rancher-turtles-chart/Chart.yaml +++ b/rancher-turtles-chart/Chart.yaml @@ -1,23 +1,18 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.7_up0.24.3 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.7_up0.24.3-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension - catalog.cattle.io/kube-version: '>= 1.23.0-0' + catalog.cattle.io/kube-version: '>= 1.31.4-0 < 1.34.0-0' catalog.cattle.io/namespace: rancher-turtles-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux - catalog.cattle.io/rancher-version: '>= 2.11.0-1' + catalog.cattle.io/rancher-version: '>= 2.12.3-0 < 2.13.0-0' catalog.cattle.io/release-name: rancher-turtles catalog.cattle.io/scope: management catalog.cattle.io/type: cluster-tool apiVersion: v2 -appVersion: 0.21.0 -dependencies: -- condition: cluster-api-operator.enabled - name: cluster-api-operator - repository: file://./charts/cluster-api-operator - version: 0.18.1 +appVersion: 0.24.3 description: Rancher Turtles is an extension to Rancher that brings full Cluster API integration to Rancher. home: https://github.com/rancher/turtles/ @@ -29,4 +24,4 @@ keywords: - provisioning name: rancher-turtles type: application -version: "%%CHART_MAJOR%%.0.5+up0.21.0" +version: "%%CHART_MAJOR%%.0.7+up0.24.3" diff --git a/rancher-turtles-chart/README.md b/rancher-turtles-chart/README.md index 74c4009..8b35298 100644 --- a/rancher-turtles-chart/README.md +++ b/rancher-turtles-chart/README.md @@ -1,5 +1,5 @@ # Rancher Turtles Chart -This chart installs the Rancher Turtles operator and optionally the Cluster API Operator using Helm. +This chart installs Rancher Turtles using Helm. Checkout the [documentation](https://turtles.docs.rancher.com) for further information. diff --git a/rancher-turtles-chart/RELEASE_NOTES.md b/rancher-turtles-chart/RELEASE_NOTES.md index e33ae51..3f6d9ca 100644 --- a/rancher-turtles-chart/RELEASE_NOTES.md +++ b/rancher-turtles-chart/RELEASE_NOTES.md @@ -1,6 +1,120 @@ -## Changes since examples/v0.21.0 ---- -## :chart_with_upwards_trend: Overview +## Highlights +* REPLACE ME + +## Deprecation Warning + +REPLACE ME: A couple sentences describing the deprecation, including links to docs. + +* [GitHub issue #REPLACE ME](REPLACE ME) + +## Changes since v0.24.2 +## :chart_with_upwards_trend: Overview +- 67 new commits merged +- 1 bug fixed 🐛 + +## :bug: Bug Fixes +- Build-and-release: Fix: wrong github token value in core capi workflow (#1829) + +## :seedling: Others +- Build-and-release: Append target branch to backport PR title (#1768) + +:book: Additionally, there have been 2 contributions to our documentation and book. (#1865, #1870) + +## :question: Sort these by hand +- Build-and-release: [main] fix: org value not set in release workflow (#1758) +- Build-and-release: Add backport automation GitHub workflow (#1754) +- Build-and-release: Chore(deps): Bump actions/upload-artifact from 4 to 5 (#1839) +- Build-and-release: Chore(deps): Bump github/codeql-action from 3 to 4 (#1815) +- Build-and-release: Chore(deps): Bump rancher/aws-janitor from 0.2.0 to 0.3.0 (#1743) +- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.15 to 0.0.16 (#1833) +- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.16 to 0.0.18 (#1840) +- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.18 to 0.1.1 (#1856) +- Build-and-release: Chore(deps): Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1834) +- Build-and-release: Ci: Add attestation (#1730) +- Build-and-release: Ci: Add new release workflow (#1721) +- Build-and-release: CI: Fix release workflow (#1729) +- Build-and-release: Ci: Use digests instead of tags when signing images (#1728) +- Build-and-release: Cleanup release workflow and build action (#1755) +- Build-and-release: Docs: Add document for new release process (#1761) +- Build-and-release: Feat: adapt chart to use system default registry (#1711) +- Build-and-release: Fix secret path for backport automation (#1757) +- Build-and-release: Fix: Bump Go version to 1.24.9 (#1838) +- Build-and-release: Fix: update nested imageVersion in values.yaml (#1747) +- Build-and-release: Use bash in release-against-rancher.sh for pushd/popd support (#1760) +- Build-and-release: Use proper path for backport secrets (#1765) +- Caprke2: Providers: update CAPRKE2 to v0.21.1 (#1869) +- Certificates: [feat] cert-manager to wrangler conversion (#1794) +- Chart: Bump rancher-version in chart.yaml (#1785) +- Chart: Chore: Drop CAPRKE2 and CAAPF templates from rancher-turtles chart (#1789) +- Chart: Correct Providers release-name (#1813) +- Chart: Fix: Change `capi-system` namespace to `cattle-capi-system` (#1837) +- Chart: Fix: Change Turtles namespace to `cattle-turtles-system` (#1818) +- Chart: Fix: Set `securityContext` field to Turtles controller and hooks manifests (#1850) +- Chart: Remove Extension mentions from chart (#1871) +- Chart: Set kube-version to actual version in Chart.yaml (#1722) +- CI: Bump e2e to k8s 1.34 (#1872) +- CI: Feat: Install Turtles as system chart in dev-env (#1836) +- CI: Fix gitea ingress template (#1860) +- CI: Use Rancher v2.13 for e2e (#1843) +- CI: Wait for rancher-webhook before installing providers (#1846) +- CI: Wait for rancher-webhook when testing charts (#1853) +- Dependency: Bump kubernetes version to v1.32.x series (#1787) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 in /test in the testing-dependencies group (#1801) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 in the testing-dependencies group (#1802) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.1 in /test in the testing-dependencies group (#1842) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.1 in the testing-dependencies group (#1841) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.27.1 to 2.27.2 in the testing-dependencies group (#1857) +- Dependency: Chore(deps): Bump golang.org/x/text from 0.29.0 to 0.30.0 in the other-dependencies group (#1814) +- Dependency: Chore(deps): Bump sigs.k8s.io/kind from 0.29.0 to 0.30.0 in /test in the other-dependencies group across 1 directory (#1751) +- Fleet: Chart: enable optional fetchConfig for fleet provider (#1734) +- Installation: Add cluster indexed label to all CRDs (#1749) +- Installation: Add helm policy keep to installed providers (#1725) +- Installation: Chore cleanup turtles chart provider refs (#1821) +- Installation: Feat: add fetch capi manifest workflow for air gapped (#1805) +- Installation: Feat: remove embedded capi (#1793) +- Installation: Revert "Enable no-cert-manager by default" (#1792) +- Installation: Standratize helm chart values with other system charts (#1769) +- MISSING_AREA: Add check for externalFleet annotation (#1868) +- MULTIPLE_AREAS[ClusterClass/Capa]: Add EKS ClusterClass example and e2e test (#1712) +- MULTIPLE_AREAS[Installation/Chart]: Enable no-cert-manager by default (#1784) +- MULTIPLE_AREAS[Testing/Capz]: Ci: bump k8s to 1.34 for Azure tests (#1863) +- Operator: [fix] Remove unnecessary finalizer wrapper from CAPIProvider (#1810) +- Operator: Remove clusterclass-operations from values.yaml (#1800) +- Operator: Remove day2 and clusterclass operations code (#1783) +- Testing: Add gitea helpers back to e2e setup (#1851) +- Testing: Fix: Drop CAPRKE2 from expected set of default deployments (#1798) +- Testing: Print error in artifacts collection instead of failing the suite (#1717) + +## Dependencies + +### Added +- github.com/gkampitakis/ciinfo: [v0.3.2](https://github.com/gkampitakis/ciinfo/tree/v0.3.2) +- github.com/gkampitakis/go-diff: [v1.3.2](https://github.com/gkampitakis/go-diff/tree/v1.3.2) +- github.com/gkampitakis/go-snaps: [v0.5.15](https://github.com/gkampitakis/go-snaps/tree/v0.5.15) +- github.com/goccy/go-yaml: [v1.18.0](https://github.com/goccy/go-yaml/tree/v1.18.0) +- github.com/joshdk/go-junit: [v1.0.0](https://github.com/joshdk/go-junit/tree/v1.0.0) +- github.com/maruel/natural: [v1.1.1](https://github.com/maruel/natural/tree/v1.1.1) +- github.com/mfridman/tparse: [v0.18.0](https://github.com/mfridman/tparse/tree/v0.18.0) +- github.com/tidwall/gjson: [v1.18.0](https://github.com/tidwall/gjson/tree/v1.18.0) +- github.com/tidwall/match: [v1.1.1](https://github.com/tidwall/match/tree/v1.1.1) +- github.com/tidwall/pretty: [v1.2.1](https://github.com/tidwall/pretty/tree/v1.2.1) +- github.com/tidwall/sjson: [v1.2.5](https://github.com/tidwall/sjson/tree/v1.2.5) + +### Changed +- github.com/onsi/ginkgo/v2: [v2.25.3 → v2.27.2](https://github.com/onsi/ginkgo/compare/v2.25.3...v2.27.2) +- github.com/rogpeppe/go-internal: [v1.12.0 → v1.13.1](https://github.com/rogpeppe/go-internal/compare/v1.12.0...v1.13.1) +- golang.org/x/crypto: v0.41.0 → v0.42.0 +- golang.org/x/mod: v0.27.0 → v0.28.0 +- golang.org/x/net: v0.43.0 → v0.44.0 +- golang.org/x/sys: v0.35.0 → v0.36.0 +- golang.org/x/telemetry: 1a19826 → aef8a43 +- golang.org/x/term: v0.34.0 → v0.35.0 +- golang.org/x/text: v0.29.0 → v0.30.0 +- golang.org/x/tools: v0.36.0 → v0.37.0 +- sigs.k8s.io/cluster-api: v1.10.5 → v1.10.6 + +### Removed +- github.com/prashantv/gostub: [v1.1.0](https://github.com/prashantv/gostub/tree/v1.1.0) _Thanks to all our contributors!_ 😊 diff --git a/rancher-turtles-chart/charts/cluster-api-operator/.helmignore b/rancher-turtles-chart/charts/cluster-api-operator/.helmignore deleted file mode 100644 index 1b9a9cc..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml deleted file mode 100644 index 89742e5..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -appVersion: 0.18.1 -description: Cluster API Operator -name: cluster-api-operator -type: application -version: 0.18.1 diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl b/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl deleted file mode 100644 index 471367b..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "capi-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "capi-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml deleted file mode 100644 index b82fd38..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Addon provider -{{- if .Values.addon }} -{{- $addons := split ";" .Values.addon }} -{{- $addonNamespace := "" }} -{{- $addonName := "" }} -{{- $addonVersion := "" }} -{{- range $addon := $addons }} -{{- $addonArgs := split ":" $addon }} -{{- $addonArgsLen := len $addonArgs }} -{{- if eq $addonArgsLen 3 }} - {{- $addonNamespace = $addonArgs._0 }} - {{- $addonName = $addonArgs._1 }} - {{- $addonVersion = $addonArgs._2 }} -{{- else if eq $addonArgsLen 2 }} - {{- $addonNamespace = print $addonArgs._0 "-addon-system" }} - {{- $addonName = $addonArgs._0 }} - {{- $addonVersion = $addonArgs._1 }} -{{- else if eq $addonArgsLen 1 }} - {{- $addonNamespace = print $addonArgs._0 "-addon-system" }} - {{- $addonName = $addonArgs._0 }} -{{- else }} - {{- fail "addon provider argument should have the following format helm:v1.0.0 or mynamespace:helm:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $addonNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: AddonProvider -metadata: - name: {{ $addonName }} - namespace: {{ $addonNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $addonVersion $.Values.secretName }} -spec: -{{- end}} -{{- if $addonVersion }} - version: {{ $addonVersion }} -{{- end }} -{{- if $.Values.secretName }} - secretName: {{ $.Values.secretName }} -{{- end }} -{{- if $.Values.secretNamespace }} - secretNamespace: {{ $.Values.secretNamespace }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml deleted file mode 100644 index 3a002a8..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Bootstrap provider -{{- if .Values.bootstrap }} -{{- $bootstraps := split ";" .Values.bootstrap }} -{{- $bootstrapNamespace := "" }} -{{- $bootstrapName := "" }} -{{- $bootstrapVersion := "" }} -{{- range $bootstrap := $bootstraps }} -{{- $bootstrapArgs := split ":" $bootstrap }} -{{- $bootstrapArgsLen := len $bootstrapArgs }} -{{- if eq $bootstrapArgsLen 3 }} - {{- $bootstrapNamespace = $bootstrapArgs._0 }} - {{- $bootstrapName = $bootstrapArgs._1 }} - {{- $bootstrapVersion = $bootstrapArgs._2 }} -{{- else if eq $bootstrapArgsLen 2 }} - {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }} - {{- $bootstrapName = $bootstrapArgs._0 }} - {{- $bootstrapVersion = $bootstrapArgs._1 }} -{{- else if eq $bootstrapArgsLen 1 }} - {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }} - {{- $bootstrapName = $bootstrapArgs._0 }} -{{- else }} - {{- fail "bootstrap provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $bootstrapNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: BootstrapProvider -metadata: - name: {{ $bootstrapName }} - namespace: {{ $bootstrapNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $bootstrapVersion $.Values.configSecret.name }} -spec: -{{- end}} -{{- if $bootstrapVersion }} - version: {{ $bootstrapVersion }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml deleted file mode 100644 index c20b029..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Control plane provider -{{- if .Values.controlPlane }} -{{- $controlPlanes := split ";" .Values.controlPlane }} -{{- $controlPlaneNamespace := "" }} -{{- $controlPlaneName := "" }} -{{- $controlPlaneVersion := "" }} -{{- range $controlPlane := $controlPlanes }} -{{- $controlPlaneArgs := split ":" $controlPlane }} -{{- $controlPlaneArgsLen := len $controlPlaneArgs }} -{{- if eq $controlPlaneArgsLen 3 }} - {{- $controlPlaneNamespace = $controlPlaneArgs._0 }} - {{- $controlPlaneName = $controlPlaneArgs._1 }} - {{- $controlPlaneVersion = $controlPlaneArgs._2 }} -{{- else if eq $controlPlaneArgsLen 2 }} - {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }} - {{- $controlPlaneName = $controlPlaneArgs._0 }} - {{- $controlPlaneVersion = $controlPlaneArgs._1 }} -{{- else if eq $controlPlaneArgsLen 1 }} - {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }} - {{- $controlPlaneName = $controlPlaneArgs._0 }} -{{- else }} - {{- fail "controlplane provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $controlPlaneNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: ControlPlaneProvider -metadata: - name: {{ $controlPlaneName }} - namespace: {{ $controlPlaneNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }} -spec: -{{- end}} -{{- if $controlPlaneVersion }} - version: {{ $controlPlaneVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if hasKey $.Values.manager.featureGates $controlPlaneName }} - manager: -{{- range $key, $value := $.Values.manager.featureGates }} - {{- if eq $key $controlPlaneName }} - featureGates: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml deleted file mode 100644 index 61e86d2..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }} -# Deploy core components if not specified -{{- if not .Values.core }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: capi-system ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: CoreProvider -metadata: - name: cluster-api - namespace: capi-system - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- with .Values.configSecret }} -spec: - configSecret: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml deleted file mode 100644 index f117eff..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Core provider -{{- if .Values.core }} -{{- $coreArgs := split ":" .Values.core }} -{{- $coreArgsLen := len $coreArgs }} -{{- $coreVersion := "" }} -{{- $coreNamespace := "" }} -{{- $coreName := "" }} -{{- $coreVersion := "" }} -{{- if eq $coreArgsLen 3 }} - {{- $coreNamespace = $coreArgs._0 }} - {{- $coreName = $coreArgs._1 }} - {{- $coreVersion = $coreArgs._2 }} -{{- else if eq $coreArgsLen 2 }} - {{- $coreNamespace = "capi-system" }} - {{- $coreName = $coreArgs._0 }} - {{- $coreVersion = $coreArgs._1 }} -{{- else if eq $coreArgsLen 1 }} - {{- $coreNamespace = "capi-system" }} - {{- $coreName = $coreArgs._0 }} -{{- else }} - {{- fail "core provider argument should have the following format cluster-api:v1.0.0 or mynamespace:cluster-api:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $coreNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: CoreProvider -metadata: - name: {{ $coreName }} - namespace: {{ $coreNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }} -spec: -{{- end}} -{{- if $coreVersion }} - version: {{ $coreVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }} - manager: - featureGates: - {{- range $key, $value := $.Values.manager.featureGates.core }} - {{ $key }}: {{ $value }} - {{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml deleted file mode 100644 index f8af47c..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "capi-operator.fullname" . }} - namespace: '{{ .Release.Namespace }}' - labels: - app: {{ template "capi-operator.name" . }} - app.kubernetes.io/name: {{ template "capi-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "controller" - control-plane: controller-manager - clusterctl.cluster.x-k8s.io/core: capi-operator - {{- with .Values.deploymentLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.deploymentAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "capi-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "controller" - control-plane: controller-manager - clusterctl.cluster.x-k8s.io/core: capi-operator - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - app: {{ template "capi-operator.name" . }} - app.kubernetes.io/name: {{ template "capi-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "controller" - control-plane: controller-manager - clusterctl.cluster.x-k8s.io/core: capi-operator - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: capi-operator-manager - automountServiceAccountToken: true - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - args: - {{- if .Values.logLevel }} - - --v={{ .Values.logLevel }} - {{- end }} - {{- if .Values.healthAddr }} - - --health-addr={{ .Values.healthAddr }} - {{- end }} - {{- if .Values.diagnosticsAddress }} - - --diagnostics-address={{ .Values.diagnosticsAddress }} - {{- end }} - {{- if .Values.insecureDiagnostics }} - - --insecure-diagnostics={{ .Values.insecureDiagnostics }} - {{- end }} - {{- if .Values.watchConfigSecret }} - - --watch-configsecret - {{- end }} - {{- with .Values.leaderElection }} - - --leader-elect={{ .enabled }} - {{- if .leaseDuration }} - - --leader-elect-lease-duration={{ .leaseDuration }} - {{- end }} - {{- if .renewDeadline }} - - --leader-elect-renew-deadline={{ .renewDeadline }} - {{- end }} - {{- if .retryPeriod }} - - --leader-elect-retry-period={{ .retryPeriod }} - {{- end }} - {{- end }} - command: - - /manager - {{- with .Values.image.manager }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} - imagePullPolicy: {{ .Values.image.manager.pullPolicy }} - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - {{- if $.Values.diagnosticsAddress }} - {{- $diagnosticsPort := $.Values.diagnosticsAddress }} - {{- if contains ":" $diagnosticsPort -}} - {{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }} - {{- end }} - - containerPort: {{ $diagnosticsPort | int }} - name: metrics - protocol: TCP - {{- end }} - {{- with .Values.resources.manager }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.env.manager }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.containerSecurityContext.manager }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumeMounts.manager }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - terminationMessagePolicy: FallbackToLogsOnError - {{- $healthAddr := $.Values.healthAddr }} - {{- if contains ":" $healthAddr -}} - {{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }} - {{- end }} - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: {{ $healthAddr | default 9440 }} - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 20 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: {{ $healthAddr | default 9440 }} - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationGracePeriodSeconds: 10 - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podDnsPolicy }} - dnsPolicy: {{ . }} - {{- end }} - {{- with .Values.podDnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml deleted file mode 100644 index 2b38694..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.infrastructure }} - -# Deploy bootstrap, and infrastructure components if not specified -{{- if not .Values.bootstrap }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: capi-kubeadm-bootstrap-system ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: BootstrapProvider -metadata: - name: kubeadm - namespace: capi-kubeadm-bootstrap-system - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- with .Values.configSecret }} -spec: - configSecret: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} -{{- end }} -{{- end }} - -{{- if not .Values.controlPlane }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: capi-kubeadm-control-plane-system ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: ControlPlaneProvider -metadata: - name: kubeadm - namespace: capi-kubeadm-control-plane-system - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- with .Values.configSecret }} -spec: -{{- if $.Values.manager }} -{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }} - manager: - featureGates: - {{- range $key, $value := $.Values.manager.featureGates.kubeadm }} - {{ $key }}: {{ $value }} - {{- end }} -{{- end }} -{{- end }} - configSecret: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} -{{- end }} -{{- end }} - -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml deleted file mode 100644 index 1a183e0..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Infrastructure providers -{{- if .Values.infrastructure }} -{{- $infrastructures := split ";" .Values.infrastructure }} -{{- $infrastructureNamespace := "" }} -{{- $infrastructureName := "" }} -{{- $infrastructureVersion := "" }} -{{- range $infrastructure := $infrastructures }} -{{- $infrastructureArgs := split ":" $infrastructure }} -{{- $infrastructureArgsLen := len $infrastructureArgs }} -{{- if eq $infrastructureArgsLen 3 }} - {{- $infrastructureNamespace = $infrastructureArgs._0 }} - {{- $infrastructureName = $infrastructureArgs._1 }} - {{- $infrastructureVersion = $infrastructureArgs._2 }} -{{- else if eq $infrastructureArgsLen 2 }} - {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }} - {{- $infrastructureName = $infrastructureArgs._0 }} - {{- $infrastructureVersion = $infrastructureArgs._1 }} -{{- else if eq $infrastructureArgsLen 1 }} - {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }} - {{- $infrastructureName = $infrastructureArgs._0 }} -{{- else }} - {{- fail "infrastructure provider argument should have the following format aws:v1.0.0 or mynamespace:aws:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $infrastructureNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: InfrastructureProvider -metadata: - name: {{ $infrastructureName }} - namespace: {{ $infrastructureNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} -spec: -{{- end }} -{{- if $infrastructureVersion }} - version: {{ $infrastructureVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }} - manager: -{{- range $key, $value := $.Values.manager.featureGates }} - {{- if eq $key $infrastructureName }} - featureGates: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }} -{{- range $key, $value := $.Values.fetchConfig }} - {{- if eq $key $infrastructureName }} - fetchConfig: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- if $.Values.additionalDeployments }} - additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml deleted file mode 100644 index f3b7311..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# IPAM providers -{{- if .Values.ipam }} -{{- $ipams := split ";" .Values.ipam }} -{{- $ipamNamespace := "" }} -{{- $ipamName := "" }} -{{- $ipamVersion := "" }} -{{- range $ipam := $ipams }} -{{- $ipamArgs := split ":" $ipam }} -{{- $ipamArgsLen := len $ipamArgs }} -{{- if eq $ipamArgsLen 3 }} - {{- $ipamNamespace = $ipamArgs._0 }} - {{- $ipamName = $ipamArgs._1 }} - {{- $ipamVersion = $ipamArgs._2 }} -{{- else if eq $ipamArgsLen 2 }} - {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} - {{- $ipamName = $ipamArgs._0 }} - {{- $ipamVersion = $ipamArgs._1 }} -{{- else if eq $ipamArgsLen 1 }} - {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} - {{- $ipamName = $ipamArgs._0 }} -{{- else }} - {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $ipamNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: IPAMProvider -metadata: - name: {{ $ipamName }} - namespace: {{ $ipamNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} -spec: -{{- end }} -{{- if $ipamVersion }} - version: {{ $ipamVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }} - manager: -{{- range $key, $value := $.Values.manager.featureGates }} - {{- if eq $key $ipamName }} - featureGates: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- if $.Values.additionalDeployments }} - additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml deleted file mode 100644 index c04c850..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml +++ /dev/null @@ -1,28753 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: addonproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: AddonProvider - listKind: AddonProviderList - plural: addonproviders - shortNames: - - caap - singular: addonprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: AddonProvider is the Schema for the addonproviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AddonProviderSpec defines the desired state of AddonProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: AddonProviderStatus defines the observed state of AddonProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: bootstrapproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: BootstrapProvider - listKind: BootstrapProviderList - plural: bootstrapproviders - shortNames: - - cabp - singular: bootstrapprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - BootstrapProvider is the Schema for the bootstrapproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BootstrapProviderSpec defines the desired state of BootstrapProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: BootstrapProviderStatus defines the observed state of BootstrapProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: BootstrapProvider is the Schema for the bootstrapproviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BootstrapProviderSpec defines the desired state of BootstrapProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: BootstrapProviderStatus defines the observed state of BootstrapProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: controlplaneproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: ControlPlaneProvider - listKind: ControlPlaneProviderList - plural: controlplaneproviders - shortNames: - - cacpp - singular: controlplaneprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - ControlPlaneProvider is the Schema for the controlplaneproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: ControlPlaneProviderStatus defines the observed state of - ControlPlaneProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ControlPlaneProvider is the Schema for the controlplaneproviders - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: ControlPlaneProviderStatus defines the observed state of - ControlPlaneProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: coreproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: CoreProvider - listKind: CoreProviderList - plural: coreproviders - shortNames: - - cacp - singular: coreprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - CoreProvider is the Schema for the coreproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CoreProviderSpec defines the desired state of CoreProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: CoreProviderStatus defines the observed state of CoreProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: CoreProvider is the Schema for the coreproviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CoreProviderSpec defines the desired state of CoreProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: CoreProviderStatus defines the observed state of CoreProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: infrastructureproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: InfrastructureProvider - listKind: InfrastructureProviderList - plural: infrastructureproviders - shortNames: - - caip - singular: infrastructureprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - InfrastructureProvider is the Schema for the infrastructureproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: InfrastructureProviderStatus defines the observed state of - InfrastructureProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: InfrastructureProvider is the Schema for the infrastructureproviders - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: InfrastructureProviderStatus defines the observed state of - InfrastructureProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: ipamproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: IPAMProvider - listKind: IPAMProviderList - plural: ipamproviders - shortNames: - - caipamp - singular: ipamprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: IPAMProvider is the Schema for the IPAMProviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAMProviderSpec defines the desired state of IPAMProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: IPAMProviderStatus defines the observed state of IPAMProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: runtimeextensionproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: RuntimeExtensionProvider - listKind: RuntimeExtensionProviderList - plural: runtimeextensionproviders - shortNames: - - carep - singular: runtimeextensionprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: RuntimeExtensionProvider is the Schema for the RuntimeExtensionProviders - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RuntimeExtensionProviderSpec defines the desired state of - RuntimeExtensionProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: RuntimeExtensionProviderStatus defines the observed state - of RuntimeExtensionProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-manager - namespace: '{{ .Release.Namespace }}' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-leader-election-role - namespace: '{{ .Release.Namespace }}' -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-manager-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-leader-election-rolebinding - namespace: '{{ .Release.Namespace }}' -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: capi-operator-manager - namespace: '{{ .Release.Namespace }}' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-operator-manager-role -subjects: -- kind: ServiceAccount - name: capi-operator-manager - namespace: '{{ .Release.Namespace }}' ---- -apiVersion: v1 -kind: Service -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - clusterctl.cluster.x-k8s.io/core: capi-operator - control-plane: controller-manager ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-serving-cert - namespace: '{{ .Release.Namespace }}' -spec: - dnsNames: - - capi-operator-webhook-service.{{ .Release.Namespace }}.svc - - capi-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-operator-selfsigned-issuer - secretName: capi-operator-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-selfsigned-issuer - namespace: '{{ .Release.Namespace }}' -spec: - selfSigned: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-addonprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vaddonprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - addonproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vbootstrapprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - bootstrapproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcontrolplaneprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - controlplaneproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-coreprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcoreprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - coreproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vinfrastructureprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - infrastructureproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vipamprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - ipamproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vruntimeextensionprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - runtimeextensionproviders - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-addonprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vaddonprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - addonproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vbootstrapprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - bootstrapproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcontrolplaneprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - controlplaneproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-coreprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcoreprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - coreproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vinfrastructureprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - infrastructureproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vipamprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - ipamproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vruntimeextensionprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - runtimeextensionproviders - sideEffects: None diff --git a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml deleted file mode 100644 index c993acb..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# --- -# Cluster API provider options -core: "" -bootstrap: "" -controlPlane: "" -infrastructure: "" -ipam: "" -addon: "" -manager.featureGates: {} -fetchConfig: {} -# --- -# Common configuration secret options -configSecret: {} -# --- -# CAPI operator deployment options -logLevel: 2 -replicaCount: 1 -leaderElection: - enabled: true -image: - manager: - repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.18.1 - pullPolicy: IfNotPresent -env: - manager: [] -diagnosticsAddress: ":8443" -healthAddr: ":9440" -insecureDiagnostics: false -watchConfigSecret: false -imagePullSecrets: {} -resources: - manager: - limits: - cpu: 100m - memory: 150Mi - requests: - cpu: 100m - memory: 100Mi -containerSecurityContext: {} -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - ppc64le - - key: kubernetes.io/os - operator: In - values: - - linux -tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane -volumes: - - name: cert - secret: - defaultMode: 420 - secretName: capi-operator-webhook-service-cert -volumeMounts: - manager: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true -enableHelmHook: true diff --git a/rancher-turtles-chart/questions.yml b/rancher-turtles-chart/questions.yml index 7665187..26b0d60 100644 --- a/rancher-turtles-chart/questions.yml +++ b/rancher-turtles-chart/questions.yml @@ -8,11 +8,6 @@ questions: show_subquestion_if: true group: "Rancher Turtles Extra Settings" subquestions: - - variable: cluster-api-operator.cert-manager.enabled - default: false - type: boolean - description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually." - label: "Enable Cert Manager" - variable: turtlesUI.enabled default: false type: boolean @@ -35,6 +30,12 @@ questions: type: boolean label: Enable Agent TLS Mode group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.no-cert-manager.enabled + default: false + description: "[ALPHA] If enabled Turtles will remove cert-manager." + type: boolean + label: Remove cert-manager + group: "Rancher Turtles Features Settings" - variable: rancherTurtles.kubectlImage default: "registry.suse.com/edge/3.3/kubectl:1.32.4" description: "Specify the image to use when running kubectl in jobs." diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml index e2d4b02..f1d9fa4 100644 --- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml +++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml @@ -6,11 +6,22 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: + enableAutomaticUpdate: true type: addon additionalManifests: name: fleet-addon-config namespace: '{{ .Values.rancherTurtles.namespace }}' +{{- if or (index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector" }} + {{- end }} +{{- end }} --- apiVersion: v1 kind: ConfigMap @@ -20,6 +31,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep data: manifests: |- apiVersion: addons.cluster.x-k8s.io/v1alpha1 @@ -58,3 +70,16 @@ data: matchExpressions: - key: cluster-api.cattle.io/disable-fleet-auto-import operator: DoesNotExist + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cappf-controller-psa + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-psa + subjects: + - kind: ServiceAccount + name: caapf-controller-manager + namespace: {{ .Values.rancherTurtles.namespace }} diff --git a/rancher-turtles-chart/templates/clusterctl-config.yaml b/rancher-turtles-chart/templates/clusterctl-config.yaml index 3fe56dd..2c1ac95 100644 --- a/rancher-turtles-chart/templates/clusterctl-config.yaml +++ b/rancher-turtles-chart/templates/clusterctl-config.yaml @@ -1,34 +1,5 @@ -{{- if index .Values "cluster-api-operator" "enabled" }} apiVersion: v1 kind: ConfigMap metadata: name: clusterctl-config - namespace: '{{ .Values.rancherTurtles.namespace }}' -data: - clusterctl.yaml: | - providers: - # Cluster API core provider - - name: "cluster-api" - url: "https://github.com/kubernetes-sigs/cluster-api/releases/v1.7.5/core-components.yaml" - type: "CoreProvider" - - # Infrastructure providers - - name: "metal3" - url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.1/infrastructure-components.yaml" - type: "InfrastructureProvider" - - # Bootstrap providers - - name: "rke2" - url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/bootstrap-components.yaml" - type: "BootstrapProvider" - - # ControlPlane providers - - name: "rke2" - url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/control-plane-components.yaml" - type: "ControlPlaneProvider" - - # Addon providers -# - name: "fleet" -# url: "https://github.com/rancher-sandbox/cluster-api-addon-provider-fleet/releases/v0.3.1/addon-components.yaml" -# type: "AddonProvider" -{{- end }} + namespace: '{{ .Values.rancherTurtles.namespace }}' \ No newline at end of file diff --git a/rancher-turtles-chart/templates/core-provider.yaml b/rancher-turtles-chart/templates/core-provider.yaml index d4e7dbf..921b1cd 100644 --- a/rancher-turtles-chart/templates/core-provider.yaml +++ b/rancher-turtles-chart/templates/core-provider.yaml @@ -22,7 +22,10 @@ metadata: spec: name: cluster-api type: core - version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }} + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "core" "enableAutomaticUpdate" }} +{{- if index .Values "cluster-api-operator" "cluster-api" "core" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "core" "version" }} +{{- end }} additionalManifests: name: capi-additional-rbac-roles namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} diff --git a/rancher-turtles-chart/templates/deployment.yaml b/rancher-turtles-chart/templates/deployment.yaml index 95f61c4..169f42d 100644 --- a/rancher-turtles-chart/templates/deployment.yaml +++ b/rancher-turtles-chart/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: containers: - args: - --leader-elect - - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}} + - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}},no-cert-manager={{ index .Values "rancherTurtles" "features" "no-cert-manager" "enabled"}} {{- range .Values.rancherTurtles.managerArguments }} - {{ . }} {{- end }} @@ -67,12 +67,20 @@ spec: resources: limits: cpu: 500m - memory: 256Mi + memory: 300Mi requests: cpu: 10m memory: 128Mi + {{- with .Values.rancherTurtles.volumeMounts.manager }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} serviceAccountName: rancher-turtles-manager terminationGracePeriodSeconds: 10 + {{- with .Values.rancherTurtles.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master diff --git a/rancher-turtles-chart/templates/metal3-infrastructure.yaml b/rancher-turtles-chart/templates/metal3-infrastructure.yaml index e06700c..fa701b0 100644 --- a/rancher-turtles-chart/templates/metal3-infrastructure.yaml +++ b/rancher-turtles-chart/templates/metal3-infrastructure.yaml @@ -1,5 +1,6 @@ {{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "metal3" "enabled") }} {{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} +{{- $ipamnamespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} {{- if not (lookup "v1" "Namespace" "" $namespace) }} --- apiVersion: v1 @@ -8,8 +9,20 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} {{- end }} +{{- if not (lookup "v1" "Namespace" "" $ipamnamespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep + name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} +{{- end }} --- apiVersion: turtles-capi.cattle.io/v1alpha1 kind: ClusterctlConfig @@ -22,8 +35,11 @@ metadata: spec: providers: - name: metal3 - url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml" + url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.10.2/infrastructure-components.yaml" type: InfrastructureProvider + - name: metal3ipam + url: "https://github.com/rancher-sandbox/ip-address-manager/releases/v1.10.2/ipam-components.yaml" + type: IPAMProvider --- apiVersion: turtles-capi.cattle.io/v1alpha1 kind: CAPIProvider @@ -33,6 +49,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: metal3 type: infrastructure @@ -59,11 +76,42 @@ spec: containers: - name: manager imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }} - additionalDeployments: - ipam-controller-manager: - deployment: - containers: - - imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} - name: manager +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: metal3ipam + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep +spec: + name: metal3ipam + type: ipam +{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} {{- end }} {{- end }} diff --git a/rancher-turtles-chart/templates/operator-crds.yaml b/rancher-turtles-chart/templates/operator-crds.yaml new file mode 100644 index 0000000..581cf14 --- /dev/null +++ b/rancher-turtles-chart/templates/operator-crds.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + name: rancher-turtles-operator-admin +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' diff --git a/rancher-turtles-chart/templates/post-upgrade-job.yaml b/rancher-turtles-chart/templates/post-upgrade-job.yaml index b19a86e..e6b10af 100644 --- a/rancher-turtles-chart/templates/post-upgrade-job.yaml +++ b/rancher-turtles-chart/templates/post-upgrade-job.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -11,23 +10,38 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: post-upgrade-job-delete-clusters + name: post-upgrade-job-delete-capi-operator-resources annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "1" rules: - apiGroups: - - provisioning.cattle.io + - operator.cluster.x-k8s.io resources: - - clusters + - addonproviders + - bootstrapproviders + - controlplaneproviders + - coreproviders + - infrastructureproviders + - ipamproviders + - runtimeextensionproviders verbs: + - get + - watch - list - delete + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: post-upgrade-job-delete-clusters + name: post-upgrade-job-capi-operator-resources-cleanup annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "1" @@ -37,13 +51,51 @@ subjects: namespace: '{{ .Values.rancherTurtles.namespace }}' roleRef: kind: ClusterRole - name: post-upgrade-job-delete-clusters + name: post-upgrade-job-delete-capi-operator-resources apiGroup: rbac.authorization.k8s.io --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-api-operator-resources-cleanup-script + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +data: + cleanup.sh: | + #!/usr/bin/env bash + + set -euo pipefail + + remove_finalizers_and_delete() { + local resource_type="$1" + if kubectl get crd $resource_type > /dev/null 2>&1; then + kubectl get $resource_type --all-namespaces --no-headers --ignore-not-found | awk '{print $1 " " $2}' | xargs -r -n2 bash -c 'kubectl patch '"${resource_type}"' "$1" -n "$0" --type merge -p "{\"metadata\":{\"finalizers\":null}}"' + kubectl delete $resource_type --all --all-namespaces + else + echo "Resource type $resource_type does not exist, skipping cleanup." + fi + } + + resource_types=( + "addonproviders.operator.cluster.x-k8s.io" + "bootstrapproviders.operator.cluster.x-k8s.io" + "controlplaneproviders.operator.cluster.x-k8s.io" + "coreproviders.operator.cluster.x-k8s.io" + "infrastructureproviders.operator.cluster.x-k8s.io" + "ipamproviders.operator.cluster.x-k8s.io" + "runtimeextensionproviders.operator.cluster.x-k8s.io" + ) + + for resource_type in "${resource_types[@]}"; do + remove_finalizers_and_delete "$resource_type" + done +--- apiVersion: batch/v1 kind: Job metadata: - name: post-upgrade-delete-clusters + name: cluster-api-operator-resources-cleanup namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": post-upgrade @@ -54,13 +106,19 @@ spec: spec: serviceAccountName: post-upgrade-job containers: - - name: post-upgrade-delete-clusters - image: {{ index .Values "rancherTurtles" "kubectlImage" }} + - name: cluster-api-operator-resources-cleanup + image: {{ index .Values "rancherTurtles" "shellImage" }} + command: ["/bin/bash"] args: - - delete - - clusters.provisioning.cattle.io - - --selector=cluster-api.cattle.io/owned - - -A - - --ignore-not-found=true - - --wait - restartPolicy: OnFailure + - "-c" + - "/scripts/cleanup.sh" + volumeMounts: + - name: script + mountPath: /scripts + volumes: + - name: script + configMap: + name: cluster-api-operator-resources-cleanup-script + defaultMode: 0777 + restartPolicy: Never +--- \ No newline at end of file diff --git a/rancher-turtles-chart/templates/pre-delete-job.yaml b/rancher-turtles-chart/templates/pre-delete-job.yaml index c099b9f..a4d591c 100644 --- a/rancher-turtles-chart/templates/pre-delete-job.yaml +++ b/rancher-turtles-chart/templates/pre-delete-job.yaml @@ -59,9 +59,11 @@ spec: image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - - capiproviders - - -A - - --all + - capiprovider + - cluster-api + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + - --ignore-not-found=true - --cascade=foreground restartPolicy: Never {{- end }} diff --git a/rancher-turtles-chart/templates/rancher-turtles-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-components.yaml index 0ce7aaf..a083131 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-components.yaml @@ -1301,6 +1301,13 @@ spec: description: Manager defines the properties that can be enabled on the controller manager for the additional provider deployment. properties: + additionalArgs: + additionalProperties: + type: string + description: |- + AdditionalArgs is a map of additional options that will be passed + in as container args to the provider's controller manager. + type: object cacheNamespace: description: |- CacheNamespace if specified restricts the manager's cache to watch objects in @@ -1436,7 +1443,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains thw controller metrics configuration + description: Metrics contains the controller metrics configuration properties: bindAddress: description: |- @@ -2775,6 +2782,10 @@ spec: type: object type: array type: object + enableAutomaticUpdate: + description: EnableAutomaticUpdate can be used to automatically update + the CAPIProvider to a newest version. + type: boolean features: description: Features is a collection of features to enable. example: @@ -2875,6 +2886,13 @@ spec: description: Manager defines the properties that can be enabled on the controller manager for the provider. properties: + additionalArgs: + additionalProperties: + type: string + description: |- + AdditionalArgs is a map of additional options that will be passed + in as container args to the provider's controller manager. + type: object cacheNamespace: description: |- CacheNamespace if specified restricts the manager's cache to watch objects in @@ -3009,7 +3027,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains thw controller metrics configuration + description: Metrics contains the controller metrics configuration properties: bindAddress: description: |- @@ -3118,27 +3136,32 @@ spec: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -3148,6 +3171,8 @@ spec: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3417,7 +3442,6 @@ rules: - update - apiGroups: - infrastructure.cluster.x-k8s.io - - operator.cluster.x-k8s.io resources: - '*' verbs: diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml index 657e22e..c35a8be 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml @@ -181,27 +181,32 @@ spec: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -211,6 +216,8 @@ spec: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime diff --git a/rancher-turtles-chart/templates/rke2-bootstrap.yaml b/rancher-turtles-chart/templates/rke2-bootstrap.yaml index 097b31e..a7bc706 100644 --- a/rancher-turtles-chart/templates/rke2-bootstrap.yaml +++ b/rancher-turtles-chart/templates/rke2-bootstrap.yaml @@ -8,6 +8,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} {{- end }} --- @@ -19,9 +20,11 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: rke2 type: bootstrap + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }} {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} {{- end }} diff --git a/rancher-turtles-chart/templates/rke2-controlplane.yaml b/rancher-turtles-chart/templates/rke2-controlplane.yaml index 8e2866a..3aaff9b 100644 --- a/rancher-turtles-chart/templates/rke2-controlplane.yaml +++ b/rancher-turtles-chart/templates/rke2-controlplane.yaml @@ -8,6 +8,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} {{- end }} --- @@ -19,9 +20,11 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: rke2 type: controlPlane + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }} {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} {{- end }} diff --git a/rancher-turtles-chart/values.schema.json b/rancher-turtles-chart/values.schema.json index 419a833..e7d37a1 100644 --- a/rancher-turtles-chart/values.schema.json +++ b/rancher-turtles-chart/values.schema.json @@ -62,7 +62,7 @@ }, "kubectlImage": { "type": "string", - "default": "registry.k8s.io/kubernetes/kubectl:v1.30.0", + "default": "registry.k8s.io/kubernetes/kubectl:v1.31.4", "description": "Image for kubectl tasks." }, "features": { @@ -155,86 +155,30 @@ } } } - } - } - }, - "cluster-api-operator": { - "type": "object", - "description": "Manages Cluster API components.", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "description": "Turn on or off." - }, - "cert-manager": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "description": "Turn on or off." - } - } }, "volumes": { "type": "array", - "description": "Volumes for operator pods (certs, config).", + "description": "Volumes for controller pods.", "items": { "type": "object", - "oneOf": [ - { - "required": ["name", "secret"], - "properties": { - "name": { "type": "string" }, - "secret": { - "type": "object", - "properties": { - "defaultMode": { - "type": "integer", - "default": 420, - "description": "File permissions." - }, - "secretName": { - "type": "string", - "default": "capi-operator-webhook-service-cert", - "description": "Secret for webhook certs." - } - } - } - } + "required": [ + "name", + "configMap" + ], + "properties": { + "name": { + "type": "string" }, - { - "required": ["name", "configMap"], + "configMap": { + "type": "object", "properties": { - "name": { "type": "string" }, - "configMap": { - "type": "object", - "properties": { - "name": { - "type": "string", - "default": "clusterctl-config", - "description": "ConfigMap for clusterctl." - } - } + "name": { + "type": "string", + "default": "clusterctl-config", + "description": "ConfigMap for clusterctl." } } } - ] - } - }, - "image": { - "type": "object", - "properties": { - "manager": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "default": "registry.rancher.com/rancher/cluster-api-operator", - "description": "Image repo." - } - } } } }, @@ -258,43 +202,13 @@ } } } - }, - "resources": { - "type": "object", - "properties": { - "manager": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "description": "CPU limit." - }, - "memory": { - "type": "string", - "description": "Memory limit." - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "description": "CPU request." - }, - "memory": { - "type": "string", - "description": "Memory request." - } - } - } - } - } - } - }, + } + } + }, + "cluster-api-operator": { + "type": "object", + "description": "Manages Cluster API components.", + "properties": { "cleanup": { "type": "boolean", "default": true, @@ -343,6 +257,16 @@ "url": { "type": "string", "default": "" }, "selector": { "type": "string", "default": "" } } + }, + "enableAutomaticUpdates": { + "type": "boolean", + "default": true, + "description": "Allow the provider to update automatically when a new Turtles version is installed." + }, + "version": { + "type": "string", + "default": "", + "description": "CAPI core provider version." } } }, @@ -359,6 +283,11 @@ "default": "", "description": "RKE2 version." }, + "enableAutomaticUpdates": { + "type": "boolean", + "default": true, + "description": "Allow the provider to update automatically when a new Turtles version is installed." + }, "bootstrap": { "type": "object", "properties": { diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index d15d11a..4c84556 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -9,8 +9,8 @@ turtlesUI: rancherTurtles: # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.21.0 - imageVersion: v0.21.0 + # imageVersion: v0.24.3 + imageVersion: v0.24.3 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # namespace: Select namespace for Turtles to run. @@ -23,6 +23,8 @@ rancherTurtles: rancherInstalled: false # kubectlImage: Image for kubectl tasks. kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4" + # shellImage: Image for shell tasks. + shellImage: registry.rancher.com/rancher/kuberlr-kubectl:v5.0.0 # features: Optional and experimental features. features: # day2operations: Alpha feature. @@ -31,8 +33,8 @@ rancherTurtles: enabled: false # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.21.0 - imageVersion: v0.21.0 + # imageVersion: v0.24.3 + imageVersion: v0.24.3 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # etcdBackupRestore: Alpha feature. Manages etcd backup/restore. @@ -43,61 +45,33 @@ rancherTurtles: agent-tls-mode: # enabled: Turn on or off. enabled: true + # no-cert-manager: Alpha feature for cert-manager removal. + no-cert-manager: + # enabled: Turn on or off. + enabled: false # clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet. clusterclass-operations: # enabled: Turn on or off. enabled: false # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.21.0 - imageVersion: v0.21.0 + # imageVersion: v0.24.3 + imageVersion: v0.24.3 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent + # volumes: Volumes for controller pods. + volumes: + - name: clusterctl-config + configMap: + name: clusterctl-config + # volumeMounts: Volume mounts for controller pods. + volumeMounts: + manager: + - mountPath: /config + name: clusterctl-config # cluster-api-operator: Manages Cluster API components. cluster-api-operator: - # enabled: Turn on or off. - enabled: true - # cert-manager: Cert-manager integration. - cert-manager: - # enabled: Turn on or off. - enabled: false - # volumes: Volumes for operator pods (certs, config). - volumes: - - name: cert - secret: - # defaultMode: File permissions. - defaultMode: 420 - # secretName: Secret for webhook certs. - secretName: capi-operator-webhook-service-cert - - name: clusterctl-config - configMap: - # name: ConfigMap for clusterctl. - name: clusterctl-config - resources: - manager: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 100Mi - # image: registry.rancher.com/rancher/rancher/turtles - image: - manager: - # repository: Image repo. - repository: registry.rancher.com/rancher/cluster-api-operator - # volumeMounts: Mount volumes to pods. - volumeMounts: - manager: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - # readOnly: Mount as read-only. - readOnly: true - - mountPath: /config - name: clusterctl-config - # readOnly: Mount as read-only. - readOnly: true # cleanup: Enable cleanup tasks. cleanup: true # cluster-api: Cluster API component settings. @@ -114,6 +88,10 @@ cluster-api-operator: core: # namespace: Core component namespace. namespace: capi-system + # version: Core ClusterAPI version. + version: "" + # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed. + enableAutomaticUpdate: true # imageUrl: Custom image URL. imageUrl: "" # fetchConfig: Config fetching settings. @@ -127,7 +105,9 @@ cluster-api-operator: # enabled: Turn on or off. enabled: true # version: RKE2 version. - version: "v0.18.0" + version: "" + # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed. + enableAutomaticUpdate: true # bootstrap: RKE2 bootstrap provider. bootstrap: # namespace: Bootstrap namespace. @@ -154,13 +134,21 @@ cluster-api-operator: selector: "" metal3: enabled: true - version: "v1.9.4" + version: "v1.10.2" infrastructure: namespace: capm3-system - imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.4" + imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2" fetchConfig: url: "" selector: "" ipam: - namespace: capm3-system - imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.4" + namespace: metal3-ipam-system + imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.10.2" + fetchConfig: + url: "" + selector: "" + fleet: + addon: + fetchConfig: + url: "" + selector: "" diff --git a/release-manifest-image/Dockerfile b/release-manifest-image/Dockerfile index a959c3d..09a38f9 100644 --- a/release-manifest-image/Dockerfile +++ b/release-manifest-image/Dockerfile @@ -1,4 +1,4 @@ -#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.0 +#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.1 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION @@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SUSE Edge Release Manifest" LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release" -LABEL org.opencontainers.image.version="3.4.0" +LABEL org.opencontainers.image.version="3.4.1" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.0" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.1" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/release-manifest-image/release_images.yaml b/release-manifest-image/release_images.yaml index 74d6ecf..61b7259 100644 --- a/release-manifest-image/release_images.yaml +++ b/release-manifest-image/release_images.yaml @@ -1,64 +1,65 @@ images: - - name: quay.io/jetstack/cert-manager-cainjector:v1.14.2 - - name: quay.io/jetstack/cert-manager-controller:v1.14.2 - - name: quay.io/jetstack/cert-manager-webhook:v1.14.2 - - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250507 - - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250509 - - name: registry.rancher.com/rancher/hardened-coredns:v1.12.1-build20250507 - - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250411 - - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.7.2-build20250507 - - name: registry.rancher.com/rancher/hardened-kubernetes:v1.32.5-rke2r1-build20250515 - - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.0-build20250326 - - name: registry.rancher.com/rancher/klipper-helm:v0.9.5-build20250306 - - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.3 - - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.3 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.13.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.2.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.13.2 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.2.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.15.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0 - - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.4 - - name: registry.rancher.com/rancher/neuvector-controller:5.4.3 - - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.3 - - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.1-hardened6 - - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.9.1.1 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.10.2.1 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5 - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9 - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 - - name: registry.rancher.com/rancher/cluster-api-operator:v0.17.0 - - name: registry.rancher.com/rancher/fleet-agent:v0.12.3 - - name: registry.rancher.com/rancher/fleet:v0.12.3 + - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2 + - name: quay.io/jetstack/cert-manager-controller:v1.18.2 + - name: quay.io/jetstack/cert-manager-webhook:v1.18.2 + - name: registry.k8s.io/e2e-test-images/agnhost:2.39 + - name: registry.rancher.com/rancher/fleet-agent:v0.13.2 + - name: registry.rancher.com/rancher/fleet:v0.13.2 + - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250909 + - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.8.0-build20250909 + - name: registry.rancher.com/rancher/hardened-coredns:v1.12.3-build20250909 + - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250910 + - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250909 + - name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.5-rke2r1-build20250910 + - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.2-build20250909 - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425 - - name: registry.rancher.com/rancher/rancher-webhook:v0.7.2 - - name: registry.rancher.com/rancher/rancher/turtles:v0.20.0 - - name: registry.rancher.com/rancher/rancher:v2.11.2 - - name: registry.rancher.com/rancher/shell:v0.4.1 - - name: registry.rancher.com/rancher/system-upgrade-controller:v0.15.2 - - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.10.0 - - name: registry.suse.com/rancher/cluster-api-controller:v1.9.5 - - name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3 - - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1 - - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.16.1 - - name: registry.suse.com/rancher/elemental-operator:1.6.8 + - name: registry.rancher.com/rancher/klipper-helm:v0.9.8-build20250709 + - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.18.1 + - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.18.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.9.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.14.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.3.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.14.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.3.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.16.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0 + - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.7 + - name: registry.rancher.com/rancher/neuvector-controller:5.4.6 + - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.6 + - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.6-hardened1 + - name: registry.rancher.com/rancher/rancher-webhook:v0.8.2 + - name: registry.rancher.com/rancher/rancher/turtles:v0.24.3 + - name: registry.rancher.com/rancher/rancher:v2.12.2 + - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908 + - name: registry.rancher.com/rancher/scc-operator:v0.2.1 + - name: registry.rancher.com/rancher/shell:v0.5.0 + - name: registry.rancher.com/rancher/system-upgrade-controller:v0.16.0 + - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.11.0 + - name: registry.suse.com/rancher/cluster-api-controller:v1.10.5 + - name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2 + - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1 + - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1 + - name: registry.suse.com/rancher/elemental-operator:1.7.3 - name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425 - - name: registry.suse.com/rancher/ip-address-manager:v1.9.4 - - name: registry.suse.com/suse/sles/15.6/cdi-apiserver:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/cdi-controller:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/cdi-operator:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/cdi-uploadproxy:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/virt-api:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-controller:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-handler:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-launcher:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-operator:1.4.0-150600.5.15.1 + - name: registry.suse.com/rancher/ip-address-manager:v1.10.2 + - name: registry.suse.com/suse/sles/15.7/cdi-apiserver:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/cdi-controller:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/cdi-operator:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/cdi-uploadproxy:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/virt-api:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-controller:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-handler:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-launcher:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-operator:1.5.2-150700.3.5.2 diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index aeed249..29e85db 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -1,13 +1,13 @@ apiVersion: lifecycle.suse.com/v1alpha1 kind: ReleaseManifest metadata: - name: release-manifest-3-4-0 + name: release-manifest-3-4-1 spec: - releaseVersion: 3.4.0 + releaseVersion: 3.4.1 components: kubernetes: k3s: - version: v1.33.3+k3s1 + version: v1.33.5+k3s1 coreComponents: - name: traefik-crd version: 34.2.1+up34.2.0 @@ -23,42 +23,42 @@ spec: - name: coredns containers: - name: coredns - image: rancher/mirrored-coredns-coredns:1.12.1 + image: rancher/mirrored-coredns-coredns:1.12.3 type: Deployment - name: metrics-server containers: - name: metrics-server - image: rancher/mirrored-metrics-server:v0.7.2 + image: rancher/mirrored-metrics-server:v0.8.0 type: Deployment rke2: - version: v1.33.3+rke2r1 + version: v1.33.5+rke2r1 coreComponents: - name: rke2-cilium - version: 1.17.600 + version: 1.18.103 type: HelmChart - name: rke2-canal - version: v3.30.2-build2025071100 + version: v3.30.3-build2025090900 type: HelmChart - name: rke2-calico-crd - version: v3.30.100 + version: v3.30.300 type: HelmChart - name: rke2-calico - version: v3.30.100 + version: v3.30.300 type: HelmChart - name: rke2-coredns - version: 1.42.302 + version: 1.43.302 type: HelmChart - name: rke2-ingress-nginx - version: 4.12.401 + version: 4.12.600 type: HelmChart - name: rke2-metrics-server - version: 3.12.203 + version: 3.13.001 type: HelmChart - name: rancher-vsphere-csi - version: 3.3.1-rancher1000 + version: 3.5.0-rancher100 type: HelmChart - name: rancher-vsphere-cpi - version: 1.11.000 + version: 1.12.100 type: HelmChart - name: harvester-cloud-provider version: 0.2.1000 @@ -89,7 +89,7 @@ spec: - prettyName: Rancher releaseName: rancher chart: rancher - version: 2.12.1 + version: 2.12.2 repository: https://charts.rancher.com/server-charts/prime values: postDelete: @@ -97,12 +97,12 @@ spec: - prettyName: Longhorn releaseName: longhorn chart: longhorn - version: 107.0.0+up1.9.1 + version: 107.1.0+up1.9.1 repository: https://charts.rancher.io dependencyCharts: - releaseName: longhorn-crd chart: longhorn-crd - version: 107.0.0+up1.9.1 + version: 107.1.0+up1.9.1 repository: https://charts.rancher.io - prettyName: MetalLB releaseName: metallb @@ -123,12 +123,12 @@ spec: - prettyName: NeuVector releaseName: neuvector chart: neuvector - version: 107.0.0+up2.8.7 + version: 107.0.1+up2.8.8 repository: https://charts.rancher.io dependencyCharts: - releaseName: neuvector-crd chart: neuvector-crd - version: 107.0.0+up2.8.7 + version: 107.0.1+up2.8.8 repository: https://charts.rancher.io addonCharts: - releaseName: neuvector-ui-ext @@ -151,7 +151,7 @@ spec: - releaseName: elemental chart: elemental repository: https://github.com/rancher/ui-plugin-charts/raw/main - version: 3.0.0 + version: 3.0.1 - prettyName: SRIOV releaseName: sriov-network-operator chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator' @@ -171,12 +171,17 @@ spec: - prettyName: Metal3 releaseName: metal3 chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3' - version: '%%CHART_MAJOR%%.0.16+up0.12.6' + version: '%%CHART_MAJOR%%.0.19+up0.12.9' - prettyName: RancherTurtles releaseName: rancher-turtles chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles' - version: '%%CHART_MAJOR%%.0.5+up0.21.0' + version: '%%CHART_MAJOR%%.0.7+up0.24.3' - prettyName: RancherTurtlesAirgapResources releaseName: rancher-turtles-airgap-resources chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources' - version: '%%CHART_MAJOR%%.0.5+up0.21.0' + version: '%%CHART_MAJOR%%.0.7+up0.24.3' + - prettyName: CertManager + releaseName: cert-manager + chart: cert-manager + version: 1.18.2 + repository: https://charts.jetstack.io diff --git a/suse-edge-components-versions-image/Dockerfile b/suse-edge-components-versions-image/Dockerfile index be5b4db..00bb6fe 100644 --- a/suse-edge-components-versions-image/Dockerfile +++ b/suse-edge-components-versions-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.1.1 -#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.1.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.2 +#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.2-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -29,8 +29,8 @@ LABEL org.opencontainers.image.description="Gather and display component version LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/components-versions" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="0.1.1" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.1.1-%RELEASE%" +LABEL org.opencontainers.image.version="0.2.2" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.2-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024"